Hi all, We are going to be moving from Exchange 2007 to 20010. Currently we only have one Exchange server with the CAS, HubTransport, and Mailbox server roles. When we deploy 2010 we are going to be splitting all of those up on different servers. Our Exchange server now has a public IP, but when splitting up the roles, is it best practice to use private IPs for the server that houses the Mailbox role? Or is there a reason for it to stay public? Any help is appreciated, thanks. Edit: We currently have a Barracuda spam filter that accepts all incoming mail from the web.

Hi, No need to public address for your internal exchange server. Register your external Owa address in a public DNS and point it to your firewall. Best regardsBest Regards Don't forget to mark it as answer if it helps

You do not need any Public IP for any of your mail servers just make sure proper ports to your servers have been configured and they are pointing back to correct internal IP Addresses. The Private IP’s and Private IP Address range is not routable, meaning packets will be dropped off by the routers by default, unlike Public IP Address and range. In order mail to reach to your mail server at the least you will need internet presence on the public DNS Servers. ( A record, MX record, Came Record = Public IP Address) , The public DNS servers for your SMTP domain name space should point to Public IP address, this Public IP address should point to your Network Perimeters (Your Firewall) and your Firewall should allow SMTP ( Port 25) traffic from and to , public IP address range to your local Exchange server, in order mail to flow. IN a nutshell: So let’s say your SMTP domain name space is @YourMailServer.com and mine is @MyMailServer.com, I want to send mail to your mail server from my mail server. Fallowing basic takes place I use my Desktop outlook and compose e-mail to you you@YourExchangeServer.com and connect to my Exchange Server my mail address is oz@MyMailServer.com, ( from: oz@MyMailServer.com --à to you@YourExchangeServer.com) My mail server says I am authoritative for SMTP name space Anything@MyMailServer.com so this mail is destine for you@YourExchangeServer.com, therefore I must ask my configured public DNS server to find out public IP address of destination mail server -àyou@YourExchangeServer.com, SO Journey starts MY mail server ask its configured DNS server my DNS server does recursive query and ask its configured Public DNS server if anyone on the entire net would know the authoritative SMTP server IP address for you@YourExchangeServer.com, The registered public DNS server says yes I do know the IP address for this SMTP domain here is the IP address ( X.X.X.X=you@YourExchangeServer.com=MX Record and passes this information to my Exchange Server. Now My exchange server tries to open connection on port 25 to this public IP address at this point , in general I should be getting routed to your network firewall and your network firewall should allow my server to pass the SMTP traffic ( Port 25) back to your exchange server which is sitting in the private IP address range ( NAT will make the magic ) Your server (assuming configured to access and talk in port 25) start talking to my server accepts the mail and finds your mailbox puts the mail in there. Your desktop which is connected to your Exchange server via outlook sees there is new mail and graps it and you see my e-mail. Hope it helps (-: Oz Casey, Dedeal, Microsoft MVP - Exchange Server, MCITP (EMA), MCITP (EA), MCITP (SA) Visit smtp25.blogspot.com Visit Telnet25.wordpress.com This posting is provided AS-IS with no warranties or guarantees and confers no rights.

Hi, > is it best practice to use private IPs for the server that houses the Mailbox role? Or is there a reason for it to stay public? For the safty consideration, only firewall should be allowed to publish on internet. You can deploy exchange server follow the below struct. http://araihan.wordpress.com/2010/05/28/exchange-2010-deployment-in-different-firewall-scenario/Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.