Solved

configure smtp front end server exchange 2003

Posted on 2009-05-06
7
417 Views
Last Modified: 2012-08-14
we are currently running 2 exchange 2003 exchsvrA and exchsvrB backend servers and a f/e server exchfe1to handle OWA.
the exchange servers are all part of the same admin group so nothing needs to be set up for internal mail.  there is a smtp connectorconfigured to filter all mail for internet to a smarthost and exchsvrA is set as the bridgehead.

I have to create another F/e server to Only handle SMTP traffic. what would be the best way to handle this?  
I can keep the same SMTP connector just change the bridgehead to point to the new F/E server correct ?
I would configure the default smtp virtual server on the f/e not to relay, and what specifics should i set ?

finally I only want this to handle SMTP traffic so what do i need to do, to disable the server from hadling OWA or any other traffic ?  What services should i disable ?

thank you in advance.
0
Comment
Question by:mndthegap1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 6

Expert Comment

by:ilantz
ID: 24317775
hi

you got already most of the setup good.

install new FE , configure it with all the settings you'd like , like IMF filtering for spam etc..
you will keep the same connector but point it to the new FE IP.
of course you will configure it not to relay. (only the below ip list...) add any internal servers you do want to relay from it .

securing the server is another issue.. i'd advice you to read some before you disable services..
http://www.msexchange.org/tutorials/Hardening-Exchange-Server-2003-Environment-Part1.html

just dont forward any ports other then 25 to that FE. and you'll be set.

good luck !
0
 
LVL 4

Expert Comment

by:kdagli
ID: 24317796
Change the "Local BridgeHead" on the SMTP connector to your new server. That server will then send emails out to Smarthost.
Change the NAT rule on your firewall and point it to your new server. By doing this, any email coming from the Internet will be accepted by your new server.
Disable HTTP Virtual Server on  your new server. (I am assuming your new server is not in NLB).

0
 

Author Comment

by:mndthegap1
ID: 24317879
thank you both for the quick responses. No the its not an NLB its regular 2 node active/passive cluster.
okay so to prevent OWA use3 disable the HTTP virtual server.
other then that im pretty much configured already?
0
Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

 
LVL 6

Expert Comment

by:ilantz
ID: 24320143
yeah that's good. try the setup and let us know :)
0
 

Author Comment

by:mndthegap1
ID: 24338817
okay I've seem to run into a slight situation.  the way the client wants this done is NOT as a typical front end server. They didn't want to create multiple f/e SMTP servers and NLB between them.

Instead they chose to create a new active passive exchange server and are going to use that as a "smart host" to route mail through up to their provider(similar to message one or postini) to route out.

they aren't putting it in the DMZ  and are going to only allow inbound from the mail provider and nat to the new exchange server.. anyway this is how they want it so its being set up this way.

Now....   to harden or help protect the new exchange server under the SMTP virtual server access -> authentication is anonymous, basic, and integrated so that it can handle internet mail.. this is correct ?
under relay -> only listen below checked and i entered IP range for their mail service(company like message one) and also allow all computer which successfully authenticate to relay IS checked as well. is that correct ?
then under connection control I entered the same ip range for mail service, the IPS for the cluster, and the IPs for the other exchange server cluster nodes. is that correct ?  DO I need to enter the IPS for the other exchange servers, I was under the assumption that any exchange servers in the same routing group can speak to each other regardless ?

then under the internet connector have the new exchange server listed as the bridge head forwarding out to the the designated mail service.

and finally now that the back end exchange server wont be handling inbound/outbound SMTP traffic
under its SMTP virtual server for authentication can I uncheck the anonymous and the basic and only leave the integrated windows ?


sorry for all the extra questions but would really really appreciate the assistance on this.
0
 

Author Comment

by:mndthegap1
ID: 24338829
also since it is only doing smtp traffic ive stopped the HTTP service in cluster admin.
0
 
LVL 6

Accepted Solution

by:
ilantz earned 500 total points
ID: 24338902
your assumptions are all correct. you should be fine with that configuration.

consider implementing spam filtering for that Front end server thus...using IMF or any 3rd party software you'd like .. if you want to read abit more on SPAM i've blogged about it recently :)

http://ilantz.wordpress.com/a-bite-of-spam/

good job !
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question