Question re outbound email delivery by Exchange 2003 behind Astaro software firewall

--------------------------------------------------------------------------------

Hi there. I run Exchange 2003 behind the Astaro v6.304 software firewall. I outward deliver mail directly (i.e. do not use the smtp proxy) via two SMTP connectors in exchange.

One delivers mail via a smart host (ww.authsmtp.com) to avoid our outgoing mail being regarded as 'suspicious' by receiving servers. The other connector we use to deliver mail directly via DNS, as this one handles 'forwarded' mail; i.e. we send a copy of incoming mail to Blackberries, google mail etc. and obviously our smart host could not accept these emails as they are from thousands of different people (so we have to send them direct).

I tried the smtp proxy the other day. Using transparent mode. Not using the smart host.
1. incoming email is fine
2. outgoing email that goes via the DNS (direct) connector is fine
3. But outgoing email that was supposed to go via the smart host connector authsmtp.com can not be delivered by Exchange 2003 and remains in the queue.

What's the problem and what's the solution here? Do I have to tell my Exchange connector to deliver to the firewall (and not to authsmtp.com) and then confgure Astaro's smart host function for onward relay. If so, how will email I need to send NOT via authsmtp get handled by Astaro? (i.e can what have two ways of delivering outgoing email by Astaro?).

Hope there is a solution please!

Thanks ...
MPSmith4258Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SembeeCommented:
I wouldn't recommend using any kind of SMTP proxy unless you configured Exchange to send all email via the proxy and then had the proxy server manage where the messages are flowing. In my experience the proxy servers in firewalls are not very good and cause significant problems with email delivery. In many cases I don't see the point in them.

Simon.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MPSmith4258Author Commented:
Thanks Simon. Appreciate your advice and won't use Astaro's proxy.
Can you recommend any software or techniques to easily view login (successful or failed) attemps on my open ports 25 and 443 that go to the IIS on my SBS2003? Astaro's IPS should alert me to exploit attacks, but I wondered how I could easily see if people are trying to login to https://secure.mydomain/exchange for example, etc. I deliberately remotely put in a lot of false user names and passwords on the OWA login screen, but at no point did it lock me out which is what I would have expected!!
Cheers!
0
SembeeCommented:
You were expecting IIS to lock you out after entering false usernames? It will not do that. The only thing it is capable of locking out is user accounts, when a valid user account is used.

IIS Logging will log attempts to login to the server. You will then something that can analyse those logs. It all depends on what you are doing, what you are looking for and what you intend to do with the results when you get them.

Simon.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.