Secondary SMTP Routing (Full Version)

All Forums >> [Microsoft Exchange 2007] >> Message Routing


jwoodring -> Secondary SMTP Routing (15.Aug.2008 5:30:36 PM)

Hello everyone!!  Okay here's my issue and am welcoming any advice I can get and I apologze for the noob question here...I'm still getting familiar with the Exchange and routing systems.
My company has 2 SMTPs or MX Records if you will.  We have a Primary and a Secondary.  Secondary is more or less our fail over.
From my understanding of the situation....the general rule of thumb with Incoming e-mail is that they communicate with the MX Records...and by default will choose the lower preference turn routing it to the front end server.  On it's way there it's passing through our spam filter.  The Primary SMTP is working beautifully.
The Secondary SMTP is where in lies my issue.  The Secondary is a direct hit to my front end mail server.  There is no spam filter for it to route through.  Spam bots or what have you have obviously recognized the fail over SMTP and has tagged it.....and is pumping a lot of mail to a result we are getting the CNN and MSNBC e-mails into a number of my end users mailboxes among other junk mails.
I realize i can just call our provider and remove the secondary MX Record...but if i did that then I run the risk of dealing with a huge panic and rush should the spam filter ever go down...or die...and getting in touch with the provider to re-route the incoming mail....I don't want to have to get rid of the fail over at all.
Question and advice I need it possible to configure a Receive Connector to only accept incoming mail from the spam filter....or setting something up so that the mail flow on the Secondary SMTP is re-routed back to my spam filter prior to the front end mail server acceptance??
(I hope I was clear on this...please let me know if you need any more information or if I need to explain a different way!)
Thanks for any help....would really appreciate it.

John Weber -> RE: Secondary SMTP Routing (15.Aug.2008 5:47:53 PM)

well, first off, there is no point in a secondary MX if the secondary feeds the same target as the primary.

Do you have the option of feeding the secondary MX through a second hygiene service?  Then from that to the receive connector on a second edge/HT server that is attached to a completely separate internet feed?

If not, then why have a second MX record? or, if you do have a second internet feed, then you should go all they way and treat it like a primary, and protect it as you do the primary.

Sembee -> RE: Secondary SMTP Routing (15.Aug.2008 9:14:47 PM)

If you are concerned about your antispam provider going down then you will have to change antispam provider.

Having the second MX record in the DNS records will increase the amount of spam - for the very reason that you have identified. Spammers actually target the second MX record because they think it will be less defended which is the case here.

Or lets put is another way - there is no such thing as a failover for MX records. All MX records are equal, doesn't matter what cost you use, all records will be used.


jwoodring -> RE: Secondary SMTP Routing (18.Aug.2008 10:28:44 AM)

I guess fail-over is the wrong verbage to use...
the MX Records do not have the same preference level.....primary being lower than the secondary.
(the primary smtp (MX Record) is pointing to the spam that all incoming mail is routed through it first, obviously, and then routed to the front end exchange.  The secondary smtp (MX Record is a direct point to the front end exchange..)
the fact that with MX Record and there being different preference levels..the lowest preference is always used for legit mail...if the primary route pointing to my spam filter should ever be "sabotaged"....the idea of the secondary smtp (MX Record) that while the primary is down and not functional the imcoming mail flow won't be interrupted.  Technically speaking if the lower preference record is not working then all mail should re-route through the next in lin record....correct?
Future speaking we will be setting up a spam filter to intercept through the secondary smtp....
so is it possible to maintain that higher preferenced MX Record and just set up a receive connector that will re-route the incoming mail on the secondary smtp to the spam filter?  

Sembee -> RE: Secondary SMTP Routing (18.Aug.2008 11:51:44 AM)

It doesn't matter which way you state it.
If you put a host in your MX records then it will be used for email. The cost/preference value is pretty much meaningless now.

What you have stated is how it should work in theory, that all email should go to the lowest cost/preference. However in practise that doesn't happen. Furthermore, as I have already stated, spammers actively target hosts with higher cost/preference levels. Finally, just because you may remove the server from the MX records will not stop spam from coming in. Spammers appear to maintain a list of servers that have received email in the past and will continue to use them even after a DNS change. There is no way to have two hosts in the MX records and have things change automatically in the event of a failure of one of them, unless you have spam protection on both sites and are prepared for email to come in through both addresses.

As for your receive connector question, the answer is no. Once the email has hit Exchange Exchange will route it as required. If you wanted to send the spam back out again then you would need something else not related to Exchange to do that. However I don't see the point, as you have still wasted the bandwidth and will then waste more bandwidth sending the email back out again, only for it to come in a second time.


jwoodring -> RE: Secondary SMTP Routing (18.Aug.2008 12:08:36 PM)

okay...thank you very much for all your help...sorry for any restating...just trying to wrap my head around this all.
Much thanks..

Page: [1]