Hi Everyone, First, I'd like to thank you for your time in reading this email. I could use some help in planning and rolling out some spam/virus filtering services for our network. We have (2) production mail servers behind an ISA firewall. They are not Exchange boxes and users currently access their mail via POP3, IMAP, SMTP, and Web. I'm setting up a separate machine as either a Message Screener or GFI MailSecurity/MailEssentials server to help eliviate the load that our current mail servers are performing. I'll call this machine "IMF" from here on out. I'm under the impression that with either product (MS or GFI) I will be setting up the SMTP service on a IIS 5.0/6.0 box. I'm familiar with the SMTP service so this is not a problem. I'm also assuming that I will have to add EVERY SINGLE DOMAIN that we receive mail for (around 1,000) to the SMTP service to prevent relay through the IMF Server. So far, so good... I currently require SMTP authentication for my users to send outgoing mail. Most users use the following setup within their POP clients... Incoming Mail Server: mail.thierdomain.com Outgoing Mail Server: mail.thierdomain.com And the MX record points to the appropriate IP of their production mail server. If I roll out an IMF Server, then I'll have to update the 'A' record FROM their current production mail server TO the IP of the new IMF Server. However, my users would not longer be able to relay mail remotely (which is what they all do) as they don't have individual accounts on the IMF Server. I believe this would cause authentication prompts to my customer base and my phone would start ringing like MAD. Am I correct here? Finally, to my questions... Q. Can ISA determine the difference between a remote client sending an email to their SMTP Server AS COMPARED to a remote mail server delivering a new message to our network using SMTP? If so, I could route SMTP client request to their original mail server (to authenticate and send their mail) and other SMTP requests from remote mail servers to go to the IMF Server. If not, I'm thinking that I'll have to add every single user account (thousands) to the IMF box. BTW, our network is using stand alone member servers (not a AD network). Not all users have the ability to relay through their local ISP either, which rules out the possiblity of closing down the relay feature for remote clients. Q. I was also considering the possiblity of keeping the users 'A' record (which is mail.theirdomain.com) to point to the production mail server and then just add a new 'A' record that points to the IMF server and use that as the MX record. However, I've heard that spammers circumvent that by sending directly to mail.somedomain.com without even looking at MX records or even skip the first MX record and send directly to the 2nd (or later record). Ok, I'm beginning to ramble. If you hung with me this far, I really do appreciate it. Any comments or suggestions you might have would be greatly appreciated. Thanks in advance for your time and consideration. Paul L.