Ureader.com  
Microsoft software help and Community
   home   |   control panel login   |   archive   |  
 
Exchange
2000.active.directory
2000.admin
2000.announcements
2000.app.conversion
2000.applications
2000.clients
2000.clustering
2000.connectivity
2000.development
2000.documentation
2000.general
2000.information.store
2000.interop
2000.kms
2000.misc
2000.protocols
2000.realtime.collabo.
2000.setup
2000.transport
2000.win2000
admin
application.conversion
applications
clients
clustering
connectivity
design
development
misc
mobility
setup
tools
  
 
date: Thu, 13 Apr 2006 09:22:02 -0700,    group: microsoft.public.exchange.design        back       


Exchange Server Behind a smart host    
I have an Exchange 2003 Server which sits behind a series of smart unix hosts 
which filter spam coming in from the internet.  Our external gateway queries 
Active Directory so that it has a list of valid email addresses that it will 
accept mail from.  All this works great.  However, coming from the other 
direction Exchange is configured to send all mail it can't deliver locally to 
a smart host.  The problem occurs when there is a mail sent to an misspelled 
or non-existent internal email address.  Exchange can't deliver it so it 
sends it to the smart host, and the smart host sends it back because it knows 
Exchange is in charge of delivery for the internal domain, except for a few 
addresses which it handles on its own.  This continues until the smart host 
realizes a loop is being created and tells the Exchange server to stop.  Is 
there a way I can configure Exchange so that it knows not to try to send mail 
to the smart host if it is an email destined for an internal address (except 
for a few exception addresses)?
date: Thu, 13 Apr 2006 09:22:02 -0700   author:   Michael Leighty

Re: Exchange Server Behind a smart host    
Are those exception addresses the ones hosted on the smarthost?

- If yes, you can assign those addresses secondary email addresses/aliases 
on the smarthost - something like user@something.yourdomain.com.
- Make Exchange Authoritative for the domain by check "This Exchange 
Organization is responsible for all delivery to this address" - and make 
sure it doesn't deliver unresolved email to the smarthost.
- Create Contacts for the addresses hosted on the smarthost, add their 
secondary/alias addresses (user@something.yourdomain.com) that you assigned 
on the smarthost as proxyAddresses for these Contacts
- Create a Connector for address space something.yourdomain.com and insert 
the smarthost's fqdn/ip address as a smarthost.

Now Exchange is authoritative for the domain yourdomain.com and does not 
send unresolved mail to the smarthost, but knows how to send mail for those 
Contacts to the smarthost.
-- 
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
www.exchangepedia.com/blog
----------------------------------------------


"Michael Leighty"  wrote in 
message news:19DB2CDA-501C-4D48-8396-C3EF10DF5C00@microsoft.com...
>I have an Exchange 2003 Server which sits behind a series of smart unix 
>hosts
> which filter spam coming in from the internet.  Our external gateway 
> queries
> Active Directory so that it has a list of valid email addresses that it 
> will
> accept mail from.  All this works great.  However, coming from the other
> direction Exchange is configured to send all mail it can't deliver locally 
> to
> a smart host.  The problem occurs when there is a mail sent to an 
> misspelled
> or non-existent internal email address.  Exchange can't deliver it so it
> sends it to the smart host, and the smart host sends it back because it 
> knows
> Exchange is in charge of delivery for the internal domain, except for a 
> few
> addresses which it handles on its own.  This continues until the smart 
> host
> realizes a loop is being created and tells the Exchange server to stop. 
> Is
> there a way I can configure Exchange so that it knows not to try to send 
> mail
> to the smart host if it is an email destined for an internal address 
> (except
> for a few exception addresses)?
date: Thu, 13 Apr 2006 11:13:58 -0700   author:   Bharat Suneja [MVP]

Re: Exchange Server Behind a smart host    
Thank you for your response.  The only problem I have with your solution is 
that I still want the Exchange server to send mail to the smart host instead 
of directly to the internet because content filtering is done here.  Is it 
possible for this to be setup this way under your solution?  Also Where do I 
set it to be authoritative for a particular domain - is that in in the 
Exchange server properties or under the SMTP virtual server settings?  I have 
no problems with creating contacts for my exceptions, but I still want all 
mail to be routed through my smart hosts.  Thanks again.
date: Thu, 13 Apr 2006 11:28:02 -0700   author:   Michael Leighty

Re: Exchange Server Behind a smart host    
Inline.

