:) Do viruses spread slower because they are attached to an email in a POP mailbox vs passing through an Exchange server?
I agree with Jason, you paid for the IronPort to scan your incoming mail, get rid of the OE client and simplify. When no new mail shows up in their OE mailbox, but appears in Outlok, they'll be pleasantly pleased. On Tue, Oct 27, 2009 at 12:21 PM, David W. McSpadden <dav...@imcu.com>wrote: > Thanks Jason. > I would love to get rid of OL Express but it is a Legacy thing. I have > promoted this beast because of my fears of viruses in the past. Now I have > been so convincing that nobody will allow me to change their stance on > internal mail and external mail. > > > -------------------------------------------------- > From: "Jason Gurtz" <jasongu...@npumail.com> > Sent: Tuesday, October 27, 2009 3:14 PM > > To: "MS-Exchange Admin Issues" <exchangelist@lyris.sunbelt-software.com> > Subject: RE: Weird problem > > If you already have an email server (Exchange) and all the other necessary >> items why not simplify and just (get rid of Outlook Express): >> >> Public IP Private IP >> -------------------- ======================== >> Internet<-->ASA<-->Ironport<-->Exchange<-->Outlook >> ^ ^ >> | | >> Mail Gateway ---------+ | >> (DNS MX record) | >> | >> Mail Relay ------------------------+ >> >> Am I missing something? >> >> the ASA will do PAT of port 25 to/from the Ironport (so public MX record >> actually points to ASA public IP). Best practice would be to have the ASA >> block port 25 to and from anything other than the Ironport (clients should >> not ever send directly to the Internet); Exchange box will use Ironport as >> the "smarthost." Configure the Ironport to LDAP lookups against a domain >> controller to avoid delivery to non-existent users. If you really want to >> retain OL Express, enable POP/IMAP and point your OL Express at the >> Exchange box. At any rate, the Ironport is an smtp relay only; you cannot >> enable a client access protocol such as POP or IMAP on it. >> >> Your Co. is paying a lot of money for the Ironport; utilize the support >> resources to help you get the configuration done right. There are many >> small details involved, but thankfully most only have to be dealt with >> once, when it's first set up. >> >> ~JasonG >> >> -----Original Message----- >>> From: David W. McSpadden [mailto:dav...@imcu.com] >>> Sent: Tuesday, October 27, 2009 14:37 >>> To: MS-Exchange Admin Issues >>> Cc: David McSpadden >>> Subject: Re: Weird problem >>> >>> Would I set my internal dns to have pop.imcu.com and smtp.imcu.com point >>> to >>> the smtp relay of the ironport? >>> That way when the outlook express accounts resolved their addresses they >>> would be forced to come through the ironport? >>> I can set up the ASA to funnel all port 25 and port 110 traffic to go >>> through the ironport? >>> >>> Current: >>> >>> ----------------- --------------- >>> >> -- >> >>> ---------------- >>> / Internet E-Mail\---------/ASA FireWall\-----------/Outlook Express\ >>> -------------------- ----------------- >>> >> ------- >> >>> -------------- >>> >>> Proposed: >>> >>> ----------------- --------------- >>> >> -- >> >>> ------- >>> ------------------- >>> / Internet E-Mail\---------/ASA >>> FireWall\-----------/Ironport\-----------/Outlook Express\ >>> -------------------- ----------------- >>> >> ------- >> >>> ----- >>> --------------------- >>> >>> >>> -------------------------------------------------- >>> From: "Carl Houseman" <c.house...@gmail.com> >>> Sent: Tuesday, October 27, 2009 2:26 PM >>> To: "MS-Exchange Admin Issues" <exchangelist@lyris.sunbelt-software.com> >>> Subject: RE: Weird problem >>> >>> > Usually, anti-spam devices that sit on the network edge talk SMTP, not >>> > POP, for inbound mail delivery. >>> > >>> > Check your Ironport spec sheet to be sure, or look in the >>> >> configuration >> >>> > menus for setting up POP mail retrieval, and if you don't find that >>> > capability, you can't get there from here. >>> > >>> > Carl >>> > >>> > -----Original Message----- >>> > From: David W. McSpadden [mailto:dav...@imcu.com] >>> > Sent: Tuesday, October 27, 2009 1:54 PM >>> > To: MS-Exchange Admin Issues >>> > Subject: Weird problem >>> > >>> > I have Exchange 2003. >>> > We use it for internal email only. We connect to it using Outlook >>> 2003. >>> > >>> > I have a mail provider, mailanyone.net. >>> > We use it for external email only. We connect to it using Outlook >>> > Express, >>> > pop.imcu.com and smtp.imcu.com. >>> > >>> > I have an ironport that sits on the edge of my network. >>> > Currently if I set up an smtp address in Outlook 2003 I can get my >>> email >>> > sent out the ironport device from exchange. >>> > I can not get any mail into exchange through the ironport. >>> > >>> > >>> > I have a requirement to keep the two clients but send all the smtp and >>> > receive all the pop mail through the ironport. >>> > If that means relaying off of the exchange that is fine or not even >>> using >>> > it >>> > is also fine. >>> > >>> > Does anyone know of away to do this? >>> > >>> > >>> > >>> > >>> > >>> > >>> > >>> > >>> >> >> >> >> >> > >
