• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Secondary SMTP Routing

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2007] >> Message Routing >> Secondary SMTP Routing Page: [1]
Login
Message << Older Topic   Newer Topic >>
Secondary SMTP Routing - 15.Aug.2008 5:30:36 PM   
jwoodring

 

Posts: 3
Joined: 15.Aug.2008
Status: offline
Hello everyone!!  Okay here's my issue and am welcoming any advice I can get and I apologze for the noob question here...I'm still getting familiar with the Exchange and routing systems.
My company has 2 SMTPs or MX Records if you will.  We have a Primary and a Secondary.  Secondary is more or less our fail over.
From my understanding of the situation....the general rule of thumb with Incoming e-mail is that they communicate with the MX Records...and by default will choose the lower preference record...in turn routing it to the front end server.  On it's way there it's passing through our spam filter.  The Primary SMTP is working beautifully.
The Secondary SMTP is where in lies my issue.  The Secondary is a direct hit to my front end mail server.  There is no spam filter for it to route through.  Spam bots or what have you have obviously recognized the fail over SMTP and has tagged it.....and is pumping a lot of mail to it...as a result we are getting the CNN and MSNBC e-mails into a number of my end users mailboxes among other junk mails.
I realize i can just call our provider and remove the secondary MX Record...but if i did that then I run the risk of dealing with a huge panic and rush should the spam filter ever go down...or die...and getting in touch with the provider to re-route the incoming mail....I don't want to have to get rid of the fail over at all.
Question and advice I need here....is it possible to configure a Receive Connector to only accept incoming mail from the spam filter....or setting something up so that the mail flow on the Secondary SMTP is re-routed back to my spam filter prior to the front end mail server acceptance??
(I hope I was clear on this...please let me know if you need any more information or if I need to explain a different way!)
Thanks for any help....would really appreciate it.
 
Post #: 1
RE: Secondary SMTP Routing - 15.Aug.2008 5:47:53 PM   
John Weber

 

Posts: 1236
Joined: 20.Apr.2005
From: Portland, Oregon
Status: offline
well, first off, there is no point in a secondary MX if the secondary feeds the same target as the primary.

Do you have the option of feeding the secondary MX through a second hygiene service?  Then from that to the receive connector on a second edge/HT server that is attached to a completely separate internet feed?

If not, then why have a second MX record? or, if you do have a second internet feed, then you should go all they way and treat it like a primary, and protect it as you do the primary.

< Message edited by John Weber -- 15.Aug.2008 5:50:30 PM >


_____________________________

John Weber [Lync MVP] http://tsoorad.blogspot.com

(in reply to jwoodring)
Post #: 2
RE: Secondary SMTP Routing - 15.Aug.2008 9:14:47 PM   
Sembee

 

Posts: 4093
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
If you are concerned about your antispam provider going down then you will have to change antispam provider.

Having the second MX record in the DNS records will increase the amount of spam - for the very reason that you have identified. Spammers actually target the second MX record because they think it will be less defended which is the case here.

Or lets put is another way - there is no such thing as a failover for MX records. All MX records are equal, doesn't matter what cost you use, all records will be used.

Simon.

_____________________________

Simon Butler,
Exchange MVP
Blog: http://blog.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.sembee.co.uk/
Exchange Resources: http://exbpa.com/

(in reply to John Weber)
Post #: 3
RE: Secondary SMTP Routing - 18.Aug.2008 10:28:44 AM   
jwoodring

 

Posts: 3
Joined: 15.Aug.2008
Status: offline
I guess fail-over is the wrong verbage to use...
the MX Records do not have the same preference level.....primary being lower than the secondary.
 
(the primary smtp (MX Record) is pointing to the spam filter...so that all incoming mail is routed through it first, obviously, and then routed to the front end exchange.  The secondary smtp (MX Record is a direct point to the front end exchange..)
 
the fact that with MX Record and there being different preference levels..the lowest preference is always used for legit mail...if the primary route pointing to my spam filter should ever be "sabotaged"....the idea of the secondary smtp (MX Record)...is that while the primary is down and not functional the imcoming mail flow won't be interrupted.  Technically speaking if the lower preference record is not working then all mail should re-route through the next in lin record....correct?
 
 
Future speaking we will be setting up a spam filter to intercept through the secondary smtp....
 
so is it possible to maintain that higher preferenced MX Record and just set up a receive connector that will re-route the incoming mail on the secondary smtp to the spam filter?  

(in reply to Sembee)
Post #: 4
RE: Secondary SMTP Routing - 18.Aug.2008 11:51:44 AM   
Sembee

 

Posts: 4093
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
It doesn't matter which way you state it.
If you put a host in your MX records then it will be used for email. The cost/preference value is pretty much meaningless now.

What you have stated is how it should work in theory, that all email should go to the lowest cost/preference. However in practise that doesn't happen. Furthermore, as I have already stated, spammers actively target hosts with higher cost/preference levels. Finally, just because you may remove the server from the MX records will not stop spam from coming in. Spammers appear to maintain a list of servers that have received email in the past and will continue to use them even after a DNS change. There is no way to have two hosts in the MX records and have things change automatically in the event of a failure of one of them, unless you have spam protection on both sites and are prepared for email to come in through both addresses.

As for your receive connector question, the answer is no. Once the email has hit Exchange Exchange will route it as required. If you wanted to send the spam back out again then you would need something else not related to Exchange to do that. However I don't see the point, as you have still wasted the bandwidth and will then waste more bandwidth sending the email back out again, only for it to come in a second time.

Simon.

_____________________________

Simon Butler,
Exchange MVP
Blog: http://blog.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.sembee.co.uk/
Exchange Resources: http://exbpa.com/

(in reply to jwoodring)
Post #: 5
RE: Secondary SMTP Routing - 18.Aug.2008 12:08:36 PM   
jwoodring

 

Posts: 3
Joined: 15.Aug.2008
Status: offline
okay...thank you very much for all your help...sorry for any restating...just trying to wrap my head around this all.
Much thanks..

(in reply to Sembee)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2007] >> Message Routing >> Secondary SMTP Routing Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter