?
Solved

Exchange 2007 Smarthost Configuration for Specific Domains

Posted on 2013-06-25
6
Medium Priority
?
674 Views
Last Modified: 2013-06-25
Hello All,

I've been battleing this worm for the past week or so.. The threat has been removed, but the reprocussion sucks. :/

Just as a background of whats going on:

1. I setup a firewall rule to block all port 25 traffic except from the exchange server
2. I noticed there were a handful of domains queued and failed due to poor rating
3. I contacted ISP and configured the smarthost on my default send connector and that seems to have resolved the delayed issues (yay!)

Now, my concern is.. I would like to keep our exchange on DNS as much as possible in order to have more control on the mails sent.  Now, originally there were only about 8-10 domains that were giving issues in the past 48 hours.

I did some reading and asking, and found out I am able to setup another send connector and add only the domains specific that are giving issues to send through the smarthost.. I wanted to post this to verify I am doing this correctly, as this would be my first time implementing this configuration.

## smathost configuration for domain specific ##

1. Name : Smarthost for specific domains
     Indended use for this connector : Internet
2. Address Space:
-*aol.com | cost 1
-*firstma.com | cost 1
3. Route mail through the following smart host:
-smarthost.isp.com
4. Authentication : None
5. Source Server : my exchange server

## end ##

-Please let me know if this is the proper setup?  

-Do I need to add the asterik before the domain names in the address space, or could I have just added aol.com | cost 1?

-Do I need to edit my DEFAULT DNS send connector and change the cost on the address space for  "*" as 5?

-By doing this, I am verifying that every email send to a user at aol.com or firstma.com will be routed through the smarthost, and all other emails not listed in the address space will be routed through the DNS correct?
0
Comment
Question by:Coupee46
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 44

Expert Comment

by:Amit
ID: 39275714
Would you share that article you read.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 1500 total points
ID: 39275810
You are doing it the correct way.  You should leave your Default SEND Connector with DNS and then just create a new SEND Connector and add the problem domains to the Scope of the SEND Connector and add the Smarthost IP / FQDN to it and leave it at that.

Then most of your mail will route via DNS and only the problem domains will be sent via the Smarthost.

In case you want a step-by-step guide:

http://support.prolateral.com/index.php?/Knowledgebase/Article/View/117

Alan
0
 
LVL 1

Author Comment

by:Coupee46
ID: 39275813
Thanks Alan! I will give this link a read today and implement this later this afternoon.  :)
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39275815
No problems - shout if you have any questions.

Alan
0
 
LVL 1

Author Comment

by:Coupee46
ID: 39275842
Alan,

Actually a couple quick questions...

add the problem domains to the Scope of the SEND Connector
1. So this is the same as adding the problem domains under Address Space (in the new send connector).. Do I need to check the "Scoped Send Connector" box as well?

2. Under the Network tab... Do I need to check off the "use the external dns lookup..." box as well, as stated in that link you had sent?  

**These options were not selected on the "default" send connector, so wasn't too sure if I would need to enable them on the "new" send connector I would be creating for the problem domains, as well? **

Side Note : for my own knowledge.. what is the difference when assigning "default" send connector with a cost 5 and the "new" send connector as a cost 1?
0
 
LVL 1

Author Closing Comment

by:Coupee46
ID: 39276644
Thanks again Alan! It worked like a charm, and turns out my IP has been updated to Neutral, so I can go back to DNS again.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses
Course of the Month8 days, 20 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question