-- 
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
www.exchangepedia.com/blog
----------------------------------------------


"Michael Leighty"  wrote in 
message news:B0D69033-5C43-49FC-AA21-C1A9A442B065@microsoft.com...
> Thank you for your response.  The only problem I have with your solution 
> is
> that I still want the Exchange server to send mail to the smart host 
> instead
> of directly to the internet because content filtering is done here.  Is it
> possible for this to be setup this way under your solution?

- Sure. Outbound internet mail will still go out through a SMTP Connector 
with address space *, you will need to specify the smarthost on the 
Connector.

 Also Where do I
> set it to be authoritative for a particular domain - is that in in the
> Exchange server properties or under the SMTP virtual server settings?

- In Recipient Policies - find the policy for that smtp domain and check 
"This Exchange Organization is responsible for all mail delivery for this 
address"
- In SMTP virtual server propoerties | Messages tab - make sure the field 
"Forward all mail with unresolved recipients to host" is left blank.

 I have
> no problems with creating contacts for my exceptions, but I still want all
> mail to be routed through my smart hosts.  Thanks again.

- All mail for Exchange recipients @yourdomain.com will be delivered locally
- All mail for Contacts that will have the primary email address 
@something.yourdomain.com, and an additional smtp address 
@something.yourdomain.com will be routed over the Connector for 
@something.yourdomain.com to your smarthost
- All mail for non-existent/mis-spelt recipients @yourdomain.com (for which 
there are no Exchange recipients and no Contacts pointing to 
@something.domain.com) will NOT be sent to your smarthost. Since Exchange is 
authoritative for that domain, it will generate a NDR because no recipients 
found and no alternate path to @yourdomain.com. This will resolve the issue 
of such mail being bounced between the smarthost and Exchange till it 
reaches max hop-count.
- All mail for all other domains will be delivered using the SMTP Connector 
for address-space * to your smarthost
date: Thu, 13 Apr 2006 12:05:28 -0700   author:   Bharat Suneja [MVP]

Re: Exchange Server Behind a smart host    
Correction:
> - All mail for Contacts that will have the primary email address 
> @yourdomain.com, and an additional smtp address @something.yourdomain.com 
> will be routed over the Connector for @something.yourdomain.com to your 
> smarthost


-- 
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
www.exchangepedia.com/blog
----------------------------------------------


"Bharat Suneja [MVP]"  wrote in message 
news:efZr70yXGHA.128@TK2MSFTNGP05.phx.gbl...
> Inline.
>
> -- 
> Bharat Suneja
> MVP - Exchange
> www.zenprise.com
> NEW blog location:
> www.exchangepedia.com/blog
> ----------------------------------------------
>
>
> "Michael Leighty"  wrote in 
> message news:B0D69033-5C43-49FC-AA21-C1A9A442B065@microsoft.com...
>> Thank you for your response.  The only problem I have with your solution 
>> is
>> that I still want the Exchange server to send mail to the smart host 
>> instead
>> of directly to the internet because content filtering is done here.  Is 
>> it
>> possible for this to be setup this way under your solution?
>
> - Sure. Outbound internet mail will still go out through a SMTP Connector 
> with address space *, you will need to specify the smarthost on the 
> Connector.
>
> Also Where do I
>> set it to be authoritative for a particular domain - is that in in the
>> Exchange server properties or under the SMTP virtual server settings?
>
> - In Recipient Policies - find the policy for that smtp domain and check 
> "This Exchange Organization is responsible for all mail delivery for this 
> address"
> - In SMTP virtual server propoerties | Messages tab - make sure the field 
> "Forward all mail with unresolved recipients to host" is left blank.
>
> I have
>> no problems with creating contacts for my exceptions, but I still want 
>> all
>> mail to be routed through my smart hosts.  Thanks again.
>
> - All mail for Exchange recipients @yourdomain.com will be delivered 
> locally
> - All mail for Contacts that will have the primary email address 
> @something.yourdomain.com, and an additional smtp address 
> @something.yourdomain.com will be routed over the Connector for 
> @something.yourdomain.com to your smarthost
> - All mail for non-existent/mis-spelt recipients @yourdomain.com (for 
> which there are no Exchange recipients and no Contacts pointing to 
> @something.domain.com) will NOT be sent to your smarthost. Since Exchange 
> is authoritative for that domain, it will generate a NDR because no 
> recipients found and no alternate path to @yourdomain.com. This will 
> resolve the issue of such mail being bounced between the smarthost and 
> Exchange till it reaches max hop-count.
> - All mail for all other domains will be delivered using the SMTP 
> Connector for address-space * to your smarthost
>
date: Thu, 13 Apr 2006 13:16:58 -0700   author:   Bharat Suneja [MVP]

