Announcement

Collapse
No announcement yet.

Two Exchange servers with a UNIX gateway ?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Two Exchange servers with a UNIX gateway ?

    I have a bit of a problem that I'm finding difficult to arrive at a reasonable solution to! Sorry this is a bit of long post

    Our current setup that works well is as follows. We have a single exchange 2003 server with all our organisations mailboxes on (around 400). Client machines connect to this box. We have a UNIX box serving as a mail gateway, all incoming and outgoing messages go through this box and it the only SMTP box the outside world should see because of a firewall circling the organisation . The Unix box does anti-spam and virus checking and adds a legally required message to all outgoing mail. Internal mail is of course routed inside the exchange box and doesn't get this message added. The Unix box is set as the smart host target for the single default SMTP virtual server on the exchange box.

    New Situation.
    I'm adding a new exchange server which will reduce the load on the old box. Some accounts will be on the new box and some on the old. If I set up both exchange boxes with no Smart Hosts in the SMTP then mail gets routed between the two boxes just fine. However mail is not delivered to the outside world because of the firewall. Besides outgoing mail would not have our legal message added to all mails.

    If I set up both boxes with the UNIX Smart host, mail does go to the outside world but mail is no longer routed between the two boxes. I think this is due to:
    http://support.microsoft.com/kb/919091
    and
    http://support.microsoft.com/kb/323483



    I've got three solutions with number 1 my preferred one:
    1. On each box use routing rules to say that internal mail is delivered without the Smart Host and external mail is. Is there a way to do this ?
    2. Poke some holes in the firewall allowing the exchange boxes to send external mail and add our legal statement to each mail. I understand that in Exchange 2003 this will need a .vbs script to be installed that will impact performance. I'm not so keen on this for security and performance reasons
    3. Hack the registry on each box (as in KB323483) to allow the exchange boxes to use TNEF transfer to the unix box. However this will also mean the UNIX box will need rules for sending incoming mail to the correct server. I'm not so keen on this as it will need to be constantly updated as users are added to the system.
    • So any other solutions ?
    • Any ideas on how to implement number 1 ?
    Many thanks all.

    Andy Cobley
    University of Dundee.

  • #2
    Re: Two Exchange servers with a UNIX gateway ?

    1. open the outgoing port25, and let the exchange servers send directly to the internet, but receive only through the unix box. don't forget to set up mx records for the exchange servers.
    2. the unix box will only receive the emails and after manipulating them, will send them through to the exchange servers.

    had a config like this working for me no problem
    ________
    C70
    Last edited by DYasny; 6th March 2011, 19:21.
    Real stupidity always beats Artificial Intelligence (c) Terry Pratchett

    BA (BM), RHCE, MCSE, DCSE, Linux+, Network+

    Comment


    • #3
      Re: Two Exchange servers with a UNIX gateway ?

      Originally posted by DYasny View Post
      1. open the outgoing port25, and let the exchange servers send directly to the internet, but receive only through the unix box. don't forget to set up mx records for the exchange servers.
      2. the unix box will only receive the emails and after manipulating them, will send them through to the exchange servers.

      had a config like this working for me no problem
      Thanks Dyasny,

      It looks like a plan and one I might go for. It will mean adding a legal statement footer to each outgoing email within exchange.

      However, I'm also starting to look at SMTP connectors on a bridgehead server:

      http://technet.microsoft.com/en-us/l...EXCHG.65).aspx

      Which may also be a solution ?

      Andy

      Comment


      • #4
        Re: Two Exchange servers with a UNIX gateway ?

        why would you need a legal statement on outgoing emails sent by exchange directly, and none on the smarthost relayed emails?

        doesn't make sense really
        ________
        Toyota project genesis history
        Last edited by DYasny; 6th March 2011, 19:21.
        Real stupidity always beats Artificial Intelligence (c) Terry Pratchett

        BA (BM), RHCE, MCSE, DCSE, Linux+, Network+

        Comment


        • #5
          Re: Two Exchange servers with a UNIX gateway ?

          Originally posted by DYasny View Post
          why would you need a legal statement on outgoing emails sent by exchange directly, and none on the smarthost relayed emails?

          doesn't make sense really

          I might be missing something in your topography ! As I understand it your suggesting

          The exchange servers send mail out to the Outside world directly through the firewall but mail can't come back in that way. Internal mail is routed between the servers as normal. So mail leaving the organisation needs the legal statement.

          Incoming mail comes in through the UNIX gateway and then to the exchange servers.

          Is that right ?

          Andy

          Comment


          • #6
            Re: Two Exchange servers with a UNIX gateway ?

            right, well, why do you need to add the legal disclaimer on the exchange box, if you can simply have everyone add it to their signature?
            ________
            Mercedes-benz r107
            Last edited by DYasny; 6th March 2011, 19:21.
            Real stupidity always beats Artificial Intelligence (c) Terry Pratchett

            BA (BM), RHCE, MCSE, DCSE, Linux+, Network+

            Comment


            • #7
              Re: Two Exchange servers with a UNIX gateway ?

              Originally posted by DYasny View Post
              right, well, why do you need to add the legal disclaimer on the exchange box, if you can simply have everyone add it to their signature?
              Because it would be illegal for a message to come form our server without it. At least thats the position that the legal department here have taken. The message in this case is a statement that the University of Dundee is a Scottish registered charity.

              We can't afford for someone to forget to put it in their signature.

              Andy

              Comment


              • #8
                Re: Two Exchange servers with a UNIX gateway ?

                http://www.msexchange.org/software/Disclaimers/

                doesn't look like too much overhead to me really
                ________
                VOLCANO VAPORIZERS
                Last edited by DYasny; 6th March 2011, 19:21.
                Real stupidity always beats Artificial Intelligence (c) Terry Pratchett

                BA (BM), RHCE, MCSE, DCSE, Linux+, Network+

                Comment


                • #9
                  Re: Two Exchange servers with a UNIX gateway ?

                  Sorry if I misinterpreted this, but my last company had the same setup: two Exchange servers that sent and received email via Unix-based perimeter servers. I know you can get this to work.

                  The way I had it set up was to pick one of the two Exchange servers to be the "main" SMTP server to talk to the smarthost/Unix box. Then I told both servers to allow relaying only from the other server (in the preferences for the SMTP connector on each server), which should allow inter-Exchange transfers.

                  Messages between people in your Exchange domain should go just as if they were being routed via SMTP. No changes otherwise, so you should be able to leave the smarthosts in place too.

                  Sound good?

                  -Rob

                  Comment


                  • #10
                    Re: Two Exchange servers with a UNIX gateway ?

                    Originally posted by rengler View Post
                    The way I had it set up was to pick one of the two Exchange servers to be the "main" SMTP server to talk to the smarthost/Unix box. Then I told both servers to allow relaying only from the other server (in the preferences for the SMTP connector on each server), which should allow inter-Exchange transfers.
                    Yes it does, I think the clue is in the SMTP connector. Some reading is needed on my part I think.

                    Andy

                    Comment

                    Working...
                    X