Using Packet Filters with Exchange Server

ID: Q176771

The information in this article applies to:

Microsoft Proxy Server version 2.0

SUMMARY

There are two methods of using Microsoft Exchange Server (or other Winsock-based server applications) with Proxy Server version 2.0:

Co-locate the Microsoft Exchange services on the Proxy Server 2.0 server.

Install Microsoft Exchange Server on a separate computer located on the internal network behind the Proxy Server 2.0 server. Use the Server Proxy feature of Proxy 2.0 to redirect the listen() call of the Microsoft Exchange services.

MORE INFORMATION

Co-locating Microsoft Exchange (or other POP3/SMTP server) with Proxy 2.0

If the mail server (Exchange or other POP3/SMTP) is installed on the Proxy Server, it will be able to listen for connections from any network interface. For example, mail clients or SMTP servers on the Internet or Intranet will be able to send and receive mail to the mail server installed on the Proxy Server.

If Proxy Server 2.0 packet-filtering feature has been selected (enabled), all connections from mail clients or servers on the Internet will be blocked. All communications except for ICMP requests to and from the Proxy Server will be blocked. However, proxy clients that use any of the Proxy services will still be able to communicate with the Internet through the use of the Proxy Server dynamic packet-filtering feature.

Because the Mail server is installed on the Proxy Server computer, it will not be using the Proxy services to communicate with the Internet. The communications will be blocked unless static filters are enabled on the Proxy packet filter interface for the mail program you are using.

The instructions below outline how to create the necessary packet filters for a mail server installed on the proxy server.

Adding the Predefined Packet Filters:

In the Security dialog box on the Packet Filters tab, click Add.

In the Packet Filter Properties dialog box, under Allow this Microsoft Windows NT Server to Exchange Packets of Type, click Predefined filter and select a protocol.

By default, the predefined filters will allow communication to/from ANY host on the Internet. If needed, modify the Local Host and Remote Host settings before you click OK.

Click OK.

Repeat steps 1-4 to add the IDENTD filter. Repeat step 1 through 4 again for the POP3 filter if you are using POP3.

Adding the Custom Packet Filters:

In the Security dialog box on the Packet Filters tab, click Add.

For INBOUND SMTP, add the following custom filter:
Direction - inbound
Local port: fixed port - 25
Remote port - ANY
Local host - default proxy external IP addr.
Remote host - any

By default, the custom filters will allow communication to/from ANY host on the Internet. If needed, modify the Local Host and Remote Host settings before you click OK.

Click OK.

For INBOUND POP3 (If using POP mail), add the following custom filter:
Direction - inbound
Local port: fixed port - 110
Remote port - ANY
local host - default proxy external IP addr.
Remote host - any

By default, the custom filters will allow communication to/from ANY host on the Internet. If needed, modify the Local Host and Remote Host settings before you click OK.

Click OK.

Configuring Exchange or other SMTP servers behind Proxy Server 2.0

For additional information about configuring Microsoft Exchange Server or other SMTP servers behind Proxy Server 2.0, see the following article in the Microsoft Knowledge Base:

Q181420 How to Configure Exchange or Other SMTP with Proxy Server


Keywords          : prx2faq kbfaq 
Version           : winnt:2.0
Platform          : winnt 
Issue type        : kbhowto

Last Reviewed: August 9, 1999