Re: Installing a spam appliance between Exchange Servers

Thank you again for your quick response, Bharat.
I guess I knew that OWA had nothing to do with SMTP. Working for a school
district, I quite often have half a dozen things going on at once and the
common sense stuff gets temporarily forgotten. Not that I'm trying to make
any excuses! Thanks again to you and all that provided input and advice.

"Bharat Suneja [MVP]" wrote:

One doesn't have anything to do with the other. SMTP is port 25, OWA is
HTTP/HTTPS (80/443 well-known ports... unless changed).

Again, the reason for adding the appliance is a) it becomes the entry/exit
point for internet mail b) drop a major chunk of spam at the gateway (the
appliance) c) not expost Exchange SMTP servers to the internet directly.

OWA security is a different topic altogether - generally not a good idea to
locate Front-Ends (for OWA) in perimeter networks.

CAS In DMZ Redux: Time For an OWA Appliance?
http://exchangepedia.com/blog/2007/05/cas-in-dmz-redux-time-for-owa-appliance.html

Locating Exchange Server 2007 CAS role in the perimeter?
http://exchangepedia.com/blog/2007/03/locating-exchange-server-2007-cas-role.html
--
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
exchangepedia.com/blog
------------------------------


"Paul" <Paul@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:99D3E20B-2887-4EF1-BF57-31F96BAEC9B5@xxxxxxxxxxxxxxxx
Thank you for your quick response Bharat.
The appliance is a Barracuda spam firewall and can direct messages to the
back-end server. Wouldn't this re-establish, in an indirect way, the link
between the front-and back-end servers? If I make the appliance the
'mail.'
host pointing to the internet and direct messages to the front-end server,
how would this affect Outlook Web Access connections from outside the
private
network?
Thanks again-Paul

"Bharat Suneja [MVP]" wrote:

The Front-End server can redirect to the spam appliance if you add it as
a
smarthost on the SMTP virtual server of the Front-End. However, this will
break Exchange's message routing from FE to BE, and isn't likely to be
supported by most anti-virus/anti-spam appliances.

Generally such appliances are the entry-points for inbound internet mail
(and can also be used as the exit points for outbound internet mail).
--
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
exchangepedia.com/blog
------------------------------


"Paul" <Paul@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:CE836CD3-1226-48F0-9418-25DD831253D6@xxxxxxxxxxxxxxxx
I work for a public school district and am trying to place a
spam/antivirus
appliance between my front-end and back-end exchange servers on a
private
network. Both servers are running Exchange 2003 SP2. The front-end
server
is the entry point for all internet sourced messages. I want to
redirect
the
messages received by the front-end server queue to the spam appliance
then
forward them to the back-end server. (The appliance manufacturer
technical
support group claims they do not provide support for this part of the
setup.)
I think I have the path for the appliance-to-back-end server set up
correctly. How do I configure the front-end server to redirect
messages
to
the spam/av appliance? Is this even the best way to go about
integrating
the
filter?




.

Relevant Pages

  • Re: Installing a spam appliance between Exchange Servers
    ... The Front-End server can redirect to the spam appliance if you add it as a smarthost on the SMTP virtual server of the Front-End. ...
    (microsoft.public.exchange.admin)
  • Re: Installing a spam appliance between Exchange Servers
    ... the reason for adding the appliance is a) it becomes the entry/exit point for internet mail b) drop a major chunk of spam at the gateway c) not expost Exchange SMTP servers to the internet directly. ... OWA security is a different topic altogether - generally not a good idea to locate Front-Ends in perimeter networks. ... Locating Exchange Server 2007 CAS role in the perimeter? ... > messages received by the front-end server queue to the spam appliance> then ...
    (microsoft.public.exchange.admin)
  • Re: AD Site Criteria and DFS
    ... server appliance in the "datacenter" and a remote appliance in the branch ... The appliance runs windows and to the users in the branch it looks ... like a windows file server. ... into the datacenter file servers. ...
    (microsoft.public.windows.server.active_directory)
  • Re: AD Site Criteria and DFS
    ... server appliance in the "datacenter" and a remote appliance in the branch ... like a windows file server. ... into the datacenter file servers. ... "Anthony" wrote: ...
    (microsoft.public.windows.server.active_directory)
  • Re: AD Site Criteria and DFS
    ... Packeteer's IShared appliance is suited for CIFS over the WAN. ... like a windows file server. ... into the datacenter file servers. ... the remote they get optimized accross the WAN then stored on a cached volume ...
    (microsoft.public.windows.server.active_directory)