Exchange 2003 Perimeter/Gateway Server

Posted on 2007-07-30
Last Modified: 2008-08-27
Looking for some help on setting up a perimeter server for exchange.  We have 3 exchange servers throughout the world.  Our main server is the default inbound server but all 3 servers are set to send outbound mail directly to the internet.  However due to spam / virus scanning i would prefer that all my servers go out through a single front end server which does the inbound / outbound virus/spam filtering.  

I have tried to setup a bridgehead in the routing group and set it to forward all mail to my gateway server.  However i dont see the 3 servers sending it any mail.  do i need to restart all the servers in order to enable the routing?  Also if i set up the servers to use my perimeter server as a smarthost in the connector will the header information show that it was routed through a secondary server?  we have run into issues in China where they are not allowed to receive email that has been routed through multiple servers.
Question by:Umbra-IT
    LVL 3

    Expert Comment

    I'd point each to your front end server as smarthosts...

    Bring up your exchange manager.
    For EACH server's (servername->protocols->smtp
    right click and open properties for each default smtp virtual server
    go to delivery, advanced, and put in your front end server's IP# in the field marked "smart host".

    We've been able to make the bridgehead work though - and it didn't require a restart.  Are the servers separated by firewalls?  I'm not sure, but it's possible that bridgehead servers use MORE than just port 25 for communication and transport.  You may need to poke some firewall holes.

    There may also be local smtp restrictions that are preventing your bridgehead server from allowing connections.  Have you looked at the event logs on all the servers?  

    Check out this article:

    Good luck!


    Author Comment

    Is there a real difference then between a bridgehead and just putting in the smarthost for each SMTP virtual server?  Im trying to avoid the message headers showing that the message was bounced through several servers before getting to its destination

    There are no firewalls between servers.
    LVL 104

    Accepted Solution

    Unless you are going to use an application that strips the headers, you cannot hide the fact that the message went though multiple servers to get to the Internet. That is because the email messages are sent using SMTP and each time an SMTP message goes through a server, it writes to the headers. I doubt if that was the problem with the Chinese servers receiving email.

    Putting an Exchange frontend server in to the DMZ/perimeter network is not a good idea as it makes your firewall swiss cheese to support it.

    You could built a standard gateway machine for SMTP traffic only. I have instructions on what to do for that here:

    Bridgehead servers can only be Exchange servers. If you want to send email through another server you would configure it as a smart host, with the Exchange servers each  configured as a bridgehead. As long as the Exchange server can connect to the smart host on port 25 then traffic will flow correctly.


    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Join & Write a Comment

    Use these top 10 tips to master the art of email signature design. Create an email signature design that will easily wow recipients, promote your brand and highlight your professionalism.
    Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
    To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
    how to add IIS SMTP to handle application/Scanner relays into office 365.

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now