[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Exchange 2010 receive connector on port 443 or 80?

Posted on 2016-08-08
11
Medium Priority
?
103 Views
Last Modified: 2016-08-12
My setup is a very small exchange 2010 environment and I'm toying with the idea to give others a exchange relay outside their network.  Most of the end user's local FW are aggressive so trying to navigate the traditional SMTP port (25) outbound to relay an email from a scanner, security camera or alert system is not an option on port 25 and most other non web ports.  

I have a exchange 2010 running already but I can build a separate Exchange instance on the same domain and I see an option to only install hub transport that has the receive connector in it.  Is it possible to make a receive connector (relay) listen and work on port 443 or 80 in Exchange 2010?  If so, what are the best practices to do this; separate ME2010 with hub transport only?

if not possible to make the relay  work on 443 or 80, what are  other suggestions for clients to use a email relay service for aggressive client firewalls that cannot be modified?

Of course I will filter by IP to be allowed to send; I understand the risk if I opened a anonymous relay to the internet.
0
Comment
Question by:jo80ge121
  • 6
  • 5
11 Comments
 
LVL 5

Accepted Solution

by:
Manuel Flores earned 2000 total points
ID: 41747587
An external NAT port router would be a solution.
1
 

Author Comment

by:jo80ge121
ID: 41747673
Thank you.  Now, instead of changing my question - can a RV325 Cisco handle a NAT port?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 

Author Comment

by:jo80ge121
ID: 41747686
I should add that my primary PAT is not the same public facing IP I have this exchange relay pointing to.  In other words all my servers are on the same LAN 192.168.1.1 and I have a public 1.1.1.1 on my RV325 router for all my internet traffic.  I have a one to one NAT setup for my test relay on public 1.1.1.2 however the RV325 router doesn't appear to give me a option to pick which external interface (1.1.1.2) to translate the external port (443 for this example) to an internal port (25).  Does anyone know if a RV325 router can handle this type of External port forwarding on a specific public IP?
0
 

Author Comment

by:jo80ge121
ID: 41747692
thank you.  I found the same article but how does it know which public IP to forward traffic on?  i have many one to one NATs setup
0
 
LVL 5

Expert Comment

by:Manuel Flores
ID: 41747707
OK. One of those NAT's is the one for external access to current exchange hub connector.  You need to know which one, by the exchange internal IP, and port maybe... or by the external public IP used by your email service.   Then add a PAT for that rule so i.e. the external port 225 translated to internal port 25.
0
 

Author Comment

by:jo80ge121
ID: 41747752
I understand but do you think the router can tell which inbound port to route when I add this to the port address translation?  I took screen shots of my RV325 1 to 1 NAT and port address setup.  I'm not sure how this can tell which 443 traffic to port route.


I may be missing something but I'll play around with this.  Good idea Manual.
onetoonenat-RV325.JPG
Port-Address-Translation-RV325.JPG
0
 
LVL 5

Expert Comment

by:Manuel Flores
ID: 41747767
From your screenshots, I would say it should work.  

The PAT configuration is explicit here;
All external traffic to port 443 will be translated to port 25 for internal IP 192.x.x.24 where the hub connector should be running.

However , I do not quite understand why you chose external port 443 ( it is a very standard port for https ) , instead of choosing another more "hidden " such as 225 or 2225
0
 

Author Comment

by:jo80ge121
ID: 41747839
the reason is the clients firewall is very aggressive so nothing other than web ports it allowed outbound from their end.  i'm trying to find a workaround for some clients to use my service as a relay.
0
 
LVL 5

Expert Comment

by:Manuel Flores
ID: 41747841
Ah... yes, I read in your post.  OK.  443 PAT to 25 should work.
0
 

Author Closing Comment

by:jo80ge121
ID: 41754415
thanks.  My router can't handle a port redirect on a separate NAT outside the primary WAN IP link so I have to look into better network equipment but your port redirect xxx to 25 is the better way to do this.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense …
Exchange database can often fail to mount thereby halting the work of all users connected to it. Finding out why database isn’t mounting is crucial and getting the server back online. Stellar Phoenix Mailbox Exchange Recovery is a champion product t…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses
Course of the Month9 days, 21 hours left to enroll

591 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question