Exchange 2003 integration with Barracuda Spam Filter via MX records


I have recently integrated a Barracuda with Exchange 2003 SP2 by way of MX record intercept, however I believe some creative genius seems to bypass the Barracuda and is still accessing the mail server.  Both the Barracuda and Exchange 2003 are behind the same PIX.  All MX references have been changed to the Barracuda, but still point to the Exchange server.

Currently the Exchange server config is as follows:
Route of mail from the world: Internet -> Barracuda -> Mail Server -> Email client [ex. Outlook]
Route of email to the world : Email client [ex. Outlook] -> Mail Server -> Barracuda -> Internet
(Mail Server -> Barracuda by way of a Smart Host forward on the Internet Mail SMTP Connector)

Email server is NOT an open relay.
Required authentication for incoming and outgoing on all email clients.

I would like to force the Exchange server to take incoming mail only from the Barracuda and allow an authenticated Email client [ex. Outlook] to Send/Receive mail to the Exchange Server directly.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gubman  i will mention a few facts that i am sure u are aware of
exchange in default installation sends and recieves on port 25....and if u try any other port it will refuse....ofcource it will accept on port 80 through OWA interface...
since u have a pix firewall then through ur ACCESS_LIST and STATIC entries
any info for port 25 is directed to barcuda and PIX will not allow any deviation...if it did then PIX(cisco) will be outa business....
now assuming someone tries send u emails on a diffrent port ....that must first pass the PIX security and assuming it does and directly connects to exchange then exchange must be listening on that port inorder to accept....and if exchange has one nic one IP and one virtual smtp server then it wont...
now lets assume u are right(i am sure u are since u can see the result)....then in my OPINION this person or persons bypassing ur BARACUDA are most likely using
OWA to access ur exchange(i have never seen a baracuda and not sure if it can
proxy port 80 like ISA)...
now to restric exchange to accept only from certain ip addresses then go to ur smtp virtual server |access|connection and enter the ip range and subnet mask of ur internal network...and see if that would help u....
also keep an eye on ur firewall logs and iis logs to see if u can find any unsuall activities and meanwhile force all ur users to change their password on the next logon

gubmanAuthor Commented:
Vahik, thanks for the info.  

The barracuda has a different IP address altogether.  I have to allow Email clients to speak to the server to pickup/drop-off mail and hold pending mail for delivery.  The Barracuda is simply a mail filter in this setup.  If I proceed via smtp virtual server |access|connection and enter the Barracuda's IP address I will block out all Email clients (just tested this side effect).  Before the Barracuda was put onto the network, all MX records pointed to the mail server and I have since updated them to point to the Barracuda instead.  The Static routes to the mail server still remain.  Technically no one is supposed to know of this change, but clearly someone does.  If someone was using the OWA interface, I would have a username in the logs, but that info is mysteriously not available :(
well in the connection section u could also add ur internal addresses ...
for instance  .....
u can also make other changes
take out STATIC for exchange(unless it is neccessary for ur company)
disable telnet on the exchange for all except admins for troubleshooting purpose.
make baracuda and exchange communicate on diffrent port....
this will not affect ur internal or external emails and clients....unless  u are allowing POP3 directly in to ur exchange from internal users...  then u must make adjustment in clients configuration.....
ask all users to change their password at next logon
make sure no smtp server is installed on ur client machines(this is not easy as far as i know....unless u could find a utility or app which will do it for u as painlessly as possible)...a while back someone here had a problem with exchange and he
found out one computer had smtp server installed besides EXCHAGE and was being used for sending emails...the way he figured it out was to telnet to all computers on their port see which ones answered back...

enable diagnostics logging for smtp...u will have plenty of info if busy network, so increase  allocated size for ur log files

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.