• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1325
  • Last Modified:

Front End Server and Inbound/Outbound SMTP Relay

I have a front end Exchange server running Exchange 2000 and two back-end Exchange 2000 Servers.  I have configured the SMTP Virtual Server on my front end server with a smart host - the IP Address of one of the back-end Exchange servers (for Inbound mail). I would like to forward all outbound mail from my back end servers to the front end server.  Do I require another NIC card so that I can create a second SMTP Virtual Server with a different IP address so that I can relay mail outbound?  or is there a way to configure the front end mail relay to send both inbound and outbound mail with one NIC and IP address?
0
wmorlett
Asked:
wmorlett
  • 3
  • 3
1 Solution
 
marc_nivensCommented:
If the servers are all part of the same routing group you do not need to setup smart hosts at all.  First, remove that setting.  Then, create an SMTP connector and set the local bridgehead to be the front end server.  If you inbound mail comes to the front end, it will automatically be delivered to the back end.  And which server you set as the local bridgehead on the SMTP connector will be the one that all of the outbound mail is sent through.
0
 
wmorlettAuthor Commented:
This worked great.  Is there anything else you recommend doing to secure the relay so that it cannot be used by others to relay mail?  I only want to receive mail inbound for one domain (mine) and want my two exchange servers (back-end servers) to be able to relay to this front end server.
0
 
marc_nivensCommented:
3 things you can do to secure relay:

1.  On the properties of the SMTP virtual server/2nd tab/relay - verify that only the list below is selected (and its empty) and the box is checked to allow authenticated users to relay
2.  On the properties of the SMTP connector, address space tab.  Make sure the box that says "allow relay to these domains" is unchecked for the * entry
3.  Make sure your admin users have strong passwords.  It's not uncommon for a spammer to try and crack the admin password so they can relay

If you do these things you will go a long ways toward preventing relay, and these steps will not affect mail flow from the back end servers to the internet or vice versa.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
wmorlettAuthor Commented:
Thank you.  This was quit different from 5.5 and I was a little thrown as how to accomplish this.  You've been of great assistance.  Kudos!!

Will
0
 
wmorlettAuthor Commented:
I do not support IMAP4 or POP3 on either of my back end servers so I've turned the services off on both my back end and front end server(s).  Since I don't support IMAP4 or POP3 can I disable the Information Store on my front end server?  
0
 
marc_nivensCommented:
No, the Information Store is required if mail is sent through that server (it does message conversion).  Also make sure you keep the mailbox store mounted as well.
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now