I_play_with_DNA
asked on
DNS vs Smart Host for Exchange
If our new ISP is not able to provide an SMTP smart host for Exchange, are there any real downsides to switching to using DNS and delivery mail directly? Any major advantages?
Also, what do I need to do to swtich from smart host to DNS? We're running Exchange 2003 on SBS 2003 (not R2).
Also, what do I need to do to swtich from smart host to DNS? We're running Exchange 2003 on SBS 2003 (not R2).
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
QTH
The major advantage of using Smart Host will be security. Your Exchange server will not be directly exposed to the public domain. You can leave the Exchange server inside your LAN and expose only the Smart Host port 25 (SMTP) to the outside world. In this case, if anyone tries to hack your server or perform a DoS attack on your Smart Host, it will not take down your Exchange server.
ASKER
@QTH
Why would I have to open anything other than port 25 on the Exchange server if I'm using DNS instead of a smart host? Can't the Exchange server still stay on the LAN with only port 25 open to that box?
Why would I have to open anything other than port 25 on the Exchange server if I'm using DNS instead of a smart host? Can't the Exchange server still stay on the LAN with only port 25 open to that box?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
@Mestha
I, of course, have port 25 open to the mail server to allow inbound e-mail. That's why the comment above confused me.
And the reasons you listed are why I would like to use the ISPs SMTP server to relay as opposed to DNS (as I mentioned in another related Q that you just posted in as well).
I, of course, have port 25 open to the mail server to allow inbound e-mail. That's why the comment above confused me.
And the reasons you listed are why I would like to use the ISPs SMTP server to relay as opposed to DNS (as I mentioned in another related Q that you just posted in as well).
Gents, my apology. You're right that I'm talking about inbound SMTP security. My recommendation is about not allowing direct inbound SMTP to your email server.