Re: Installing a spam appliance between Exchange Servers

Paul,

NP, and that wasn't the implication... :)

Another important detail that many folks either don't know or overlook is the fact that SMTP is not "front-ended" like other protocols (POP3, IMAP4 and HTTP/HTTPS for OWA, RPC over HTTP, OMA and Exchange ActiveSync). In other words, if you don't route outbound traffic through a FE running SMTP by making it a Bridgehead, or route inbound SMTP by making it a target of MX record, SMTP serves no purpose on a FE and can safely be disabled.
--
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
exchangepedia.com/blog
------------------------------


"Paul" <Paul@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:50B9607F-1566-4308-A391-B30466E754A6@xxxxxxxxxxxxxxxx
Thank you again for your quick response, Bharat.
I guess I knew that OWA had nothing to do with SMTP. Working for a school
district, I quite often have half a dozen things going on at once and the
common sense stuff gets temporarily forgotten. Not that I'm trying to make
any excuses! Thanks again to you and all that provided input and advice.

"Bharat Suneja [MVP]" wrote:

One doesn't have anything to do with the other. SMTP is port 25, OWA is
HTTP/HTTPS (80/443 well-known ports... unless changed).

Again, the reason for adding the appliance is a) it becomes the entry/exit
point for internet mail b) drop a major chunk of spam at the gateway (the
appliance) c) not expost Exchange SMTP servers to the internet directly.

OWA security is a different topic altogether - generally not a good idea to
locate Front-Ends (for OWA) in perimeter networks.

CAS In DMZ Redux: Time For an OWA Appliance?
http://exchangepedia.com/blog/2007/05/cas-in-dmz-redux-time-for-owa-appliance.html

Locating Exchange Server 2007 CAS role in the perimeter?
http://exchangepedia.com/blog/2007/03/locating-exchange-server-2007-cas-role.html
--
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
exchangepedia.com/blog
------------------------------


"Paul" <Paul@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:99D3E20B-2887-4EF1-BF57-31F96BAEC9B5@xxxxxxxxxxxxxxxx
> Thank you for your quick response Bharat.
> The appliance is a Barracuda spam firewall and can direct messages to > the
> back-end server. Wouldn't this re-establish, in an indirect way, the > link
> between the front-and back-end servers? If I make the appliance the
> 'mail.'
> host pointing to the internet and direct messages to the front-end > server,
> how would this affect Outlook Web Access connections from outside the
> private
> network?
> Thanks again-Paul
>
> "Bharat Suneja [MVP]" wrote:
>
>> The Front-End server can redirect to the spam appliance if you add it >> as
>> a
>> smarthost on the SMTP virtual server of the Front-End. However, this >> will
>> break Exchange's message routing from FE to BE, and isn't likely to be
>> supported by most anti-virus/anti-spam appliances.
>>
>> Generally such appliances are the entry-points for inbound internet >> mail
>> (and can also be used as the exit points for outbound internet mail).
>> -- >> Bharat Suneja
>> MVP - Exchange
>> www.zenprise.com
>> NEW blog location:
>> exchangepedia.com/blog
>> ------------------------------
>>
>>
>> "Paul" <Paul@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:CE836CD3-1226-48F0-9418-25DD831253D6@xxxxxxxxxxxxxxxx
>> >I work for a public school district and am trying to place a
>> >spam/antivirus
>> > appliance between my front-end and back-end exchange servers on a
>> > private
>> > network. Both servers are running Exchange 2003 SP2. The front-end
>> > server
>> > is the entry point for all internet sourced messages. I want to
>> > redirect
>> > the
>> > messages received by the front-end server queue to the spam >> > appliance
>> > then
>> > forward them to the back-end server. (The appliance manufacturer
>> > technical
>> > support group claims they do not provide support for this part of >> > the
>> > setup.)
>> > I think I have the path for the appliance-to-back-end server set up
>> > correctly. How do I configure the front-end server to redirect
>> > messages
>> > to
>> > the spam/av appliance? Is this even the best way to go about
>> > integrating
>> > the
>> > filter?
>>
>>



.

Relevant Pages

  • Re: Cannot reply/forward in OWA - Page cannot be displayed
    ... I understand all the pictures in the OWA ... IE, go to Tools -> Internet Options menu, go to Advanced tab, move down the ... Check if OfficeScan is installed on the SBS server. ... Microsoft is providing this information as a convenience to you. ...
    (microsoft.public.windows.server.sbs)
  • Re: Web publishing rules are not created with the internet conection wizard
    ... Finishes and there is no web publishing rules in the ISA Management Console. ... In this server i have a Dynamic DNS client and it is configured ... When i try to connect to the OWA thougt the Internet Explorer 6 i recibe ...
    (microsoft.public.windows.server.sbs)
  • Re: ICMP error when trying to access OWA on SBS 2003 Premium
    ... The Default Web Site is set to listen on the internal IP of the SBS server ... OWA publish rule or IIS manually. ... entire Web site from the Internet" is selected. ...
    (microsoft.public.windows.server.sbs)
  • Re: IIS issues? OWA?
    ... I know that your OWA and Companyweb stop working. ... you restart server, they work again. ... When you open IIS, can you see the Default Web Site and Compnayweb ... and go through the Internet option. ...
    (microsoft.public.windows.server.sbs)
  • RE: ICMP error when trying to access OWA on SBS 2003 Premium
    ... we do not need to configure the certificate or ISA ... OWA publish rule or IIS manually. ... On the SBS 2003 Server open the Server Management console. ... Click the "Connect to the Internet" link. ...
    (microsoft.public.windows.server.sbs)