Announcement

Collapse
No announcement yet.

How to setup a front end server?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to setup a front end server?

    Hi all,

    I need some help. Our company decided to setup a frontend server in the DMZ to relay mail and filter it for spam but I have never done this before and I am not sure how to proceed.
    Current setup is 1 Exchange 2003 server with about 180 mailboxes. It has ports 110 and 25 open thru our firewall to let mail in. It also does our spam filtering. The DNS entries point to it as the authorative server for our domains. How do I put another server in between and have it relay mail?

    Do I need to setup Exhange on the DMZ server? Does the IIS Virtual SMTP server that it installed on it need SMTP relay configured?



    Any help will be apreciated.

  • #2
    Re: How to setup a front end server?

    Originally posted by lwnemesis View Post
    Hi all,

    I need some help. Our company decided to setup a frontend server in the DMZ to relay mail and filter it for spam but I have never done this before and I am not sure how to proceed.
    Current setup is 1 Exchange 2003 server with about 180 mailboxes. It has ports 110 and 25 open thru our firewall to let mail in. It also does our spam filtering. The DNS entries point to it as the authorative server for our domains. How do I put another server in between and have it relay mail?

    Do I need to setup Exhange on the DMZ server? Does the IIS Virtual SMTP server that it installed on it need SMTP relay configured?



    Any help will be apreciated.
    im a little lost... if your company set up a front end for you, what is there left to figure out?

    first thing you need to do is:
    UTFSE and

    petri has more than enough to get you started, and answers all your questions.

    the only thing you need to do to set up a front-end server is click the switch. seriously.

    if you have any say so, you may want to reconsider the placement of the FE in the DMZ. take a look at a few of the ports required, and see if you still wanna go that route: (refer here for a more complete listing http://support.microsoft.com/kb/278339/ )
    • 53 (Transmission Control Protocol [TCP], User Datagram Protocol [UDP]) - Domain Name System (DNS).
    • 80 (TCP) - Required for Outlook Web Access access for communication between front-end and back-end Exchange servers.
    • 88 (Transmission Control Protocol [TCP], UDP) - Kerberos authentication.
    • 123 (UDP) - Windows Time Synchronization Protocol (NTP). This is not required for Windows 2000 logon capability. However, it may be configured or required by the network administrator.
    • 135 (TCP) - EndPointMapper.

    so maybe see if you can have the server located somewhere inside the DMZ...

    looks like you have some reading to do, good luck!
    • 389 (TCP, UDP) - Lightweight Directory Access Protocol (LDAP).
    • 445 (TCP) - Server message block (SMB) for Netlogon, LDAP conversion, and Microsoft Distributed File System (DFS) discovery.
    • 3268 (TCP) - LDAP to global catalog servers.
    • One port for the Active Directory logon and directory replication interface (universally unique identifiers [UUIDs] 12345678-1234-abcd-ef00-01234567cffb and 3514235-4b06-11d1-ab04-00c04fc2dcd2). This is typically assigned port 1025 or 1026 during startup. This value is not set in the DSProxy or System Attendant (MAD) source code. Therefore, you must map the port in the registry on any domain controllers that the Exchange server must contact through the firewall to process logons. Then, open the port on the firewall.
    Last edited by James Haynes; 8th September 2007, 07:40.
    its easier to beg forgiveness than ask permission.
    Give karma where karma is due...

    Comment


    • #3
      Re: How to setup a front end server?

      Why are you putting a frontend server in the DMZ? Do you think that is the best place for it? Do you think your network is more secure?

      If you do then you are deluded. It is not more secure, it actually reduces the security of your network.

      See my blog posting on this issue here: http://www.sembee.co.uk/archive/2006/02/23/7.aspx

      Simon.
      --
      Simon Butler
      Exchange MVP

      Blog: http://blog.sembee.co.uk/
      More Exchange Content: http://exchange.sembee.info/
      Exchange Resources List: http://exbpa.com/
      In the UK? Hire me: http://www.sembee.co.uk/

      Sembee is a registered trademark, used here with permission.

      Comment


      • #4
        Re: How to setup a front end server?

        Originally posted by Sembee View Post
        Why are you putting a frontend server in the DMZ? Do you think that is the best place for it? Do you think your network is more secure?

        If you do then you are deluded. It is not more secure, it actually reduces the security of your network.

        See my blog posting on this issue here: http://www.sembee.co.uk/archive/2006/02/23/7.aspx

        Simon.
        thank you sembee, that is exactly what i wanted to put up as a link, but i misplaced the bookmark...

        i actually used your write-up as defense in my keeping-my-exchange-inside-the-firewall speech. thanks btw
        its easier to beg forgiveness than ask permission.
        Give karma where karma is due...

        Comment

        Working...
        X