Wow – that helps a bunch!! I’ll spend some time looking this over and then chat with my boss about it – sounds like that is the better method. Most likely it’s going to be a few weeks before I can implement though – You know how business can work sometimes.

If you think of anything else I’d love to hear out it.

thanks!

Lirria

So set up another SMTP virtual server with a different number. I’m assuming that we don’t want anonymous access turned on, and we want integrated Windows Authenication turned on to get past anonymous relay issues, right? Are there any other security considerations with this? (I have to write up a proposal, have all the exec’s approve it and then get it done, so they will ask)

Any special concerns on the users end for configuration? I’m thinking a dns record change is going to have to happen as our domain lists smtp.atl.cbeyond.com, unless there is some way around this with out a DNS change (it’s been way to many years since I’ve delved into DNS records)

Thanks!

Lirria

Your problem isn’t a problem at all. Most Exchange installations are degisned to do exactly what you want to accomplish.

I’ll tell you the things you need to do to get SMTP to operate properly and give you a check list of things you will need to do to make sure your SMTP delivery isn’t hampered.

1. You will need a PTR record in the public domain that points to your Exchange server so that emails are not rejected by systems that do reverse domain lookups. Talk to your service provider or DNS hosting provider for this.

2. If you have not already done so, get an A record created to point to your Exchange server. Make sure you add a static route in your firewall to push this to your Exchange box.

2. Configure the SMTP connector in Exchange to only allow authenticated users to relay. This will keep your server from becoming an open relay.

3. Evaluate and select a method for your remote users to access their email. The choices depend on your

Option A) This option is easier to configure but does not offer your users the ability to utilize the full functionality of Outlook and Exchange.

Allow users to access email with POP3/SMTP and a standard email client. If you choose this option I suggest either changing the ports or using SSL.

Option B) Install RPC Proxy on your Exchange server and configure RPC over HTTP as your access method. This will allow you to shutoff POP3 and close the hole in your firewall. This method allows full functionality of Outlook and Exchange over ANY internet connection. NO additional ports need to be open other than Port 80.

This option requires the client to be running WindowsXP SP1 or SP2 and Outlook 2003 with SP2. RPC over HTTP does not work on clients running Windows Server 2003.

The only drawback to using RPC is that the clients need to either be on your LAN or VPN for the initial setup. Once the client is synchronized there is no need for LAN/VPN access. If this isn’t possible then you need to stick with option A.

Look at this TechNet link for setting up RPC on the Exchange Server.

http://www.microsoft.com/technet/prodtechnol/exchange/guides/E2k3RPCHTTPDep/1bdd45cc-e141-4901-a686-ec2e6482217b.mspx?mfr=true

Look at this Office link that explains RPC over HTTP and instructions on configuring the Outlook client.

http://office.microsoft.com/en-us/ork2003/HA011402731033.aspx

Let me know how it goes…