Windows

Point value changed by question poster.

Setup the new server with a Virtual SMTP host, and set it up to forward all email that are intended for your domain to your Exchange Server. The SMTP service is part of IIS.

Now is a golden opprotunity to install an anti-virus/anti-spam package on the new server. Let it be the gateway to the internet and have it pass the traffic in or out. I'm not an exchange expert, but I would think that it can be told to pass all internet-bound mail to host for processing.

Some useful links (remove spaces as needed);

http://www.sophos.com/products/ software/mailmonitor/

http://www.mimesweeper.com/products/ msw/default.asp

http://www.mailmarshall.com/

http://enterprisesecurity.symantec.com/ products/products.cfm?ProductID=164&EID=0

http://www.mcafeeb2b.com/products/ webshield-smtp/default.asp

HTH

I think it would best to segment the Exchange 2000 and Web Server into two different IP segment using a router since you are using Exchange 2000 for in-house only. If you don't want to buy a new router, you can add another NIC to the Exchange 2000 server to serve as a router and perform packet filtering on the inbound and outbound interface. You can use the built-in TCP/IP filtering on Local Area Connection Properties> TCP/IP Properties> Advanced TCP/IP Settings> Option. If you still don't feelsecure enough, create a perimeter zone (DMZ) with you firewall, check whether your firewall can create DMZ or not. If not, you can turn to Cisco pix firewall or checkpoint.

In exchange system manager check the configuration of the smtp virtual server. Also add the external domain name to the recipient update policy or the server will not accept external mail.

You should be able to get a reply from the exchange server internally if you telnet to it on port 25.

telnet 192.168.0.1 25

Once this is working create a rule on the firewall that forwards inbound traffic on port 25 to the exchange server.

telnet to the external ip address of the firewall on port 25 from an external pc, you should get the same reply as before.

Ask your isp to forward all mail by smtp to the external ip of your firewall.

This question was closed by the author