On Wed, Mar 18, 2009 at 4:15 PM, Lewin, Greg <le...@infimed.com> wrote:
> I currently have a Windows 2003 server running IIS in the DMZ and it is
> stand alone machine. We are looking to add the ability to send email to
> both external recipients and internal users from this machine. We do have
> Exchange 2007(no edge transport) running internally. Can I just install IIS
> SMTP services on the Web server to accomplish this?
Roughly speaking, that should work. By default, IIS SMTP will use
DNS to look up the MX (Mail Exchanger) records for all destination
mail, and then make TCP connections to port 25 directly to the
destination mail exchangers.
You may need to modify your firewall rules to allow outbound TCP/25.
That could be considered a security exposure. If your web server is
hijacked by a spammer, now they can use it to send their spam
everywhere. However, if you want to send mail, you pretty much have
to do this.
> Do I need to relay mail through the Exchange server to make it appear as if
> it came from my domain name or can I send directly from the web server and
> accomplish this?
This depends. It's fairly easy to configure your DMZ IIS to report
itself as whatever domain you want.
However, mail sent from DMZ IIS will have a different "fingerprint"
than mail from your regular mail server. This may trigger some mail
filtering (anti-spam) systems. You *may* want to configure IIS SMTP
to relay mail through your main mail server ("smart host") for that
reason. Likewise if you have mail archiving/retention/logging/etc
systems in place.
> Is this even a good idea ...
Mail can be complicated in practice, but so far, nothing leaps out as "wrong".
-- Ben
~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
~ http://www.sunbeltsoftware.com/Ninja ~
