RE: hosting own SMTP mail

  • From: "Jeffrey Robillard" <jrobill@xxxxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Tue, 29 Oct 2002 12:30:01 -0500

you would need to use static nat if your firewall does not support mail proxy.  
  static a public ip address which would be advertised in the public dns mx 
list.   this static ip would map to the internal address of your smtp server 
(whether its exchange, groupwise... whatever).   only allow the smtp port 
through unless you wish to do other protocols (pop3, web access, etc).
if you firewall supports mail proxy then the firewall itself would collect all 
the mail and store it in cache.   when its able to contact the internal smtp 
server it would dump it all down to it.   this all happens in real time if your 
internal smtp server is always up.   this way you still get your mail if you 
take your mail server down.   you dont have to use your firewall for this... 
there are other products on the market that do the mail proxy service.   
usually these other products can do filtering for spam, antivirus, etc.   if 
you have a mail proxy then the mx record would point to the publich address of 
the mail proxy server.
as for a test,
open the necessary ports on the firewall for your exchange server and from an 
external machine just telnet to the public address of your mail server.  If you 
get  "220 Microsoft ESMTP MAIL Service, Version: 
5.?.????.???? ready at [date]" then it should be mostly working.  next use 
outlook express from the public side of the network and configure the smtp 
setting to the public address of your mail server.  Try sending mail through to 
different internal users.   If it goes through then you know you can receive 
mail.   Next, change the outlook express smtp setting to "my smtp server 
requires authentication" and type in a valid user that has the ability to send 
mail with SMTP.   Without this you shouldnt be able to send mail to outside 
users  (keep in mind if they reply it will not go back through your mail server 
becuase your public mx record on dns still points to your ISP's mail server) 
because, if configured correctly, exchange doesnt allow relays.    If it works 
with it, then you know you can send mail.
After that... there shouldnt be anything else but a cut over.    
Not sure what the TTL is on your DNS records.   It might take a few days for 
the cut over to actually happen if the TTL is long.   This is because your mail 
servers address (which is currently you ISP) will be cached on other mail 
servers.   Once the TTL expires it will lookup from DNS your mx record again.  
Assuming its changed it will grab that.
This is what I would do anyway.   Others might have easier ways... but its 
pretty straightforward I think.   Honestly though.. I think I would do all this 
behind the firewall first.. on your private lan.   This way you dont have to 
open holes in your firewall until you know positively that things are working 
(except for sending smtp out.. you will need a hole for that).
good luck.
-----Original Message-----
From: Dianne Wernars [mailto:dianne.wernars@xxxxxxxxxxxx]
Sent: Tuesday, October 29, 2002 11:57 AM
To: [ExchangeList]
Subject: [exchangelist] hosting own SMTP mail

This is our setup:
We have a W2K DC with NAT behind the WAN router. I have setup Exchange on a 
member server on the internal network. At present we were using this for 
internal calendar sharing and threaded messages. Our email is hosted by our 
ISP. Now I need to be able to share the calendar remotely and I assume we will 
eventually host our own SMTP mail. So:
1.      If our domain name is and the MX and A records point to on the public DNS server ( this would be our ISP's mail server); 
how could we run a real time pilot with our exchange server on the same domain 
and still receive mail from our ISP hosted mail. Obviously once the pilot 
Exchange works well and we have tested bandwidth, we will eliminate the ISP 
mail server. 

2.      Since our DC hosts NAT and points to our router's public address, would 
the MX record in the public DNS for our Exchange server also point to our 
router's public address? I have some trouble understanding how to route the 
Exchange through the internet. Would it be simpler to use a second network card 
in the Exchange server and assign a public address to that? 
List Archives:
Exchange Newsletters:
Exchange FAQ:
ISA Server Resource Site:
Windows Security Resource Site:
Windows 2000/NT Fax Solutions:
You are currently subscribed to this Discussion List as: 
To unsubscribe send a blank email to $subst('Email.Unsub') 

Other related posts: