Hello All

We have a requirement to route outbound internet email from Exchange
2003.

As a solution I have decided to build 2 Exchange BH servers and install
an SMTP connector wich utilises both these virtual servers.

These 2 BH servers will be on our internal network and will send mail
out directly to the internet. The firewall policy will only allow port
25 from these servers outbound to the internet.

These 2 BH servers will also run Antigen 9.0 for AV protection and
possibly we will inplement either IMF or the Antigen spam module for a
second level of spam protection for the Internet mail we receive via
our parent company.

Does this sound like a good solution?

I have gone through loads of other possible designs but have settled on
this. One of the other designs included having an SMTP gateway on our
DMZ which the Exchange clusters virtual server relayed too. I decided
that as we do not need to provide for incoming internet email (as that
is routed to us internally by the parent company) it is pointless
installing a box on the DMZ, this would just make it harder to manage
as opposed to providing any security benefit as connections are
outbound only

Incoming mail that we receive from our parent company will also be
routed to the two BH servers, we plan to utilise DNS round robin here
as opposed to deploying NLB.

We also have a single FE server on our internal network that supports
EAS and OWA access to Exchange and this is front ended by ISA which is
in the DMZ.

Any comments on this design?

Much appreciated

AndyJ