Re: Exchange Server Behind a smart host    
One last question - when I go under recipient polices to make the change it 
looks like the smtp @mydomain.com is already checked as "This Exchange 
Organization is responsible for all mail delivery to this address."  So it 
would seem that it shouldn't be trying to mail outside the exchange 
organization at all for address @mydomain.com.  The only reference I have to 
my smart host is in the Internet Mail SMTP Connector which says forward all 
mail through this connector to the following smart hosts and it has the * for 
the smtp addresses.  I noticed my exchange server name in the local 
bridgehead, does that look right.  Another thing to note that in the SMTP 
virtual server properties Messages tab there was an entry in the "forward all 
maill with unresolved recipients to host" which was for a defunct mail server 
that was removed before I arrived at this job.  I removed it.  Perhaps it was 
somehow responsible for mail destined for @mydomain.com getting to the 
smarthost?
date: Thu, 13 Apr 2006 13:32:01 -0700   author:   Michael Leighty

Re: Exchange Server Behind a smart host    
Inline.

-- 
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
www.exchangepedia.com/blog
----------------------------------------------


"Michael Leighty"  wrote in 
message news:C1DEEF78-125E-4F56-BB99-9F22E57CD904@microsoft.com...
> One last question - when I go under recipient polices to make the change 
> it
> looks like the smtp @mydomain.com is already checked as "This Exchange
> Organization is responsible for all mail delivery to this address."  So it
> would seem that it shouldn't be trying to mail outside the exchange
> organization at all for address @mydomain.com.  The only reference I have 
> to
> my smart host is in the Internet Mail SMTP Connector which says forward 
> all
> mail through this connector to the following smart hosts and it has the * 
> for
> the smtp addresses.  I noticed my exchange server name in the local
> bridgehead, does that look right.

Yes, the above is the way it should be. Bridgeheads are responsible for 
delivering mail over the Connector - if DNS is selected, they delivery 
directly, if smarthost is selected and a fqdn/ip address of a smarthost 
entered, they deliver to the smarthost.

> Another thing to note that in the SMTP
> virtual server properties Messages tab there was an entry in the "forward 
> all
> maill with unresolved recipients to host" which was for a defunct mail 
> server
> that was removed before I arrived at this job.  I removed it.  Perhaps it 
> was
> somehow responsible for mail destined for @mydomain.com getting to the
> smarthost?

Not sure. If the defunct mail host still existed and accepted smtp 
connections, and then delivered it to the smarthost, yes. Take a look at the 
mail headers for such messages and see where they went from the bridgehead. 
Can also check SMTP logs on the bridgehead, on the smarthost, and if the 
defunct mail host still exists then check logs on it as well.
date: Thu, 13 Apr 2006 13:50:07 -0700   author:   Bharat Suneja [MVP]

Google
 
Web ureader.com


    COPYRIGHT 2007, YARDI TECHNOLOGY LIMITED, ALL RIGHT RESERVE  |   contact us