Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Convert from POP3 Retrival to SMTP
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Convert from POP3 Retrival to SMTP - 20.Jun.2008 4:49:43 AM
|
|
|
sacc_ns
Posts: 6
Joined: 23.Oct.2007
From: Essex / UK
Status: offline
|
Hi,
We currently have a single Exchange server that collects email from a local ISP running a catch-all mailbox via EFS POP3 retrival software. Unfortunately we have had a number of issues with EFS and want to move to receiving email directly.
Trouble is the more i read on doing this the more confused i get. Some people say just adjust the DNS & MX records and open Port 25 on your firewall. Others are talking about Front and Backend Exchange servers and issues with NAT enabled firewalls and reverse DNS.
I need some advice on the most cost effective and secure way of doing this can anyone help please.
Our current firewall config is
Internet
|
Cisco Router (NAT Enabled)
|
Juniper Netscreen 5GT (Inbound Traffic Control)
|
ISA Server 2006 (Outbound Traffic Control)
|
Exchange 2003 (Internal IP Range Not In DMZ)
Many Thanks
Nick
|
|
|
|
|
RE: Convert from POP3 Retrival to SMTP - 22.Jun.2008 9:08:43 AM
|
|
|
Sembee
Posts: 3165
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
You don't need to purchase anything else.
At its basic it is just open port 25 on the firewall and then change your MX records. The additional measures are for security and load. You certainly do not need a frontend/backend setup. Those are usually deployed for OWA access.
You have two options with your setup.
1. Open port 25 on the firewall and point it straight to the Exchange server.
2. As above, but point it to the ISA server and use ISA to publish the SMTP service. ISA does have some SMTP scanning options which you might want to look at, but for most effective Antispam options those would have to be installed on the ISA server so that the messages are scanned at the point of delivery.
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/
|
|
|
|
|
RE: Convert from POP3 Retrieval to SMTP - 22.Jun.2008 10:00:49 AM
|
|
|
sacc_ns
Posts: 6
Joined: 23.Oct.2007
From: Essex / UK
Status: offline
|
Hi Simon,
Many thanks for your response.
It would appear that this easier than i was starting to believe. One thing i should mention, we are running OWA at present, we only have about 350 mailboxes so loading was not consider an issue. Is the front / back-end set up something we should look at for the future in regards to security ? Also we have McAfee Group-shield on the Exchange server to cover for AntiSpam, AntiVirus and other policies. If we wanted to look at further security packages that could be installed on the ISA is there any you would suggest ?
Regards,
Nick
|
|
|
|
|
RE: Convert from POP3 Retrieval to SMTP - 22.Jun.2008 11:40:07 AM
|
|
|
Sembee
Posts: 3165
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
Whether you need FE/BE depends on how many users you have accessing the server remotely. That doesn't just include OWA, but RPC over HTTPS, Windows Mobile devices etc.
Certainly if you go to a second server then you should have a frontend/backend scenario, purely to allow a single URL to be used. FE/BE is NOT a security feature, it is load and functionality. It does nothing to enhance your security.
Whether McAfee is up to the job for antispam etc is something that you have to decide as in my experience no two sites are identical. What can work for one customer will fail totally for another, with too many false positives.
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/
|
|
|
|
|
RE: Convert from POP3 Retrieval to SMTP - 22.Jun.2008 11:54:30 AM
|
|
|
sacc_ns
Posts: 6
Joined: 23.Oct.2007
From: Essex / UK
Status: offline
|
Hi Simon,
Thanks, that's made things a lot clearer now with regards to FE / BE set up, i don't think we'll be needing that for a long long time.
I appreciate your advice, many thanks.
Nick
|
|
|
|
|
RE: Convert from POP3 Retrieval to SMTP - 27.Jun.2008 6:29:10 PM
|
|
|
h4ppygi|more
Posts: 97
Joined: 2.Aug.2006
Status: offline
|
Nick,
If you are still around just one question.
Why do you have to NAT at the cisco router?
Do both Netscreen and ISA firewalls send/receive WAN traffic? Depanding on how you configured the ISA and Netscreen, you may be looking at triple NAT.
I am just curious. I think it may be a overkill with the way you posted your network infrastructure. Some apps may not behave well with two NATs let alone triple NATs.
< Message edited by h4ppygi|more -- 27.Jun.2008 6:30:44 PM >
|
|
|
|
|
RE: Convert from POP3 Retrieval to SMTP - 28.Jun.2008 7:26:50 AM
|
|
|
sacc_ns
Posts: 6
Joined: 23.Oct.2007
From: Essex / UK
Status: offline
|
Hi,
We only have one NAT enabled device on our network which is the Cisco router. The Cisco router routes incoming packets to our ISA's external interface. The Juniper sits silently in between scanning the packets as the flow through it on their way to the ISA. The ISA's external interface is in an isolated subnet of our internal range. The subnet only contains the Cisco internal card, the Juniper and the ISA's external interface.
Hope that makes sense.
Nick
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
