?
Solved

Force Outgoing SMTP via a particular VPN connection

Posted on 2009-12-23
7
Medium Priority
?
774 Views
Last Modified: 2012-08-14
Our company has a Star shaped WAN setup via draytek routers from a central office to 5 satellite sites. We have had a problem with the broadband at the central office (two lines from two ISPs, one of which has gone down) which, for a period of time means that we cannot send SMTP from our exchange server out through the central office broadband to our ISP (of the broadband that has failed). if we relay all packets destined for the internet via a VPN to another office and out, the SMTP relay works. This has the issue of saturating that VPN link.

I have Exchange 2003 running on server 2003 in the central site and server 2008 at the satelite site.

My question is, can we force SMTP packets to go out via the VPN to a satelite office and thence to the internet whilst having all other packerts from the central office going out directly to the internet from the local broadband connetion?
0
Comment
Question by:west-com
  • 3
  • 2
  • 2
7 Comments
 
LVL 19

Expert Comment

by:Barthax
ID: 26111236
You could set the satellite site's Exchange to accept relay connections from the central site & then set the central site's Smarthost (on the SMTP Connector - I'm presuming it has only one SMTP Connector) to be the satellite site's IP address.  All normal traffic central office IP traffic continues to go the same way as normal & the SMTP Connector knows only that an IP address (via VPN) will take all of it's outbound e-mail.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 26111454
You should never set another Exchange server in the Exchange org as the smart host on an SMTP connector in the same Exchange org, as that will cause routing problems.

This very much depends on whether you have Exchange setup in routing groups. If you have routing groups configured then you can very much control how the messages will leave the org.

In short, SMTP connectors can be configured either Exchange org wide or routing group wide. If you want email to leave the Exchange org via one specific server, then set that server as the bridgehead on the routing group, with the scope set org wide. Then the email will flow to that server for delivery.

Another option, which is something to think about in the future is to have a central delivery point on the Internet. This could be a web host, or a service that offers SMTP relaying.
Configure all servers as bridgeheads on the SMTP Connector, with it set to deliver to a smart host. It wouldn't matter how the traffic got to the central server, so if you lost the VPN connections completely, external email out would continue to flow. Although I actually have a client who has a domain controller and an Exchange server in a data centre which is used purely for email routing. All servers connect to it, all inbound traffic comes through it. If one of the other servers is lost or the connection is dropped, it doesn't affect the others.

Simon.
0
 
LVL 19

Expert Comment

by:Barthax
ID: 26111586
Simon is well-known in these parts & I will happily bow to his superior knowledge on the subject matter.  Sorry for the apparent mislead, west-com.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:west-com
ID: 26127424
In this example, I only have one exchange server at the central site. What I'm trying to achieve is to route SMTP packets that would normally exit the site via ISP1 Broadband router to go via the VPN tunnel (on ISP2 broadband who will not accept SMTP packets for our domain) and out on another broadband line at the remote site that uses the same ISP1.
0
 

Author Comment

by:west-com
ID: 26127457
The attached drawing is how the network used to work. ISP1 accepts SMTP packets from any ISP1 router, so Exchange routes its packets straight out to ISP1 from the central site.

Site-Plan.jpg
0
 

Author Comment

by:west-com
ID: 26127472
Now however, ISP1 connection at the central site has gone down so I have reconnected all VPN traffic through ISP2. However, ISP2 will not accept SMTP packets from this domain without alot of negociation and work.

I would like most internet traffic from the central site to go out via ISP2 but redirect SMTP packets from the exchange server via a VPN line to Site 1 and out via that internet connection to ISP1 who will accept SMTP packets from out domain.
New-Site-Plan.jpg
0
 
LVL 65

Accepted Solution

by:
Mestha earned 2000 total points
ID: 26134617
Routers only tend to route based on the IP address, not the protocol.
Therefore if you wanted to route email out via a specific connection, that connection would need to be the default gateway, or you would need to configure a smart host in Exchange and then configure the router to route traffic for that IP address via a different gateway.

You are aware that you do not have to send email via an ISPs SMTP server, you can use direct delivery if the connection allows it.

Simon.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Steps to fix error: “Couldn’t mount the database that you specified. Specified database: HU-DB; Error code: An Active Manager operation fail”
Exchange administrators are always vigilant about Exchange crashes and disasters that are possible any time. It is quite essential to identify the symptoms of a possible Exchange issue and be prepared with a proper recovery plan. There are multiple…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses
Course of the Month15 days, 16 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question