Convert from POP3 Retrival to SMTP (Full Version)

All Forums >> [Microsoft Exchange 2003] >> Installation



Message

sacc_ns -> Convert from POP3 Retrival to SMTP (20.Jun.2008 4:49:43 AM)

Hi,

We currently have a single Exchange server that collects email from a local ISP running a catch-all mailbox via EFS POP3 retrival software. Unfortunately we have had a number of issues with EFS and want to move to receiving email directly.

Trouble is the more i read on doing this the more confused i get. Some people say just adjust the DNS & MX records and open Port 25 on your firewall. Others are talking about Front and Backend Exchange servers and issues with NAT enabled firewalls and reverse DNS.

I need some advice on the most cost effective and secure way of doing this can anyone help please.

Our current firewall config is

                                      Internet
                                           |
                              Cisco Router (NAT Enabled)
                                           |
                      Juniper Netscreen 5GT (Inbound Traffic Control)
                                           |
                      ISA Server 2006 (Outbound Traffic Control)
                                           |
                     Exchange 2003 (Internal IP Range Not In DMZ)


Many Thanks

Nick



Sembee -> RE: Convert from POP3 Retrival to SMTP (22.Jun.2008 9:08:43 AM)

You don't need to purchase anything else.
At its basic it is just open port 25 on the firewall and then change your MX records. The additional measures are for security and load. You certainly do not need a frontend/backend setup. Those are usually deployed for OWA access.

You have two options with your setup.
1. Open port 25 on the firewall and point it straight to the Exchange server.
2. As above, but point it to the ISA server and use ISA to publish the SMTP service. ISA does have some SMTP scanning options which you might want to look at, but for most effective Antispam options those would have to be installed on the ISA server so that the messages are scanned at the point of delivery.

Simon.



sacc_ns -> RE: Convert from POP3 Retrieval to SMTP (22.Jun.2008 10:00:49 AM)

Hi Simon,

Many thanks for your response.

It would appear that this easier than i was starting to believe. One thing i should mention, we are running OWA at present, we only have about 350 mailboxes so loading was not consider an issue. Is the front / back-end set up something we should look at for the future in regards to security ? Also we have McAfee Group-shield on the Exchange server to cover for AntiSpam, AntiVirus and other policies. If we wanted to look at further security packages that could be installed on the ISA is there any you would suggest ?

Regards,

Nick



Sembee -> RE: Convert from POP3 Retrieval to SMTP (22.Jun.2008 11:40:07 AM)

Whether you need FE/BE depends on how many users you have accessing the server remotely. That doesn't just include OWA, but RPC over HTTPS, Windows Mobile devices etc.
Certainly if you go to a second server then you should have a frontend/backend scenario, purely to allow a single URL to be used. FE/BE is NOT a security feature, it is load and functionality. It does nothing to enhance your security.

Whether McAfee is up to the job for antispam etc is something that you have to decide as in my experience no two sites are identical. What can work for one customer will fail totally for another, with too many false positives.

Simon.



sacc_ns -> RE: Convert from POP3 Retrieval to SMTP (22.Jun.2008 11:54:30 AM)

Hi Simon,

Thanks, that's made things a lot clearer now with regards to FE / BE set up, i don't think we'll be needing that for a long long time.

I appreciate your advice, many thanks.

Nick



h4ppygi|more -> RE: Convert from POP3 Retrieval to SMTP (27.Jun.2008 6:29:10 PM)

Nick,

If you are still around just one question. 

Why do you have to NAT at the cisco router?
Do both Netscreen and ISA firewalls send/receive WAN traffic? Depanding on how you configured the ISA and Netscreen, you may be looking at triple NAT.

I am just curious.  I think it may be a overkill with the way you posted your network infrastructure.  Some apps may not behave well with two NATs let alone triple NATs.



sacc_ns -> RE: Convert from POP3 Retrieval to SMTP (28.Jun.2008 7:26:50 AM)

Hi,

We only have one NAT enabled device on our network which is the Cisco router. The Cisco router routes incoming packets to our ISA's external interface. The Juniper sits silently in between scanning the packets as the flow through it on their way to the ISA. The ISA's external interface is in an isolated subnet of our internal range. The subnet only contains the Cisco internal card, the Juniper and the ISA's external interface.

Hope that makes sense.

Nick




Page: [1]