Exchange 2003 Perimeter/Gateway Server

Looking for some help on setting up a perimeter server for exchange.  We have 3 exchange servers throughout the world.  Our main server is the default inbound server but all 3 servers are set to send outbound mail directly to the internet.  However due to spam / virus scanning i would prefer that all my servers go out through a single front end server which does the inbound / outbound virus/spam filtering.  

I have tried to setup a bridgehead in the routing group and set it to forward all mail to my gateway server.  However i dont see the 3 servers sending it any mail.  do i need to restart all the servers in order to enable the routing?  Also if i set up the servers to use my perimeter server as a smarthost in the connector will the header information show that it was routed through a secondary server?  we have run into issues in China where they are not allowed to receive email that has been routed through multiple servers.
Who is Participating?
Unless you are going to use an application that strips the headers, you cannot hide the fact that the message went though multiple servers to get to the Internet. That is because the email messages are sent using SMTP and each time an SMTP message goes through a server, it writes to the headers. I doubt if that was the problem with the Chinese servers receiving email.

Putting an Exchange frontend server in to the DMZ/perimeter network is not a good idea as it makes your firewall swiss cheese to support it.

You could built a standard gateway machine for SMTP traffic only. I have instructions on what to do for that here:

Bridgehead servers can only be Exchange servers. If you want to send email through another server you would configure it as a smart host, with the Exchange servers each  configured as a bridgehead. As long as the Exchange server can connect to the smart host on port 25 then traffic will flow correctly.

I'd point each to your front end server as smarthosts...

Bring up your exchange manager.
For EACH server's (servername->protocols->smtp
right click and open properties for each default smtp virtual server
go to delivery, advanced, and put in your front end server's IP# in the field marked "smart host".

We've been able to make the bridgehead work though - and it didn't require a restart.  Are the servers separated by firewalls?  I'm not sure, but it's possible that bridgehead servers use MORE than just port 25 for communication and transport.  You may need to poke some firewall holes.

There may also be local smtp restrictions that are preventing your bridgehead server from allowing connections.  Have you looked at the event logs on all the servers?  

Check out this article:

Good luck!

Umbra-ITAuthor Commented:
Is there a real difference then between a bridgehead and just putting in the smarthost for each SMTP virtual server?  Im trying to avoid the message headers showing that the message was bounced through several servers before getting to its destination

There are no firewalls between servers.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.