Bridgehead Server ?

[ScarEye]

Hi, Guys/Gals

I was wondering if anyone ever setup a Bridgehead server and if they any site on how to set this up.
Basically what I need to do is. When any incomming e-mails come through it forwared to this virus/spam filter server and then it will forward the e-mail to our exchange server.


Right now everything is going to the virus/spam filter server and then it passes it to the exchange server once everything checks out ok. Which works fine. But there are some draw backs to this method and the only way around this method is a brigehead server from what I understand.

So anyone know how or what I have to do to set this up.

Thanks In Advance
ScarEye

 

[netometer]

Hi!
Please, correct me if I am wrong, but here is what I understand:

1. You have a Spam/Virus filter Server and all the incoming mail hits that server first.
2. You have 1 Exchange server (E2K) which is holding the mailboxes of your users.
3. Once the incoming mail is checked at the Spam/Virus filter server it is passed to the Exchange server and the mail is dispatched to the corresponding mailboxes.
4. The outgoing mail leaves directly from your Exchange server.

I understand that you do not like this configuration.
What are the problems that you experience now and what changes you would like to see in the way this works?
Here is where I am getting confused:

“Basically what I need to do is. When any incomming e-mails come through it forwared to this virus/spam filter server and then it will forward the e-mail to our exchange server.”

and

“Right now everything is going to the virus/spam filter server and then it passes it to the exchange server once everything checks out ok. Which works fine.”

http://www.netometer.net

 

[ScarEye]

netometer,

I had wrote up this whole nice story of what's going on. And tek-tips website goes down.. And I lost all that text. So let this be a lesson we all can learn from. Next time you are about to submit your reply's or even questions COPY & PASTE. I learned this the hardway. Anyway here we go again.


1,2,3,4 are correct. This is what's going on.

1. Anyone within our company that is sending out an e-mail
to anyone within or outside our company it sends the
e-mail with no problem.

2. Now when that same user goes home. And uses his/her
work e-mail, they can send out any e-mails within our
organazation, but when they try to send out an e-mail
outside our company the user receives a response 550
Relaying Denied. I know why that is.

The spam/virus program has a list of allow relay. And the only thing you can put there is the user's IP address.

Now I can go ahead and put the user's WAN ip address in that list. And now they can send messages to anyone outside
our organazation. But most people here have a dynamic ip from there ISP. And whats going to happen is when there ip changes there going to get that same 550 Error.

And you cannot specify by DNS. Only IP.

So I called the software company and they said there is
nothing I can do. Unless I put a bridgehead server. Now
I am trying to find out what can it do for me ?

Do I set it up so that. The e-mail goes through this brigehead server and then it forwards it to my spam/virus
filter server and then it forwards it to my exchange server ?

I hope I cleared up your confusion.

Thanks
ScarEye

 

[netometer]

Hi!
I learned the same lesson (copy/paste) yesterday, ScarEye :-D. The good side is that you have a spell check.

I would suggest the following approach:

1. Translate Exchange’s private IP address/ Port 25 to a Public IP/ Port 25
2. Create “A Record” (like “mail2.yourcompany.com”) and “MX Record” with a lower priority like 100 (I assume that the priority for your default MX record is “0” or “10”) which points to that A record in your external DNS server zone. Do not forget to create a an entry in the reverse look-up zone for its ip address because a lot of companies perform a reverse look-up for their incoming e-mail.
3. Tell your users to set “mail2.yourdomain.com” as the smtp server for their mail clients.

Here are the benefits of this configuration:
1. By default Exchange 2000 allows all computers which successfully authenticate to relay through its SMTP servers. You can check this in System Manager for Exchange under “Servers/Protocols/SMTP/Default Smtp Server ? in Properties/Relay”. There is a check box at the bottom of the window which is checked by default. Your users have to specify username and password for their outgoing SMTP server in order to be able to relay through “mail2”.
2. In case something happens to your Spam/Virus filter server and it is Down/ Not accepting mail you are still going to be able to receive e-mail through “mail2”. Of course it is not going to be checked against the Spam/Virus rules.

Here are the weak points which I have found in that configuration till now:
1. If the Spam/Virus filter server is down you can have e-mails containing viruses hitting and infecting your clients.
2. There are clever “spammers” which are looking for such configurations and send Spam into your company directly through “mail2” instead of trying the server with highest priority for MX record. Fortunately there are not so many cases till now but who knows…

A partial workaround will be not to create an MX record for “mail2” but just an “A record”.

I hope this info was helpful!

NetoMeter

http://www.netometer.net

 

[ScarEye]

Netometer,

In reply to:

"1. Translate Exchange’s private IP address/ Port 25 to a Public IP/ Port 25"

There is no private side of our exchange server. It is on the DMZ of the firewall. And it has 1 Public IP as our spam/virus filter server also.


Thanks
ScarEye