Port 25 on CAS server - any security concerns?
We are thinking about moving away from using a smarthost provided by our ISP for delivering mail and using opening up port 25 on our hub transport server to deliver mail directly to the Internet. At the moment we have 2 servers: Server1: CAS/MBX/HUB Server2: CAS/MBX/HUB Server1 is accessible from the Internet for OWA so if we were to open up port 25 for SMTP would this pose any sort of security concern or are we better off with a seperate hub transport server witht the relevant ports open?
June 22nd, 2011 3:54pm

You aren't gaining anything from a security point of view using a separate hub transport server. They are deployed for load reasons. If you are concerned about security, then look at deploying TMG/ISA in front. Personally I have no issue with having traffic coming directly in to Exchange and have done so for most of my clients. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.
Free Windows Admin Tool Kit Click here and download it now
June 22nd, 2011 6:07pm

For mail flow to Internet, you should open port 25 on Hub transport server. Regarding to the mail flow security, I would like to share you the following article about SMTP Connectivity security. http://www.shudnow.net/2008/02/10/client-to-server-secure-smtp-connectivity-in-exchange-server-2007/ Thanks. Novak Wu TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
June 23rd, 2011 3:52am

How is thing going on? If there is any progress or question, please feel free to post it here. Thanks. Novak Wu TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
June 24th, 2011 3:43am

You aren't gaining anything from a security point of view using a separate hub transport server. They are deployed for load reasons. If you are concerned about security, then look at deploying TMG/ISA in front. Personally I have no issue with having traffic coming directly in to Exchange and have done so for most of my clients. Simon. Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me. Simon, Thanks for that, it answers my question. Cheers Adam.
June 24th, 2011 8:12am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics