Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

DNS vs Smart Host for Exchange

Posted on 2009-04-06
6
Medium Priority
?
1,562 Views
Last Modified: 2012-05-06
If our new ISP is not able to provide an SMTP smart host for Exchange, are there any real downsides to switching to using DNS and delivery mail directly?  Any major advantages?

Also, what do I need to do to swtich from smart host to DNS?  We're running Exchange 2003 on SBS 2003 (not R2).
0
Comment
Question by:I_play_with_DNA
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 15

Accepted Solution

by:
zelron22 earned 1000 total points
ID: 24081596
In the Exchange administrator, under the server, in protocols, get the properties of the default smtp virtual server.  In the Delivery tab, click on Advanced and clear the smarthost.  As long as your DNS server is set up with a forwarder or the root hints, that should do it (you might need to restart the SMTP virtual server).

The big advantage to having an offsite smarthost is if they are also doing AV scanning or filtering so that in the event your server gets compromised, you are less likely to get blacklisted.

0
 
LVL 2

Expert Comment

by:QTH
ID: 24081636
The major advantage of using Smart Host will be security.  Your Exchange server will not be directly exposed to the public domain.  You can leave the Exchange server inside your LAN and expose only the Smart Host port 25 (SMTP) to the outside world.  In this case, if anyone tries to hack your server or perform a DoS attack on your Smart Host, it will not take down your Exchange server.
0
 

Author Comment

by:I_play_with_DNA
ID: 24082249
@QTH

Why would I have to open anything other than port 25 on the Exchange server if I'm using DNS instead of a smart host?  Can't the Exchange server still stay on the LAN with only port 25 open to that box?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 65

Assisted Solution

by:Mestha
Mestha earned 1000 total points
ID: 24082759
Using a smart host for outbound email does nothing for your security. I think the poster above is referring to an inbound server, which I would refer to as a SMTP gateway, not a smart host.

The only reason to use a smart host for outbound email is to ensure that your email gets delivered. If you cannot get a reverse DNS record set, you are not on a static IP address or your ISP has got blacklisted, using a smart host can often be the only way to get email delivered.

Simon.
0
 

Author Comment

by:I_play_with_DNA
ID: 24083177
@Mestha

I, of course, have port 25 open to the mail server to allow inbound e-mail.  That's why the comment above confused me.

And the reasons you listed are why I would like to use the ISPs SMTP server to relay as opposed to DNS (as I mentioned in another related Q that you just posted in as well).
0
 
LVL 2

Expert Comment

by:QTH
ID: 24110822
Gents, my apology.  You're right that I'm talking about inbound SMTP security.  My recommendation is about not allowing direct inbound SMTP to your email server.
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question