 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Server Forum / Exchange Server / Design / April 2006Exchange Server Behind a smart host
I have an Exchange 2003 Server which sits behind a series of smart unix hosts which filter spam coming in from the internet. Our external gateway queries Active Directory so that it has a list of valid email addresses that it will accept mail from. All this works great. However, coming from the other direction Exchange is configured to send all mail it can't deliver locally to a smart host. The problem occurs when there is a mail sent to an misspelled or non-existent internal email address. Exchange can't deliver it so it sends it to the smart host, and the smart host sends it back because it knows Exchange is in charge of delivery for the internal domain, except for a few addresses which it handles on its own. This continues until the smart host realizes a loop is being created and tells the Exchange server to stop. Is there a way I can configure Exchange so that it knows not to try to send mail to the smart host if it is an email destined for an internal address (except for a few exception addresses)? Are those exception addresses the ones hosted on the smarthost? - If yes, you can assign those addresses secondary email addresses/aliases on the smarthost - something like user@something.yourdomain.com. - Make Exchange Authoritative for the domain by check "This Exchange Organization is responsible for all delivery to this address" - and make sure it doesn't deliver unresolved email to the smarthost. - Create Contacts for the addresses hosted on the smarthost, add their secondary/alias addresses (user@something.yourdomain.com) that you assigned on the smarthost as proxyAddresses for these Contacts - Create a Connector for address space something.yourdomain.com and insert the smarthost's fqdn/ip address as a smarthost. Now Exchange is authoritative for the domain yourdomain.com and does not send unresolved mail to the smarthost, but knows how to send mail for those Contacts to the smarthost.  SignatureBharat Suneja MVP - Exchange www.zenprise.com NEW blog location: www.exchangepedia.com/blog ---------------------------------------------- >I have an Exchange 2003 Server which sits behind a series of smart unix >hosts [quoted text clipped - 21 lines] > (except > for a few exception addresses)? Thank you for your response. The only problem I have with your solution is that I still want the Exchange server to send mail to the smart host instead of directly to the internet because content filtering is done here. Is it possible for this to be setup this way under your solution? Also Where do I set it to be authoritative for a particular domain - is that in in the Exchange server properties or under the SMTP virtual server settings? I have no problems with creating contacts for my exceptions, but I still want all mail to be routed through my smart hosts. Thanks again. Inline. SignatureBharat Suneja MVP - Exchange www.zenprise.com NEW blog location: www.exchangepedia.com/blog ---------------------------------------------- > Thank you for your response. The only problem I have with your solution > is > that I still want the Exchange server to send mail to the smart host > instead > of directly to the internet because content filtering is done here. Is it > possible for this to be setup this way under your solution? - Sure. Outbound internet mail will still go out through a SMTP Connector with address space *, you will need to specify the smarthost on the Connector. Also Where do I > set it to be authoritative for a particular domain - is that in in the > Exchange server properties or under the SMTP virtual server settings? - In Recipient Policies - find the policy for that smtp domain and check "This Exchange Organization is responsible for all mail delivery for this address" - In SMTP virtual server propoerties | Messages tab - make sure the field "Forward all mail with unresolved recipients to host" is left blank. I have > no problems with creating contacts for my exceptions, but I still want all > mail to be routed through my smart hosts. Thanks again. - All mail for Exchange recipients @yourdomain.com will be delivered locally - All mail for Contacts that will have the primary email address @something.yourdomain.com, and an additional smtp address @something.yourdomain.com will be routed over the Connector for @something.yourdomain.com to your smarthost - All mail for non-existent/mis-spelt recipients @yourdomain.com (for which there are no Exchange recipients and no Contacts pointing to @something.domain.com) will NOT be sent to your smarthost. Since Exchange is authoritative for that domain, it will generate a NDR because no recipients found and no alternate path to @yourdomain.com. This will resolve the issue of such mail being bounced between the smarthost and Exchange till it reaches max hop-count. - All mail for all other domains will be delivered using the SMTP Connector for address-space * to your smarthost Correction: > - All mail for Contacts that will have the primary email address > @yourdomain.com, and an additional smtp address @something.yourdomain.com > will be routed over the Connector for @something.yourdomain.com to your > smarthost SignatureBharat Suneja MVP - Exchange www.zenprise.com NEW blog location: www.exchangepedia.com/blog ---------------------------------------------- > Inline. > [quoted text clipped - 40 lines] > - All mail for all other domains will be delivered using the SMTP > Connector for address-space * to your smarthost One last question - when I go under recipient polices to make the change it looks like the smtp @mydomain.com is already checked as "This Exchange Organization is responsible for all mail delivery to this address." So it would seem that it shouldn't be trying to mail outside the exchange organization at all for address @mydomain.com. The only reference I have to my smart host is in the Internet Mail SMTP Connector which says forward all mail through this connector to the following smart hosts and it has the * for the smtp addresses. I noticed my exchange server name in the local bridgehead, does that look right. Another thing to note that in the SMTP virtual server properties Messages tab there was an entry in the "forward all maill with unresolved recipients to host" which was for a defunct mail server that was removed before I arrived at this job. I removed it. Perhaps it was somehow responsible for mail destined for @mydomain.com getting to the smarthost? Inline. SignatureBharat Suneja MVP - Exchange www.zenprise.com NEW blog location: www.exchangepedia.com/blog ---------------------------------------------- > One last question - when I go under recipient polices to make the change > it [quoted text clipped - 9 lines] > the smtp addresses. I noticed my exchange server name in the local > bridgehead, does that look right. Yes, the above is the way it should be. Bridgeheads are responsible for delivering mail over the Connector - if DNS is selected, they delivery directly, if smarthost is selected and a fqdn/ip address of a smarthost entered, they deliver to the smarthost. > Another thing to note that in the SMTP > virtual server properties Messages tab there was an entry in the "forward [quoted text clipped - 5 lines] > somehow responsible for mail destined for @mydomain.com getting to the > smarthost? Not sure. If the defunct mail host still existed and accepted smtp connections, and then delivered it to the smarthost, yes. Take a look at the mail headers for such messages and see where they went from the bridgehead. Can also check SMTP logs on the bridgehead, on the smarthost, and if the defunct mail host still exists then check logs on it as well. |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.