Solved

configure smtp front end server exchange 2003

Posted on 2009-05-06
7
411 Views
Last Modified: 2012-08-14
we are currently running 2 exchange 2003 exchsvrA and exchsvrB backend servers and a f/e server exchfe1to handle OWA.
the exchange servers are all part of the same admin group so nothing needs to be set up for internal mail.  there is a smtp connectorconfigured to filter all mail for internet to a smarthost and exchsvrA is set as the bridgehead.

I have to create another F/e server to Only handle SMTP traffic. what would be the best way to handle this?  
I can keep the same SMTP connector just change the bridgehead to point to the new F/E server correct ?
I would configure the default smtp virtual server on the f/e not to relay, and what specifics should i set ?

finally I only want this to handle SMTP traffic so what do i need to do, to disable the server from hadling OWA or any other traffic ?  What services should i disable ?

thank you in advance.
0
Comment
Question by:mndthegap1
  • 3
  • 3
7 Comments
 
LVL 6

Expert Comment

by:ilantz
ID: 24317775
hi

you got already most of the setup good.

install new FE , configure it with all the settings you'd like , like IMF filtering for spam etc..
you will keep the same connector but point it to the new FE IP.
of course you will configure it not to relay. (only the below ip list...) add any internal servers you do want to relay from it .

securing the server is another issue.. i'd advice you to read some before you disable services..
http://www.msexchange.org/tutorials/Hardening-Exchange-Server-2003-Environment-Part1.html

just dont forward any ports other then 25 to that FE. and you'll be set.

good luck !
0
 
LVL 4

Expert Comment

by:kdagli
ID: 24317796
Change the "Local BridgeHead" on the SMTP connector to your new server. That server will then send emails out to Smarthost.
Change the NAT rule on your firewall and point it to your new server. By doing this, any email coming from the Internet will be accepted by your new server.
Disable HTTP Virtual Server on  your new server. (I am assuming your new server is not in NLB).

0
 

Author Comment

by:mndthegap1
ID: 24317879
thank you both for the quick responses. No the its not an NLB its regular 2 node active/passive cluster.
okay so to prevent OWA use3 disable the HTTP virtual server.
other then that im pretty much configured already?
0
The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

 
LVL 6

Expert Comment

by:ilantz
ID: 24320143
yeah that's good. try the setup and let us know :)
0
 

Author Comment

by:mndthegap1
ID: 24338817
okay I've seem to run into a slight situation.  the way the client wants this done is NOT as a typical front end server. They didn't want to create multiple f/e SMTP servers and NLB between them.

Instead they chose to create a new active passive exchange server and are going to use that as a "smart host" to route mail through up to their provider(similar to message one or postini) to route out.

they aren't putting it in the DMZ  and are going to only allow inbound from the mail provider and nat to the new exchange server.. anyway this is how they want it so its being set up this way.

Now....   to harden or help protect the new exchange server under the SMTP virtual server access -> authentication is anonymous, basic, and integrated so that it can handle internet mail.. this is correct ?
under relay -> only listen below checked and i entered IP range for their mail service(company like message one) and also allow all computer which successfully authenticate to relay IS checked as well. is that correct ?
then under connection control I entered the same ip range for mail service, the IPS for the cluster, and the IPs for the other exchange server cluster nodes. is that correct ?  DO I need to enter the IPS for the other exchange servers, I was under the assumption that any exchange servers in the same routing group can speak to each other regardless ?

then under the internet connector have the new exchange server listed as the bridge head forwarding out to the the designated mail service.

and finally now that the back end exchange server wont be handling inbound/outbound SMTP traffic
under its SMTP virtual server for authentication can I uncheck the anonymous and the basic and only leave the integrated windows ?


sorry for all the extra questions but would really really appreciate the assistance on this.
0
 

Author Comment

by:mndthegap1
ID: 24338829
also since it is only doing smtp traffic ive stopped the HTTP service in cluster admin.
0
 
LVL 6

Accepted Solution

by:
ilantz earned 500 total points
ID: 24338902
your assumptions are all correct. you should be fine with that configuration.

consider implementing spam filtering for that Front end server thus...using IMF or any 3rd party software you'd like .. if you want to read abit more on SPAM i've blogged about it recently :)

http://ilantz.wordpress.com/a-bite-of-spam/

good job !
0

Featured Post

Shouldn't all users have the same email signature?

You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

Join & Write a Comment

Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now