Ssl – Two Exchange 2003 servers, Internet SMTP Connector using port 587 on smarthost: no longer internal connectivity between the Exchange servers

exchangesmarthostsmtpssl

To summarize: I set things up (this is a virtual test/tutoring environment), broke internal connectivity by introducing Internet mail connectivity, figured out where the problem was, but now I'm wondering if I'm overlooking some easy setting to fix this instead of what I'm thinking about.

Situation: two Internal Exchange 2003 servers (SP2), everything going fine in terms of communication between them. Now I want to connect to the Internet, and I do this just the same way that I did it before I introduced the second Exchange server: I create an SMTP connector, configure it to use TLS to use Google as a smarthost (to get around ISP blocking on my consumer link…), change the port to 587 on the SMTP virtual server (since port is not specified in the SMTP Connector itself, contrary to the "TLS" setting and password).

Works beautifully, sending and receiving Internet mail all OK. BUT with this setup I lose connectivity between Exchange server 1 and Exchange server 2. I was baffled for some time, removed the SMTP connector again (didn't solve it), until I realized that I still had port 587 configured on the SMTP Virtual Server on Exchange server 1! Sure enough, setting that back to 25 solved the issue.

But now the question: does this REALLY mean that I'll have to set up a separate SMTP Virtual Server on Exchange server 1, and configure THAT one with outgoing port 587 and in the "Internet" SMTP connector (while keeping the default Virtual Server "pristine"), or am I overlooking something else that would enable me to keep using just ONE SMTP Virtual Server?

edit: creating a second SMTP virtual server on Exchange server 1 would mean adding another NIC to have an additional IP address? That sounds so overkill… But when restricted to just ONE SMTP virtual server on that Exchange box, means port needs to remain standard port 25 (unless changing the SMTP port on the other Exchange servers as well, but that sounds even more bizarre, lol).

edit2: brain-fart… Of course I can add a second IP address to the NIC (facepalm); is that the standard way to approach this?

Best Answer

Quick question

  • Did you configure the SMARTHOST on the second Exchange 2003 server to use the first one to deliver emails ?

Assumption:

  • Exchange 1 - TLS587 > Outbound to Google. Port Forward 25/80/443 from Firewall to Internal IP
  • Exchange 2 - Use Exchange1 as SmartHost to deliver emails, anon auth,

Exchange 2

  • Exchange System Manager Admin Groups > Domain > Servers > Exchange 2 > Protocols > SMTP
  • Right click on Default Virtual Server Delivery Tab > Advanced
  • smarthost field > Enter internal LAN IP of Exchange 1

Exchange 1

  • Admin Groups > Domain > Servers > Exchange 2 > Protocols > SMTP
  • Right click on Default Virtual Server
  • Access Tab > Relay
  • Select "Only the list below" (computers which may relay through Virtual Server)
  • Add the LAN IP of Exchange 2.
Related Topic