Exchange 2003 Perimeter/Gateway Server

Posted on 2007-07-30
Medium Priority
Last Modified: 2008-08-27
Looking for some help on setting up a perimeter server for exchange.  We have 3 exchange servers throughout the world.  Our main server is the default inbound server but all 3 servers are set to send outbound mail directly to the internet.  However due to spam / virus scanning i would prefer that all my servers go out through a single front end server which does the inbound / outbound virus/spam filtering.  

I have tried to setup a bridgehead in the routing group and set it to forward all mail to my gateway server.  However i dont see the 3 servers sending it any mail.  do i need to restart all the servers in order to enable the routing?  Also if i set up the servers to use my perimeter server as a smarthost in the connector will the header information show that it was routed through a secondary server?  we have run into issues in China where they are not allowed to receive email that has been routed through multiple servers.
Question by:Umbra-IT

Expert Comment

ID: 19595994
I'd point each to your front end server as smarthosts...

Bring up your exchange manager.
For EACH server's (servername->protocols->smtp
right click and open properties for each default smtp virtual server
go to delivery, advanced, and put in your front end server's IP# in the field marked "smart host".

We've been able to make the bridgehead work though - and it didn't require a restart.  Are the servers separated by firewalls?  I'm not sure, but it's possible that bridgehead servers use MORE than just port 25 for communication and transport.  You may need to poke some firewall holes.

There may also be local smtp restrictions that are preventing your bridgehead server from allowing connections.  Have you looked at the event logs on all the servers?  

Check out this article:

Good luck!


Author Comment

ID: 19596078
Is there a real difference then between a bridgehead and just putting in the smarthost for each SMTP virtual server?  Im trying to avoid the message headers showing that the message was bounced through several servers before getting to its destination

There are no firewalls between servers.
LVL 104

Accepted Solution

Sembee earned 750 total points
ID: 19596917
Unless you are going to use an application that strips the headers, you cannot hide the fact that the message went though multiple servers to get to the Internet. That is because the email messages are sent using SMTP and each time an SMTP message goes through a server, it writes to the headers. I doubt if that was the problem with the Chinese servers receiving email.

Putting an Exchange frontend server in to the DMZ/perimeter network is not a good idea as it makes your firewall swiss cheese to support it.

You could built a standard gateway machine for SMTP traffic only. I have instructions on what to do for that here: http://www.amset.info/exchange/gateway.asp

Bridgehead servers can only be Exchange servers. If you want to send email through another server you would configure it as a smart host, with the Exchange servers each  configured as a bridgehead. As long as the Exchange server can connect to the smart host on port 25 then traffic will flow correctly.


Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
Steps to fix “Unable to mount database. (hr=0x80004005, ec=1108)”.
This video discusses moving either the default database or any database to a new volume.
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Suggested Courses
Course of the Month16 days, 23 hours left to enroll

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question