Routing external email

  • Thread starter Thread starter Steve
  • Start date Start date
S

Steve

My company is currently using a third party company to
host our external email and we are having a lot of spam
problems. I would like to bring this in house and host
from our exchange 2000 server to be able to monitor this
problem. What do I need to do to accomplish this. Will I
need to configure the firewall to accept incoming email,
how do I setup our internal DNS to accept this and what do
I need to configure on the exchange server? Sorry lots of
questions.
 
In
Steve said:
My company is currently using a third party company to
host our external email and we are having a lot of spam
problems. I would like to bring this in house and host
from our exchange 2000 server to be able to monitor this
problem. What do I need to do to accomplish this. Will I
need to configure the firewall to accept incoming email,
how do I setup our internal DNS to accept this and what do
I need to configure on the exchange server? Sorry lots of
questions.
Click to expand...

Yes, lots of questions on configuration.

The easy solution of DNS is to continue to let the outside source host it,
but change the MX records to point to you. If using a NAT device, point the
MX to that device and port forward 25 to the internal mail server's private
IP. If not using NAT, allow firewall rules inbound for 25 to that server.
Also port forward or allow ports such as 110, 80, etc if needed to that
server.

As far as SPAM, that is a tough one and if you;re hosting mail, it;s more
overhead and cost to battle this. You would need to configure a number of
things, such as denying relaying, configuring your server to be authorative
to receive mail for this domain (Recipient Policy in Ex2l/2k3), Reverse DNS,
and 3rd party tools (more $$) to combat it and the knowledge of how to run
it.

Internal DNS would remain the same. If using AD, continue to only use your
internal DNS only, same with the mail server. The external DNS hosting
service is what is required to receive mail, nothing on the internal side.
If you choose to run DNS (more overhead) then you can do so. The registrars
require at least 2 DNS servers to be SOA of your zone. If using NAT, that
would be difficult since you can only port remap one internal IP per port.
Besides, hosting external zones requires separate DNS servers since you do
NOT want to mix private and public records on the same machine, due to
security, and if using NAT, you do NOT especially want to mix private IPs
and public IPs for all sorts of issues evolve from that.

Hope that gives you a starter.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In addition to Ace's reply -

See http://www.msexchange.org/tutorials/MF002.html for help setting up
Exchange to host your own mail.

For spam, if you don't want to invest in hardware/software to manage it in
house, might want to look at www.postini.com or www.messagelabs.net for
third party content filtering relay services. I use Postini at a couple of
small client sites where putting another server in to manage the filtering
would be an administrative pain in the butt, and it works quite well.
 
In Lanwench [MVP - Exchange]
In addition to Ace's reply -

See http://www.msexchange.org/tutorials/MF002.html for help setting up
Exchange to host your own mail.

For spam, if you don't want to invest in hardware/software to manage
it in house, might want to look at www.postini.com or
www.messagelabs.net for third party content filtering relay services.
I use Postini at a couple of small client sites where putting another
server in to manage the filtering would be an administrative pain in
the butt, and it works quite well.
Click to expand...


Thanks Lanwench.

What do you think of Mail Essentials now allowing a freebie download to help
combatting SPAM?

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
I haven't used it - haven't seen much on this in the Exchange groups - but
hey, I like "free". :-)
 
In Lanwench [MVP - Exchange]
I haven't used it - haven't seen much on this in the Exchange groups
- but hey, I like "free". :-)
Click to expand...

Yes, free is good!
:-)

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top