I’m having problems coming up with the right Exchange SMTP Virtual Server and SMTP connector configuration for our network, after we decom two of our Borderware routers. I’ll try to explain it as simple as possible:
- We have all our internal email filtered, and this will be sent to an Exchange server in our DMZ. Let’s call this DMZSMTP. The company that filters our mail can send via TLS.
- We have one client that requires TLS inbound and outbound. They will point to DMZSMTP.
- The DMZSMTP server will pass mail to and from the internal Exchange 2003 network.
I know I need two virtual servers on DMZSMTP, with one of them being the secure SMTP VS requiring TLS. The email filtering company and the TLS-required client will use this.
Here’s where I’m having problems: I know I also need to create the secure SMTP Connector, but I’m not sure whether to “forward all mail through this connector to the following smart host” or DNS. In Local Bridgeheads, I know I put the Secure SMTP VS that I created earlier.
I’m also confused as to whether I need to add the requires-TLS domain to an address space somewhere. For outbound mail, none of it needs to be TLS, except for to this domain. Is the end goal to have one VS doing all TLS security, and if mail needs to be sent to the TLS client, it’s sent out this VS? I can’t figure out how, though.
I have a routing guy who is working with me on this, and he sees the Exchange box having two IP addresses (the two SMTP virtual servers) and his mind starts thinking it’s a router, and it confuses us all.