Exchange 2010 - sending email out over a different public IP than your incoming IP

We currently have a single firewall and public IP (with associated mx record) handling our incoming email, outgoing email, and HTTPS - SSL traffic for OWA.  We also have these resources providing Internet services to the client desktops.  

This is a bad situation as client PC's that get a virus, can get our public IP blacklisted.  This is rare, but has happened with the CBL.  Client PC's aren't able to relay mail (as per firewall rules), but the CBL will blacklist a public IP for non-email\spam related transgressions.  Some trojan variants for example, where the PC is reaching to an IP in Russia or god knows where.  Thankfully we have good logging in place so we can quickly identify the source PC.

Can I configure Exchange to use a different firewall (LAN IP and WAN IP with a secondary MX record) for sending only?  I'd like to keep any incoming public IP addressing, primary MX record, and Exchange server default gateway unchanged.   The idea being I can wait for secondary MX records to update and then test sending without worrying about disrupting any incoming internet mail traffic or connectivity for clients PC's\devices.

We currently have one Exchange server handling all roles.

Hope I'm making sense - thank you!
Who is Participating?
Simon Butler (Sembee)ConsultantCommented:
You would need to change the default gateway.
Therefore I would change everything connected to Exchange to the other IP address. MX record, Outlook Anywhere address, OWA etc. Should just be a DNS change and if you plan it advance, will cause no downtime.

It is best practise for Exchange to have its own IP address - usually via a 1:1 NAT.

dbruecknerAuthor Commented:
Thank you Simon
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.