Solved

Question re outbound email delivery by Exchange 2003 behind Astaro software firewall

Posted on 2007-03-21
3
554 Views
Last Modified: 2013-11-16
--------------------------------------------------------------------------------

Hi there. I run Exchange 2003 behind the Astaro v6.304 software firewall. I outward deliver mail directly (i.e. do not use the smtp proxy) via two SMTP connectors in exchange.

One delivers mail via a smart host (ww.authsmtp.com) to avoid our outgoing mail being regarded as 'suspicious' by receiving servers. The other connector we use to deliver mail directly via DNS, as this one handles 'forwarded' mail; i.e. we send a copy of incoming mail to Blackberries, google mail etc. and obviously our smart host could not accept these emails as they are from thousands of different people (so we have to send them direct).

I tried the smtp proxy the other day. Using transparent mode. Not using the smart host.
1. incoming email is fine
2. outgoing email that goes via the DNS (direct) connector is fine
3. But outgoing email that was supposed to go via the smart host connector authsmtp.com can not be delivered by Exchange 2003 and remains in the queue.

What's the problem and what's the solution here? Do I have to tell my Exchange connector to deliver to the firewall (and not to authsmtp.com) and then confgure Astaro's smart host function for onward relay. If so, how will email I need to send NOT via authsmtp get handled by Astaro? (i.e can what have two ways of delivering outgoing email by Astaro?).

Hope there is a solution please!

Thanks ...
0
Comment
Question by:MPSmith4258
  • 2
3 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 18775192
I wouldn't recommend using any kind of SMTP proxy unless you configured Exchange to send all email via the proxy and then had the proxy server manage where the messages are flowing. In my experience the proxy servers in firewalls are not very good and cause significant problems with email delivery. In many cases I don't see the point in them.

Simon.
0
 

Author Comment

by:MPSmith4258
ID: 18798786
Thanks Simon. Appreciate your advice and won't use Astaro's proxy.
Can you recommend any software or techniques to easily view login (successful or failed) attemps on my open ports 25 and 443 that go to the IIS on my SBS2003? Astaro's IPS should alert me to exploit attacks, but I wondered how I could easily see if people are trying to login to https://secure.mydomain/exchange for example, etc. I deliberately remotely put in a lot of false user names and passwords on the OWA login screen, but at no point did it lock me out which is what I would have expected!!
Cheers!
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18800351
You were expecting IIS to lock you out after entering false usernames? It will not do that. The only thing it is capable of locking out is user accounts, when a valid user account is used.

IIS Logging will log attempts to login to the server. You will then something that can analyse those logs. It all depends on what you are doing, what you are looking for and what you intend to do with the results when you get them.

Simon.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
how to add IIS SMTP to handle application/Scanner relays into office 365.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now