Re: Exchange - multiple relay?

Inline...

"Paulo" <Paulo@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:61714FE6-442D-40F2-8959-6A574D15B60F@xxxxxxxxxxxxxxxx
Hi Cliff, thank you for your input.

1) Yes, I want to change the way I send mail from a forward to ISP to DNS.
That makes me change DNS and MX cause of reversedns and other spam security
checks.
MX is strictly for incoming mail. No need to change it. Reverse DNS is *usually* handled by your ISP. rDNS flagging spam is rare. It doesn't need to match your domain, only needs to *exist.* So, unless your ISP has *no* ptr records for your ISP, your are golden. No need to change DNS or MX records. Just verify there is an rdns record for your IP...which you can do from any public-facing machine and nslookup. :)



2) If my exchange sends mail by DNS it has to be accessible from the
outside, right? I opened my firewall in port25 for the servers IP for it to
work.
There is a difference between incoming and outgoing traffic. Most firewalls allow outgoing traffic. You only need to open port 25 incoming if you want to receive email directly to the server. There are many benefits to this as well, but is entirely a different conversation than the one you started. So, for the matter at hand, the answer is no. Your firewall does not need to be listening for an incoming port 25 connection for outgoing mail.

3) The second machine outside our LAN is not an exchange box, just a
server2003 with smtp. I also agree with you qith the load balance. I've
lookup some routers with dual wan and load balance, maybe this could help me.
Yep.

4) It's 50 users sending newsletters and press releases to thousends of
adresses (again, not spam...) some of them with 4MB attahments... The router
graphics don't lie! When they it the send button the traffic goes to the top
and stays there until the exchange queue is clean. "Unfortunatly" is not a
virus...
If your router can support QoS, I'd use this first. The for meg attachments are what is killing you, for sure, but I'd look at solving the problem with traffic shaping or using Exchanges delayed sending feature. Send the stuff at midnight when it won't impact business, or have the router cap SMTP traffic at 300kbps. Both of these solutions would resolve your issue without introducing the complexity of load balancing outgoing traffic.

-Cliff


--
Paulo


"Cliff Galiher" wrote:

A couple of things:

1) Inbound traffic and outbound traffic are two different things. It sounds
like you want to change how you send mail, so MX and DNS will not change.

2) Along those lines, keeping your exchange box inaccessible from the
outside in this scenario is also easy to do, but is a configuration for your
firewall, not exchange itself.

3) Adding a second exchange box won't help you with two links. The problem
is that exchange's message delivery, even with multiple machines, would be
decided *before* netowrk load was taken into account, and complicating your
setup as well...for little gain. You should instead be configuring your
front-end device (ISA, router, firewall appliance) for network load
balancing. That way a single exchange box can do what it does, look up MX
records, request to open an SMTP connection, and the firewall can decide
which link to open that SMTP connection through.

4) 700kbps upstream is a lot of bandwidth for mail in an SBS environment.
One of my smaller customers is a 5-machine SBS client, but runs a mailing
list with hundreds of thousands (100,000+) subscribers...and they only have
a 256k link. It can take about an hour to send their newsletter when it
fires off...but all of that happens on the sending end, so receiving servers
aren't having issues. Are you sure you don't have othe problems??
Compromised client saturating your bandwidth??

-Cliff

"Paulo" <Paulo@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BD36002B-97CC-4311-A2E6-B16F94600466@xxxxxxxxxxxxxxxx
> Hi trhere!
> It's a "business connection" for the ISP but it's ADSL 24Mbps download > and
> 1Mbps upload (true is 700Kbps) with fixed IP.
>
> Using a smarthost gives me a problem cause whenenver there is a > faillure
> the
> providers "never have problems", it´s allways on the client side.
> Meanwhile
> the time passes and I can´t solve things and people try to kill me in
> these
> parts...
>
> Anyway, the smarthost will allways be limited by my upload speed and on
> this
> side of the world my connection costs about 100$USD and a 2Mbps/2Mbps
> costs
> 1000$USD!
>
> I would prefer have the relays on my side and preferibly 2 internet
> connections.
> -- > Paulo
>
>
> "Cris Hanna (SBS-MVP)" wrote:
>
>> You could explore using a different SMTP SmartHost
>> http://www.dyndns.com/services/mailhop/outbound.html
>>
>> is yoru SBS server connected to the internet on a residential or >> business
>> connection??
>>
>> -- >> Cris Hanna [SBS-MVP]
>> -------------------------------------------------
>> Microsoft MVPs
>> Independent Experts (MVPs do not work for MS)
>> Real World Answers
>> ---------------------------------------------------------
>> Please do not contact me directly regarding issues
>>
>>
>> "Paulo" <Paulo@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:83FCB643-2DD1-4644-A26D-37C72D2D67D1@xxxxxxxxxxxxxxxx
>> Hi All.
>> I´ve an SBS2003 with exchange working fine with pop3 conector and an
>> smpt
>> relay to my ISP. This works fine until my ISP start restricting mail
>> sending
>> (recipient per message, mails for hour, ...)
>> Because pur company needs to send a large number of emails [we are >> not
>> spammers : ) ] we need to change this solution.
>> So I tested using exchange to send mails directly what worked fine
>> until our
>> upload reached the limit.
>>
>> How the ideia was to test, it's all right but i don´t want to leave >> my
>> exchange reachable from the internet for security and performance
>> reasons so
>> I need your input.
>>
>> Putting a 2003 (or 2008) server with smtp on a dmz and use relay is >> the
>> logical thing to do but...
>> - Were can I get all the info on how to set this up with security?
>> - Is it possible to use two fixed ip internet connections
>> simultaneously to
>> have more upload speed (dedicated lines are expensive)?
>> - If so, what should the MX record and DNS look like?
>>
>> Sorry for all the questions but I would like to do this by the >> rules!
>> Thanks in advance.
>> -- >> Paulo


.