Solved

configure smtp front end server exchange 2003

Posted on 2009-05-06
7
415 Views
Last Modified: 2012-08-14
we are currently running 2 exchange 2003 exchsvrA and exchsvrB backend servers and a f/e server exchfe1to handle OWA.
the exchange servers are all part of the same admin group so nothing needs to be set up for internal mail.  there is a smtp connectorconfigured to filter all mail for internet to a smarthost and exchsvrA is set as the bridgehead.

I have to create another F/e server to Only handle SMTP traffic. what would be the best way to handle this?  
I can keep the same SMTP connector just change the bridgehead to point to the new F/E server correct ?
I would configure the default smtp virtual server on the f/e not to relay, and what specifics should i set ?

finally I only want this to handle SMTP traffic so what do i need to do, to disable the server from hadling OWA or any other traffic ?  What services should i disable ?

thank you in advance.
0
Comment
Question by:mndthegap1
  • 3
  • 3
7 Comments
 
LVL 6

Expert Comment

by:ilantz
ID: 24317775
hi

you got already most of the setup good.

install new FE , configure it with all the settings you'd like , like IMF filtering for spam etc..
you will keep the same connector but point it to the new FE IP.
of course you will configure it not to relay. (only the below ip list...) add any internal servers you do want to relay from it .

securing the server is another issue.. i'd advice you to read some before you disable services..
http://www.msexchange.org/tutorials/Hardening-Exchange-Server-2003-Environment-Part1.html

just dont forward any ports other then 25 to that FE. and you'll be set.

good luck !
0
 
LVL 4

Expert Comment

by:kdagli
ID: 24317796
Change the "Local BridgeHead" on the SMTP connector to your new server. That server will then send emails out to Smarthost.
Change the NAT rule on your firewall and point it to your new server. By doing this, any email coming from the Internet will be accepted by your new server.
Disable HTTP Virtual Server on  your new server. (I am assuming your new server is not in NLB).

0
 

Author Comment

by:mndthegap1
ID: 24317879
thank you both for the quick responses. No the its not an NLB its regular 2 node active/passive cluster.
okay so to prevent OWA use3 disable the HTTP virtual server.
other then that im pretty much configured already?
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 6

Expert Comment

by:ilantz
ID: 24320143
yeah that's good. try the setup and let us know :)
0
 

Author Comment

by:mndthegap1
ID: 24338817
okay I've seem to run into a slight situation.  the way the client wants this done is NOT as a typical front end server. They didn't want to create multiple f/e SMTP servers and NLB between them.

Instead they chose to create a new active passive exchange server and are going to use that as a "smart host" to route mail through up to their provider(similar to message one or postini) to route out.

they aren't putting it in the DMZ  and are going to only allow inbound from the mail provider and nat to the new exchange server.. anyway this is how they want it so its being set up this way.

Now....   to harden or help protect the new exchange server under the SMTP virtual server access -> authentication is anonymous, basic, and integrated so that it can handle internet mail.. this is correct ?
under relay -> only listen below checked and i entered IP range for their mail service(company like message one) and also allow all computer which successfully authenticate to relay IS checked as well. is that correct ?
then under connection control I entered the same ip range for mail service, the IPS for the cluster, and the IPs for the other exchange server cluster nodes. is that correct ?  DO I need to enter the IPS for the other exchange servers, I was under the assumption that any exchange servers in the same routing group can speak to each other regardless ?

then under the internet connector have the new exchange server listed as the bridge head forwarding out to the the designated mail service.

and finally now that the back end exchange server wont be handling inbound/outbound SMTP traffic
under its SMTP virtual server for authentication can I uncheck the anonymous and the basic and only leave the integrated windows ?


sorry for all the extra questions but would really really appreciate the assistance on this.
0
 

Author Comment

by:mndthegap1
ID: 24338829
also since it is only doing smtp traffic ive stopped the HTTP service in cluster admin.
0
 
LVL 6

Accepted Solution

by:
ilantz earned 500 total points
ID: 24338902
your assumptions are all correct. you should be fine with that configuration.

consider implementing spam filtering for that Front end server thus...using IMF or any 3rd party software you'd like .. if you want to read abit more on SPAM i've blogged about it recently :)

http://ilantz.wordpress.com/a-bite-of-spam/

good job !
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read this checklist to learn more about the 15 things you should never include in an email signature.
In-place Upgrading Dirsync to Azure AD Connect
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question