Re: ISA Server 2004, Exchange 2003, RPC over HTTP, SMTP lockdown
- From: "Shijaz Abdulla [MVP]" <shijaz@xxxxxxxxxx>
- Date: Wed, 3 Jan 2007 21:46:35 +0300
Hi,
If the MessageLabs server/box/thing has 2 NICs:
Put the MessageLabs in parallel to the ISA with one NIC sticking into your internal network and the other NIC connected to your internet router/gateway (just like ISA is connected now). Set the default gateway of your Exchange server to the internal IP of your MessageLabs and on your SMTP connector, set the smart host to the internal IP of the MessageLabs device within square brackets [ ]. Set your internet router/gateway to forward all SMTP traffic it receives to the external IP of the MessageLabs box. Configure your MessageLabs box to relay to your exchange server.
Publishing OWA, OMA, ActiveSync and RPC over HTTP will be on the ISA and will have nothing to do with you messageLabs.. It will only handle SMTP traffic. However, since you are going to use a different gateway for your SMTP and a different gateway for OWA/OMA/RPC-HTTP, you will need a separate dedicated exchange server for your web access with default gateway set as ISA Server internal IP.
If the MessageLabs server/box/thing has only 1 NICs:
Well you really can't *avoid* the ISA in this scenario. You can put the box behind your ISA Server, just like any of your other servers. Create a mail server publishing rule for SMTP so that ISA forwards all SMTP traffic to the MessageLabs box. The MessageLabs box in turn should be configured to filter & relay to the Exchange backend.
However, to publish the OWA, OMA, ActiveSync and RPC/HTTPs create another publishing rule that forwards requests directly to the Exchange server.
HTH
--
Shijaz Abdulla
MVP, MCSE:Security, CCNA
Articles: www.shijaz.com/isaserver
Forums: www.tech-links.org
"If the only tool you have is a hammer, every problem begins to look like a nail."
"JosephV" <JosephV@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:DC4CF21D-E9F0-46BC-930B-9BA8C9A957D8@xxxxxxxxxxxxxxxx
Systems: ISA Server 2004 & Exchange 2003. All email is supposed to pass
through MessageLabs before getting to our ISA Server and to the Exchange
Server. However, according to some headers from spam messages some spam
email goes directly to our ISA Server. What do I have to configure
specifically so
that mail is ONLY received and sent only from MessageLabs? They already
provided me with the IP ranges so I just need to know how to set ISA Server
for this. Also, this should not interfere with functionality of Outlook
using RPC over HTTP.
.
- Prev by Date: Publishing Reporting Services
- Next by Date: Re: ISA 2006: Secure Web publishing, client certificates
- Previous by thread: Publishing Reporting Services
- Next by thread: Re: ISA 2006: Secure Web publishing, client certificates
- Index(es):
Relevant Pages
|
