Win2K3 as an SMTP forwarder?

Discussion in 'Windows Server Systems' started by Blisster, Aug 21, 2005.

  1. Blisster

    Blisster OSNN One Post Wonder

    Messages:
    2
    Hi all. I'm new here.

    Got a question, I am currently admining a small domain, running a win2k3 DC/Infrastructure box, a file server and an Exchange 2003 server.
    I'm trying to set up a Win2k3 server that straddles our firewall with an external interface with a public IP (mail.company.com and the MX resolve to this external address) and an internal interface on our LAN. I want to use this as an SMTP forwarder that passes all incoming messages to the exchange server.
    Ultimately I will be isntalling ISA 2004 on this box as well and using it as an RPC over HTTP proxy for the exchange box, as well as to publish OWA externally.

    So this first step here is just getting the smtp service properly configured to route messages incomming on the external interface to the exchange server on the internal interface.

    any suggestions, critisizm or alternate ideas would rock!

    J
     
  2. fitz

    fitz Just Floating Along Staff Member Political User Folding Team

    Messages:
    4,076
    Location:
    Chicagoland
    umm.. why not just install ISA server in a DMZ configuration and use ISA to handle your SMTP traffic?
     
  3. Blisster

    Blisster OSNN One Post Wonder

    Messages:
    2
    That's the plan, but I figured I needed to have the SMTP service set up on the box already.
    I'm not so familliar with ISA 2004 yet, so pardon my ignorance.

    would you still have a "straddling" set-up or would you jsut route from the DMZ into the LAN.

    I'm using a Pix515E to handle the LAN perimeter and can set up a DMZ on the third interface if need-be.

    Also, do you think that will cause issues with the RPC proxy on the ISA box?
     
  4. fitz

    fitz Just Floating Along Staff Member Political User Folding Team

    Messages:
    4,076
    Location:
    Chicagoland
    Here is a nice article on setting up the SMTP filter on an ISA server.

    Also, www.isaserver.org has a LOT of good articles and can teach you pretty much anything you wanted to know.

    Personally, I would put the ISA box strictly in the DMZ only and configure your PIX to forward the traffic on port 25 on the external interface to the DMZ and traffic from yoru DMZ to the LAN over port 25.

    edit: isaserver.org is run by Thomas Shinder who is considered by many to be one of the 'gods' of ISA Server. Go pick up his books too - good reading and info in his books.