RE: Relocation of SMTP Service to a UNIX box
- From: "adrian bolzan" <abolzan@xxxxxxxxxxxxxxxxxxxxxxxxx>
- To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
- Date: Thu, 20 Jan 2005 12:32:06 +1100
Hi,
If I understand correctly, you wish:
Outgoing mail:
1. From exchange server to UNIX box to internet
2. mail sent by your users to other users should stay local.
--> Just set the UNIX box as the Smart Host in Exchange (see another
post on details).
Incoming mail:
1. all incoming mail to be sent to the UNIX box outside your firewall
2. Any mail destined for your company should be forwarded to the
Exchange server
3. Any mail not destined for your company should be rejected (disallow
relaying)
--> (a) you should never place servers running critical services such as
email outside your firewall. Place the unix server in your DMZ.
--> (b) set your MX records in DNS to point to the external address of
your UNIX server. By that I mean, in your zonefile, the highest
priority MX record should be the external address of your UNIX server.
Your firewall should forward all incoming SMTP to your UNIX box.
--> (c) your UNIX box should host the mail server, my preference is
postfix over sendmail, and this server should accept all mail for your
domains
--> (d) configure Postfix to forward all mail destined for your domains
to your exchange server, whilst rejecting all other destinations (using
transport maps)
I cannot stress Point (a) above too much. The UNIX box should not be
outside your firewall.
Postfix over sendmail: easy to configure, more secure. You can have a
postfix box up and running in about two hours, without much trouble.
Cheers,
Adrian
> -----Original Message-----
> From: Fush Grubber [mailto:fgrubber@xxxxxxxxxxx]
> Sent: Wednesday, 19 January 2005 10:21 PM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Relocation of SMTP Service to a UNIX box
>
> http://www.MSExchange.org/
>
> Hi John,
>
> thanks for your input, but i dont think you understand my scenairio.
>
> First and foremost we dont plan to implement a front end back
> end scenairio Secondly the exchange box sits behind the
> firewall and is secured, Thirdly it is only the unix box that
> hosts the smtp service that sits in front of the firewall.
>
> Since the exchange box is in high use the idea is to take the
> load of processing smtp traffic off the exchange server and
> move it to the unix box, so in essence, all traffic bound for
> outside the local domain will be forwarded to the unix box,
> and when the unix box receives any email it forwards it to
> the exchange box for final delivery.
>
> Thanks, i guess you get a clearer picture now
>
> cheers
>
> >From: "John Tolmachoff (Lists)" <johnlist@xxxxxxxxxxxxxxxxxxx>
> >Reply-To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
> >To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
> >Subject: [exchangelist] RE: Relocation of SMTP Service to a UNIX box
> >Date: Wed, 19 Jan 2005 02:52:05 -0800
> >
> >http://www.MSExchange.org/
> >
> >1. Yes, you can still use Exchange. It is called using a
> front end or
> >gateway.
> >2. Why on earth would you want an e-mail server (any e-mail server)
> >outside the protection of a firewall?
> >
> >John Tolmachoff
> >Engineer/Consultant/Owner
> >eServices For You
> >
> >
> > > -----Original Message-----
> > > From: Fush Grubber [mailto:fgrubber@xxxxxxxxxxx]
> > > Sent: Wednesday, January 19, 2005 2:43 AM
> > > To: [ExchangeList]
> > > Subject: [exchangelist] Relocation of SMTP Service to a UNIX box
> > >
> > > http://www.MSExchange.org/
> > >
> > > Hi all,
> > >
> > > i run a network of about 1000 clients, i have a win2k server with
> > > exch
> >2k
> > > sp4, we also have a pix firewall to ward off unwanted traffic.
> > >
> > > Now the business requires us to move the smtp service from the
> > > exchange
> >box
> > > to a unix box infront of the firewall, hence all mails sent by
> > > clients destined for a domain outside is forwarded to the
> unix box
> > > and all mails from outside will be sent to the unix box
> and the unix
> > > box will forward
> >the
> > > mails to the exchange server which sits behind the firewall.
> > >
> > > Please can i use exchange to do this and if yes how can i achieve
> > > this
> >with
> > > exchange?
> > >
> > > _________________________________________________________________
> > > FREE pop-up blocking with the new MSN Toolbar - get it now!
> > > http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
> > >
> > >
> > > ------------------------------------------------------
> > > List Archives:
> > > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> > > Exchange Newsletters:
> http://www.msexchange.org/pages/newsletter.asp
> > > Exchange FAQ:
> http://www.msexchange.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Other Internet Software Marketing Sites:
> > > World of Windows Networking: http://www.windowsnetworking.com
> > > Leading Network Software Directory: http://www.serverfiles.com
> > > No.1 ISA Server Resource Site: http://www.isaserver.org Windows
> > > Security Resource Site: http://www.windowsecurity.com/ Network
> > > Security Library: http://www.secinf.net/ Windows 2000/NT Fax
> > > Solutions: http://www.ntfaxfaq.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this MSEXchange.org
> Discussion List as:
> > > johnlist@xxxxxxxxxxxxxxxxxxx
> > > To unsubscribe visit
> >http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> > > Report abuse to listadmin@xxxxxxxxxxxxxx
> >
> >
> >------------------------------------------------------
> >List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> >Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> >Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> >------------------------------------------------------
> >Other Internet Software Marketing Sites:
> >World of Windows Networking:
> http://www.windowsnetworking.com Leading
> >Network Software Directory: http://www.serverfiles.com
> >No.1 ISA Server Resource Site: http://www.isaserver.org Windows
> >Security Resource Site: http://www.windowsecurity.com/
> Network Security
> >Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> >http://www.ntfaxfaq.com
> >------------------------------------------------------
> >You are currently subscribed to this MSEXchange.org
> Discussion List as:
> >fgrubber@xxxxxxxxxxx
> >To unsubscribe visit
> >http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> >Report abuse to listadmin@xxxxxxxxxxxxxx
>
> _________________________________________________________________
> Express yourself instantly with MSN Messenger! Download today
> it's FREE!
> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>
>
> ------------------------------------------------------
> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site:
> http://www.windowsecurity.com/ Network Security Library:
> http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org
> Discussion List as: abolzan@xxxxxxxxxxxxxxxxxxxxxxxxx To
> unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx
>
Other related posts:
