Topic: Forward to internal mail server issues

[michaeld]

Hi All

I have a SME Server 7.3 server in a DMZ that accepts all inbound email (scans it for virus/spam) and then forwards to a Microsoft Exchange 2003 server on the LAN.

At the moment this is all working fine, however when I tried to get Email Archiving working using this howto http://wiki.contribs.org/Email#Keep_a_copy_of_all_emails external users sending email to the company got bounce messages even though the email was getting to the end user.

Th other thing I noticed was that webmail wouldn't allow me to login as the user I was forwarding all inbound/outbound mail to.

Does anyone know of a solution to this before I try implementing another solution?

Thanks

[MSmith]

My first comment is that you don't need the SME server in a "DMZ" at all; if it's in server/gateway mode and is your gateway it is by definition exposed to the Internet.  if it's a single-NIC server-only setup, it's best from a security standpoint simply to forward port 25 from your gateway/router to the SME machine.

Secondly, setting a delegate email server, which absolutely spiffy for doing just what you are doing, i.e. pre-filtering email going to Exchange, disables many other email-related functions and, it would seem, breaks the function you're trying to implement.  Unless someone has some command-line wizardry to suggest, I think you're barking up the wrong tree here.  Can Exchange do what you want?

[michaeld]

The setup of the server is "Server-Only" mode with a single network card.

The router forwards Port 25 (SMTP) to the SME Server box in the DMZ which then forwards to the Exchange box in the LAN.

If this configuration breaks the email archiving function, then I will need to look at another solution which will be a bit of a pain.   

[MSmith]

If the SME box is really in a "DMZ", which I understand to mean typically that it is exposed to the Internet, you have a security problem as putting a server-only SME box in a "DMZ" exposes the internal interface to the Internet.  Or do you mean something else by your use of the term "DMZ"?

As for your original question, since you've tried it and it doesn't work I'd assume the two functions are incompatible.  Anybody else know for sure?

[purvis]

i may sound stupid, but does the email account actually exist that you are archiving the email to.
i would double check that.
or is it that email tracking has to be on a different email server rather than the server that is doing the actual email achieving.