Force Outgoing SMTP via a particular VPN connection

Our company has a Star shaped WAN setup via draytek routers from a central office to 5 satellite sites. We have had a problem with the broadband at the central office (two lines from two ISPs, one of which has gone down) which, for a period of time means that we cannot send SMTP from our exchange server out through the central office broadband to our ISP (of the broadband that has failed). if we relay all packets destined for the internet via a VPN to another office and out, the SMTP relay works. This has the issue of saturating that VPN link.

I have Exchange 2003 running on server 2003 in the central site and server 2008 at the satelite site.

My question is, can we force SMTP packets to go out via the VPN to a satelite office and thence to the internet whilst having all other packerts from the central office going out directly to the internet from the local broadband connetion?
west-comAsked:
Who is Participating?
 
MesthaCommented:
Routers only tend to route based on the IP address, not the protocol.
Therefore if you wanted to route email out via a specific connection, that connection would need to be the default gateway, or you would need to configure a smart host in Exchange and then configure the router to route traffic for that IP address via a different gateway.

You are aware that you do not have to send email via an ISPs SMTP server, you can use direct delivery if the connection allows it.

Simon.
0
 
BarthaxCommented:
You could set the satellite site's Exchange to accept relay connections from the central site & then set the central site's Smarthost (on the SMTP Connector - I'm presuming it has only one SMTP Connector) to be the satellite site's IP address.  All normal traffic central office IP traffic continues to go the same way as normal & the SMTP Connector knows only that an IP address (via VPN) will take all of it's outbound e-mail.
0
 
MesthaCommented:
You should never set another Exchange server in the Exchange org as the smart host on an SMTP connector in the same Exchange org, as that will cause routing problems.

This very much depends on whether you have Exchange setup in routing groups. If you have routing groups configured then you can very much control how the messages will leave the org.

In short, SMTP connectors can be configured either Exchange org wide or routing group wide. If you want email to leave the Exchange org via one specific server, then set that server as the bridgehead on the routing group, with the scope set org wide. Then the email will flow to that server for delivery.

Another option, which is something to think about in the future is to have a central delivery point on the Internet. This could be a web host, or a service that offers SMTP relaying.
Configure all servers as bridgeheads on the SMTP Connector, with it set to deliver to a smart host. It wouldn't matter how the traffic got to the central server, so if you lost the VPN connections completely, external email out would continue to flow. Although I actually have a client who has a domain controller and an Exchange server in a data centre which is used purely for email routing. All servers connect to it, all inbound traffic comes through it. If one of the other servers is lost or the connection is dropped, it doesn't affect the others.

Simon.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
BarthaxCommented:
Simon is well-known in these parts & I will happily bow to his superior knowledge on the subject matter.  Sorry for the apparent mislead, west-com.
0
 
west-comAuthor Commented:
In this example, I only have one exchange server at the central site. What I'm trying to achieve is to route SMTP packets that would normally exit the site via ISP1 Broadband router to go via the VPN tunnel (on ISP2 broadband who will not accept SMTP packets for our domain) and out on another broadband line at the remote site that uses the same ISP1.
0
 
west-comAuthor Commented:
The attached drawing is how the network used to work. ISP1 accepts SMTP packets from any ISP1 router, so Exchange routes its packets straight out to ISP1 from the central site.

Site-Plan.jpg
0
 
west-comAuthor Commented:
Now however, ISP1 connection at the central site has gone down so I have reconnected all VPN traffic through ISP2. However, ISP2 will not accept SMTP packets from this domain without alot of negociation and work.

I would like most internet traffic from the central site to go out via ISP2 but redirect SMTP packets from the exchange server via a VPN line to Site 1 and out via that internet connection to ISP1 who will accept SMTP packets from out domain.
New-Site-Plan.jpg
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.