Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Edge Transport Server to Send only from a DMZ

Status
Not open for further replies.
Jan 2, 2001
18
GB
I'm a Noob to Exchnage and it's working and I need a little help. I have been tasked with installing an Edge Transport Server in the DMZ so that our web servers can email externally. I don't need it to recieve, and it not going to interface with any of our current Exchange 2003 setup.

The steps I have done so far was to create the server in the DMZ, I configured the recieve smtp connector to allow the sending domain(e.g. test.co.uk), I then pointed the SMTP sender to a smarthost. I finished it all off by testing from telnet, thunderbird, and IIS. All happily sent the message, but nothing was recieved. I'm not sure if the smarthost is rejecting the request and the FQDN of the host is just garbage might be having something to do with it. Where would I start looking (only just turned logging on as it was off for some reason)

Cheers for browsing
Paul
 
so that our web servers can email externally.
It's not needed just to be able to send externally.

I then pointed the SMTP sender to a smarthost.
Why? Turn that off and see what happens.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
Hi Sniper,

Sorry wasn't very clear and I used the web servers as an example. We have IIS server, custom apps etc in the DMZ that drop their messages onto an SMTP queue, which isn't reliable. I think that the edge server was proposed as a replacement.

So if I turn off the smarthost and just let it use the MX record for the sender it should work?

Also what if I wanted to point the sender to another smtp queue on another appliance, just wondering for testing as someone already got us blacklisted once for testing directly to the ISP. :)


 
MX record method is the default way of doing things. When you involve a smart host, troubleshooting is more difficult because you have more moving parts involved.

Remove it, try sending some mail through it, and check the queues.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
Or dump the Edge completely and have your DMZ hosts send via smarthost...

Is the receive connector configured on the Edge to permit this traffic by any other criteria besides domain name? Are you sending to the Edge with authentication, or without?

Are you seeing anything sitting in the queues on the Edge? Have you turned on logging on the Edge to see where the mail is going?

Dave Shackelford
ThirdTier.net
 
Just use a send connector off the HT and tick the anonymous box.
 
You mean a receive connector off the HT? That's a good idea, but you'll also want to make sure that it's a NEW receive connector and not one of the default two.

Dave Shackelford
ThirdTier.net
 
I generally also give it a different FQDN so that when I'm connecting to it, it's easier to tell what connector it is.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
When you say HT do you mean Hub Transport? If so we don't have one, we are purely a 2003 enviroment, this is the first bit of 2007 that is going to be installed.

The reason that we are not sending it directly to the smarthost is that we need to have full control and logging of what was sent, when and to whom (some of the applications don't log themselves) also we have a few datacentres which will have the edge hosts in and resiliance will be setup at the the network appliance level.

At present the receive connector is configured only for domain, I have turn on logging, but haven't had a chance to look at it as I got pulled away and this was made priority 2 on my list. Was trying to get a heads up for when I start looking at it again.

I think that you have all helped, and that it will give me enough to be getting on with when I come back to it. I bet it won't be the end of it though. :)

Any more pointer greatly recieved.

thanks again and Cheers
 
If you have a 2007 box and want to move emails around, you'll be needing an HT.

For logging, you'd be well placed to use something like GFI.
 
That is not what MS told us, if I only want to send and not recieve emails, and I only authoize via the domain name of the sender, then according to them I wouldn't need a HT. I'm basically using the Edge as a relay, but with a little more control.



 
I certainly wouldn't have recommended that scenario, since you could accomplish pretty much the same thing with Exchange 2003. Edge doesn't get you much for outbound - it's designed more for message hygiene (spam, AV, etc), and focuses a LOT on inbound traffic.

Further more, many of the features, such as safelist aggregation, ADAM, etc., require an HT box.

It makes NO sense to send email to an Edge box (basically a smart host in your scenario), and then have that box send to another smart host.

You can do full logging at the 2003 level and dump to a smart host.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
the boxes that would use the edge server have no idea of the Exch 2003 infrastructure, and cannot connect to it. At the moment they are relaying it though an IIS to then to the ISP. I was going to replace the IIS server with a Edge Server, this then forwards to the ISP instead (MX record, not smart host in the final solution) the relaying from edge to smarthost was for testing, as i didn't want to point it directly at the ISP for this phase of the project.
 
I got it working, and without HUB Transport server. The only issue that has let me down is that I cannot add a disclaimer (this needs a HUB Transport server) :eek:(
 
Hi 58sniper

I should have mentioned that I got the edge server working on it's own. Just the disclaimer bit let me down. How can I do it on the edge server, from what I have read and looking at in the rules, they don't seem to allow it and the only reference I can find is that I need to create a custom transport agent.

Thanks for everyones help, on the Edge server bit.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top