Jump to content


Photo

Exchange Server 2003 to SF100's Outbound, how it works?

SF100 Exchange Server 2003

Best Answer Michelle Exner, 11 October 2016 - 05:00 PM

Jimmy,

On the barracuda you go to the Basic Outbound page. You add the IP of your Exchange server to the "Relay Using Trusted IP/Range"

IP = 192.168.0.3  netmask = 255.255.255.255

On your Exchange server you set your smarthost so that is sends outbound mail to the Barracuda

Move the radio button to "forward all mail to this connector" and enter the IP of the Barracuda as the destination.

NOTE that exchange is temperamental and often will not actually use the smarthost when you save it. Often you have to reboot the exchange server to get it to start working.

You can tell it is working by going to your Barracuda message log and do a search for source IP contains 192.168.0.3, This will show you mail coming to the barracuda from your exchange server.

NOTE it is important that your router be configured to allow outbound port 25 traffic (SMTP) from the Barracuda IP. You MAY need to create a rule for that.

I can't make it any clearer than that.

Sincerely,


 

Go to the full post


  • Please log in to reply
8 replies to this topic

#1 Jimmy Hum

Jimmy Hum
  • Members
  • 11 posts

Posted 11 October 2016 - 11:47 AM

We have a Spam Firewall 100 on 7.1.1.004.

It's currently working well on a very plain and default setup: router's incoming port 25 (and only this port) all goes to the SF100, then the SF100 does its thing and sends what it likes to the Exchange Server 2003 inside the LAN, same subnet.

Now we would like to make use of the SF100 for Outbound filtering too.

Our Exchange Server 2003 sends out mail directly without the use of our ISP's SMTP.

How does this work in a nutshell? Does the Exchange Server 2003 send to the SF100, and then the SF100 sends out to the internet? Or does the SF100 reflects approved mails back to our Exchange Server 2003, and it is still the Exchange Server 2003's job to send out mail to internet?

Aside from the above that needs answering, I cannot find any workflow that is specific for Exchange Server 2003. If someone from support can point us in the right direction with a workflow, FAQ, something published for us to read.



#2 Matthew McIntyre

Matthew McIntyre

    Tier2

  • Barracuda Team Members
  • 18 posts

Posted 11 October 2016 - 12:03 PM

Hello Jimmy,

    You are correct, the Exchange Server 2003 send to the SF100, and then the SF100 sends out to the internet. You will also need to make sure you have no traffic policy that would prevent the barracuda from sending port 25 traffic outbound. Please review our barracuda campus on setting up outbound here: https://campus.barra...F/OutboundMail/and dont hesitate to contact our support team if you need assistance.



#3 Michelle Exner

Michelle Exner

    BSF / BESS Moderator

  • Moderators
  • 391 posts

Posted 11 October 2016 - 12:04 PM

For outbound mail filtering you would set up the Barracuda to accept mail from the Exchange server and it would then relay the filtered mail out directly to the internet. Full details on how to do this can be found here.

https://campus.barra...teOutboundMail/

Basically you add the IP of the Exchange server to the outbound trusted relay (basic/outbound page) and then configure the exchange servers smarthost to send mail to the Barracuda for filtering.

you will be increasing the load on your Barracuda with this additional mail processing so if you start seeing your inbound queue build up you may have to move to a larger unit to handle the increased load.

Other than that it is a simple change that just takes a few minutes to set up. If you run into any issues please call into Barracuda Support who can assist you in resolving them.

Thank you,


Michelle Exner
Product Lead Support Engineer
Barracuda Email Security
(408) 342-5300


#4 Jimmy Hum

Jimmy Hum
  • Members
  • 11 posts

Posted 11 October 2016 - 12:15 PM

From what you folks are telling me, it's a one-way path, just like incoming mail.

 

Inbound: Internet > Router > SF100 > Exchange Server 2003

Outbound: Exchange Server 2003 > SF100 > Router > Internet

 

Please confirm my understanding:

 

Once the Exchange Server 2003 releases email to the SF100, it's bon voyage, and no longer the Exchange Server 2003's problem.

 

The SF100 would now be contacting each recipient server directly, and handle all the NDRs, bounces, funnies, etc.



#5 Michelle Exner

Michelle Exner

    BSF / BESS Moderator

  • Moderators
  • 391 posts

Posted 11 October 2016 - 12:22 PM

That is correct


Michelle Exner
Product Lead Support Engineer
Barracuda Email Security
(408) 342-5300


#6 Jimmy Hum

Jimmy Hum
  • Members
  • 11 posts

Posted 11 October 2016 - 04:51 PM

I've seen and read that link before starting this thread, unfortunately for me it is too generalized, explains too many options and choices, and perhaps Exchange Server 2003 is just too old.

Instead of going in-depth and granular of what I could do, can someone just provide me the minimum required so the SF100's Outbound will simply work for me to test with. If I don't need a feature now, then it's something I can work on after, I just need to know what to populate in these screenshots with the working examples:

Router is 192.168.0.1
SF100 is 192.168.0.2
Exchange Server 2003 is 192.168.0.3

Do I also delete/disable the Default SMTP Virtual Server, if the SF100 is going to be the "smart hosts"?

 

Screenshot from SF100:

http://mail.globemobilite.com/20161011_Barracuda_SF100_Outbound.jpg

 

Screenshot from Exchange Server 2003:

http://mail.globemobilite.com/20161011_Exchange_Server_2003.jpg



#7 Michelle Exner

Michelle Exner

    BSF / BESS Moderator

  • Moderators
  • 391 posts

Posted 11 October 2016 - 05:00 PM   Best Answer

Jimmy,

On the barracuda you go to the Basic Outbound page. You add the IP of your Exchange server to the "Relay Using Trusted IP/Range"

IP = 192.168.0.3  netmask = 255.255.255.255

On your Exchange server you set your smarthost so that is sends outbound mail to the Barracuda

Move the radio button to "forward all mail to this connector" and enter the IP of the Barracuda as the destination.

NOTE that exchange is temperamental and often will not actually use the smarthost when you save it. Often you have to reboot the exchange server to get it to start working.

You can tell it is working by going to your Barracuda message log and do a search for source IP contains 192.168.0.3, This will show you mail coming to the barracuda from your exchange server.

NOTE it is important that your router be configured to allow outbound port 25 traffic (SMTP) from the Barracuda IP. You MAY need to create a rule for that.

I can't make it any clearer than that.

Sincerely,


 


Michelle Exner
Product Lead Support Engineer
Barracuda Email Security
(408) 342-5300


#8 Jimmy Hum

Jimmy Hum
  • Members
  • 11 posts

Posted 11 October 2016 - 05:13 PM

What about the "Default SMTP Virtual Server", do you recommend I disable that protocol, like I have with the other protocols that we never use? Remove it from the "Local bridgeheads"? Or are all protocols simply ignored/overruled once we have told Exchange to use the smart hosts (Barracuda)?



#9 Michelle Exner

Michelle Exner

    BSF / BESS Moderator

  • Moderators
  • 391 posts

Posted 11 October 2016 - 05:16 PM

No you do not change the default virtual server. leave it alone. if you remove it your mail server will stop accepting SMTP traffic. ALL You are changing is how outbound traffic is sent from exchange to the internet. It is now using DNS routing, you are changing it to the smarthost.


Michelle Exner
Product Lead Support Engineer
Barracuda Email Security
(408) 342-5300