Mark
asked on
Can Exchange Server route and receive all mail through another "smart" host?
Currently, our office Exchange Server is connected directly to the Internet on port 25. I would rather like to have it send and receive the email destined for this domain to/from another, Internet facing server (Linux/sendmail). The Exchange server computer has an Internet-facing NIC with a public IP, and a LAN NIC with 192.168.0.2.
How would I go about configuring this? To begin with, I could block port 25 on the Internet link and change the public mail server address of mail.thisdomain.org to be the IP of the Linux computer. That would certainly route all incoming mail from the Internet, through the Linux server and to the Exchange server computer (Exchange already has a working receive connector for the Linux host). But how would Exchange know to send mail out via the Linux host (which is 192.168.0.3)?
Here's my guess: In Exchange Management Console > Organization Configuration > Hub Transport > Send Connectors, I have the connector: "Windows SBS Internet Send MAIL". Under properties > Address Space, I have Type = SMTP, Address = *. Under properties > Network, I have selections: Use domain name system (DNS) "MX" records to route mail automatically (which is currently checked); and "Route mail through the following smart host" (not checked).
Should I try one of these? My inclination would be to check "Route mail through the following smart host", but under the Address Space tab, "Specify the address space(s) to which this connector will route mail" also seems appropriate. In both cases I could put in 192.168.0.3. Should I use either of these to accomplish my goal and, if so, which should I use and what is the difference?
I gues I could also NOT modify this send connection and let the Exchange server send mail via SMTP using DNS, but receive all mail via the Linux server. That would be OK too. That would mean I would just block incoming port 25 from the Internet and move the domain mail IP to the Linux host, right?
I'd rather have some advice before trying any of this since this system is LIVE!
How would I go about configuring this? To begin with, I could block port 25 on the Internet link and change the public mail server address of mail.thisdomain.org to be the IP of the Linux computer. That would certainly route all incoming mail from the Internet, through the Linux server and to the Exchange server computer (Exchange already has a working receive connector for the Linux host). But how would Exchange know to send mail out via the Linux host (which is 192.168.0.3)?
Here's my guess: In Exchange Management Console > Organization Configuration > Hub Transport > Send Connectors, I have the connector: "Windows SBS Internet Send MAIL". Under properties > Address Space, I have Type = SMTP, Address = *. Under properties > Network, I have selections: Use domain name system (DNS) "MX" records to route mail automatically (which is currently checked); and "Route mail through the following smart host" (not checked).
Should I try one of these? My inclination would be to check "Route mail through the following smart host", but under the Address Space tab, "Specify the address space(s) to which this connector will route mail" also seems appropriate. In both cases I could put in 192.168.0.3. Should I use either of these to accomplish my goal and, if so, which should I use and what is the difference?
I gues I could also NOT modify this send connection and let the Exchange server send mail via SMTP using DNS, but receive all mail via the Linux server. That would be OK too. That would mean I would just block incoming port 25 from the Internet and move the domain mail IP to the Linux host, right?
I'd rather have some advice before trying any of this since this system is LIVE!
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
s3e3: > Have the firewall route traffic to the linux box and then have that host forward SMTP traffic to your internal SMTP server.
Excellent idea! Why didn't I think of that! That way I wouldn't have to change the MX record at all.
Your suggestion to use the Smart Host connector property agrees with ded_ch's suggestion.
I think for experimental purposes I re-route port 25 to the Linux host and do nothing else to start with. Than means not re-configuration anything on any of the hosts. The Exchange server will receive all mail from the Linux server and send all mail directly via SMTP/DNS. If that looks like it has not brought the world to an end, I'll implement the Smart Host suggestion on the send connector.
I'll keep you posted on results.
Excellent idea! Why didn't I think of that! That way I wouldn't have to change the MX record at all.
Your suggestion to use the Smart Host connector property agrees with ded_ch's suggestion.
I think for experimental purposes I re-route port 25 to the Linux host and do nothing else to start with. Than means not re-configuration anything on any of the hosts. The Exchange server will receive all mail from the Linux server and send all mail directly via SMTP/DNS. If that looks like it has not brought the world to an end, I'll implement the Smart Host suggestion on the send connector.
I'll keep you posted on results.
ASKER
Here's what I decided to do: I followed s3e3's excellent and simple suggestion of routing port 25 at the firewall to the target linux mail server. I had a slight complication with that because that computer had two network cards, one internet facing and one LAN facing. To get this to work I had to add a static route for the LAN IP, but that's another story. Once I did that, all internet mail destined for our domain routed to the linux/sendmail host.
All I had to do at that point was add
mydomian.org RELAY
to the /etc/mail/access file, `make access.db` and restart sendmail (/etc/rc.d/rc.sendmail restart). That permitted the linux host to relay mail to the Exchange Server. The linux host was already set up to use the Exchange Server host as a smart host (define(`SMART_HOST',`mydo main.org') in sendmail.mc).
I decided NOT to set the linux host as a smart host in the Exchange Server as suggested by ded_ch and s3e3. For one thing, I don't have to worry about any possible circular mail delivery issues (I'm sure I could confgure sendmail to send all message received from mydomain.org out via smtp rather than back to the Exchange Server, but why add the complication. Also, there really doesn't seem to be any point in not letting Exchange Server go ahead and make the external deliveries. Letting Exchange manage this also means I don't need the added SMTP feature described by s3e3, although that is good info to know.
In the end, the solution was simple enough: forward all domain email to the linux/sendmail host, set the Exchange Server host as a relay in the linux host.
Things seem to be working. I've leave this up a day or two in case anyone sees a flaw in my implementation.
All I had to do at that point was add
mydomian.org RELAY
to the /etc/mail/access file, `make access.db` and restart sendmail (/etc/rc.d/rc.sendmail restart). That permitted the linux host to relay mail to the Exchange Server. The linux host was already set up to use the Exchange Server host as a smart host (define(`SMART_HOST',`mydo
I decided NOT to set the linux host as a smart host in the Exchange Server as suggested by ded_ch and s3e3. For one thing, I don't have to worry about any possible circular mail delivery issues (I'm sure I could confgure sendmail to send all message received from mydomain.org out via smtp rather than back to the Exchange Server, but why add the complication. Also, there really doesn't seem to be any point in not letting Exchange Server go ahead and make the external deliveries. Letting Exchange manage this also means I don't need the added SMTP feature described by s3e3, although that is good info to know.
In the end, the solution was simple enough: forward all domain email to the linux/sendmail host, set the Exchange Server host as a relay in the linux host.
Things seem to be working. I've leave this up a day or two in case anyone sees a flaw in my implementation.
Enter your Sendmail servers ip there.
Make sure that your Linux SMTP Server is set up for smarthost function.
Here are instructions for it:
http://www.cyberciti.biz/faq/configure-sendmail-as-a-smart-host/