Question re outbound email delivery by Exchange 2003 behind Astaro software firewall

--------------------------------------------------------------------------------

Hi there. I run Exchange 2003 behind the Astaro v6.304 software firewall. I outward deliver mail directly (i.e. do not use the smtp proxy) via two SMTP connectors in exchange.

One delivers mail via a smart host (ww.authsmtp.com) to avoid our outgoing mail being regarded as 'suspicious' by receiving servers. The other connector we use to deliver mail directly via DNS, as this one handles 'forwarded' mail; i.e. we send a copy of incoming mail to Blackberries, google mail etc. and obviously our smart host could not accept these emails as they are from thousands of different people (so we have to send them direct).

I tried the smtp proxy the other day. Using transparent mode. Not using the smart host.
1. incoming email is fine
2. outgoing email that goes via the DNS (direct) connector is fine
3. But outgoing email that was supposed to go via the smart host connector authsmtp.com can not be delivered by Exchange 2003 and remains in the queue.

What's the problem and what's the solution here? Do I have to tell my Exchange connector to deliver to the firewall (and not to authsmtp.com) and then confgure Astaro's smart host function for onward relay. If so, how will email I need to send NOT via authsmtp get handled by Astaro? (i.e can what have two ways of delivering outgoing email by Astaro?).

Hope there is a solution please!

Thanks ...
MPSmith4258Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
SembeeConnect With a Mentor Commented:
I wouldn't recommend using any kind of SMTP proxy unless you configured Exchange to send all email via the proxy and then had the proxy server manage where the messages are flowing. In my experience the proxy servers in firewalls are not very good and cause significant problems with email delivery. In many cases I don't see the point in them.

Simon.
0
 
MPSmith4258Author Commented:
Thanks Simon. Appreciate your advice and won't use Astaro's proxy.
Can you recommend any software or techniques to easily view login (successful or failed) attemps on my open ports 25 and 443 that go to the IIS on my SBS2003? Astaro's IPS should alert me to exploit attacks, but I wondered how I could easily see if people are trying to login to https://secure.mydomain/exchange for example, etc. I deliberately remotely put in a lot of false user names and passwords on the OWA login screen, but at no point did it lock me out which is what I would have expected!!
Cheers!
0
 
SembeeCommented:
You were expecting IIS to lock you out after entering false usernames? It will not do that. The only thing it is capable of locking out is user accounts, when a valid user account is used.

IIS Logging will log attempts to login to the server. You will then something that can analyse those logs. It all depends on what you are doing, what you are looking for and what you intend to do with the results when you get them.

Simon.
0
All Courses

From novice to tech pro — start learning today.