On Wed, Mar 18, 2009 at 4:15 PM, Lewin, Greg <le...@infimed.com> wrote: > I currently have a Windows 2003 server running IIS in the DMZ and it is > stand alone machine. We are looking to add the ability to send email to > both external recipients and internal users from this machine. We do have > Exchange 2007(no edge transport) running internally. Can I just install IIS > SMTP services on the Web server to accomplish this?
Roughly speaking, that should work. By default, IIS SMTP will use DNS to look up the MX (Mail Exchanger) records for all destination mail, and then make TCP connections to port 25 directly to the destination mail exchangers. You may need to modify your firewall rules to allow outbound TCP/25. That could be considered a security exposure. If your web server is hijacked by a spammer, now they can use it to send their spam everywhere. However, if you want to send mail, you pretty much have to do this. > Do I need to relay mail through the Exchange server to make it appear as if > it came from my domain name or can I send directly from the web server and > accomplish this? This depends. It's fairly easy to configure your DMZ IIS to report itself as whatever domain you want. However, mail sent from DMZ IIS will have a different "fingerprint" than mail from your regular mail server. This may trigger some mail filtering (anti-spam) systems. You *may* want to configure IIS SMTP to relay mail through your main mail server ("smart host") for that reason. Likewise if you have mail archiving/retention/logging/etc systems in place. > Is this even a good idea ... Mail can be complicated in practice, but so far, nothing leaps out as "wrong". -- Ben ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~