Exchange 2010 - sending email out over a different public IP than your incoming IP

We currently have a single firewall and public IP (with associated mx record) handling our incoming email, outgoing email, and HTTPS - SSL traffic for OWA.  We also have these resources providing Internet services to the client desktops.  

This is a bad situation as client PC's that get a virus, can get our public IP blacklisted.  This is rare, but has happened with the CBL.  Client PC's aren't able to relay mail (as per firewall rules), but the CBL will blacklist a public IP for non-email\spam related transgressions.  Some trojan variants for example, where the PC is reaching to an IP in Russia or god knows where.  Thankfully we have good logging in place so we can quickly identify the source PC.

Can I configure Exchange to use a different firewall (LAN IP and WAN IP with a secondary MX record) for sending only?  I'd like to keep any incoming public IP addressing, primary MX record, and Exchange server default gateway unchanged.   The idea being I can wait for secondary MX records to update and then test sending without worrying about disrupting any incoming internet mail traffic or connectivity for clients PC's\devices.

We currently have one Exchange server handling all roles.

Hope I'm making sense - thank you!
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Simon Butler (Sembee)ConsultantCommented:
You would need to change the default gateway.
Therefore I would change everything connected to Exchange to the other IP address. MX record, Outlook Anywhere address, OWA etc. Should just be a DNS change and if you plan it advance, will cause no downtime.

It is best practise for Exchange to have its own IP address - usually via a 1:1 NAT.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dbruecknerAuthor Commented:
Thank you Simon
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.