How to use a smart host By Mariette Knap 2003, 2008, 2011, ISA 2004, ISA 2006, SBS, www.smallbizserver.net smarthost, smtp A smart host is a type of mail relay server which allows an SMTP server to route e-mail to an intermediate mail server rather than directly to the recipient’s server. Often this smart host requires authentication from the sender to verify that the sender has privileges to have mail forwarded through the smart host. This is an important distinction from an open relay that will forward mail from the sender without authentication. Common authentication techniques include SMTP-AUTH and POP before SMTP. Table of contents How to use a smart host Use a smart host for all email Use a smart host for some domains Set authentication when using a smart host Use a different port to send email Use a smart host using an encrypted connection (SSL) Configure ISA to allow outbound traffic on a non-standard SMTP port Some ISPs, in an effort to reduce e-mail spam originating at their customer’s IP addresses, will not allow their customers to communicate directly with the recipient’s mail server via the default SMTP port number 25. In this case the customer has no choice but to use the smart host provided by the ISP. A growing number of systems also verifies the sending system against known lists of cable modem and DSL networks and will not accept SMTP connections from these systems to reduce the amount of incoming spam. Field test have shown this can have a sizable impact on the number of spam messages one receives and it is expected to become more and more common. Source http://en.wikipedia.org/wiki/Smart_host. Use a smart host for all email If you need to use a smart host for all outgoing mail and you don't need to set it on a different port (25) then this is done by running the CEICW. Start the Server Manager from the start Menu. On the Server Management console choose 'Internet and E-Mail' and click on 'Connect to the Internet'. That will start the CEICW (Configure E-Mail and Internet Connection Wizard). After some steps in the CEICW you will see a window asking you if you want to use DNS to send mail or if you want to forward all mail to the mail server of your ISP. We choose this last option because we want to forward all mail to smarthost.isp.com. Please, ask your ISP for the name of the mail server that you can use as a smart host. Now we are going to have a look 'under the hood'. Open ESM (Exchange System Manager). The CEICW changed the Smallbusiness SMTP connector and set the smart host as shown in the picture below. Click on the tab 'Address Space' and see that all (*) mail is send using that smarthost on this SMTP connector. That is important to understand because if we only want to send mail for certain domains using a smarthost we need to add an additional SMTP connector and set the appropriate address space for that connector. Use a smart host for some domains If you have set a smarthost as described in the previous chapter you need to disable that. Start ESM (Exchange System Manager). We set the SmallBusiness SMTP connector to use DNS to route all email. From the Connectors hive right click and choose New -> SMTP Connector. Give the new Connector a name and set it to forward all mail to the mail server of your ISP. Set the local bridgehead to your Default SMTP Virtual Server. Click OK. Click on the tab 'Address Space' and click to add an Address Space type SMTP. We need to route all email for the aol.com domain to our smarthost. Fill in the email domain. The address space for aol.com is set. NEVER EVER SET 'Allow messages to be relayed to these domain'. If you do that your server will be an open relay. The SMTP connector has been added and mail for aol.com is routed to our smart host. Set authentication when using a smart host Some ISP's require authentication when you connect to a smart host. From within ESM (Exchange System Manager) right click the SMTP connector you just created for the aol.com domain. Choose the tab Advanced -> Outbound security -> Basic Authentication -> Modify and fill in the credentials given by your ISP. Click 3 times OK to accept the changes. Use a different port to send email In this chapter we set the port to send email to a smart host that runs on a non-standard SMTP port. Remember that in this example we will route all mail to our smart host, we only have the Smallbusiness SMTP connector listed. The Smallbusiness SMTP Connector uses the Default SMTP Virtual Server as a bridgehead and because of this we need to set the outgoing port on the bridgehead and not on the SmallBusiness SMTP connector. AFAIK you cannot set a different port on a SMTP connector so that makes it easy. From ESM (Exchange System Manager) right the Default SMTP Virtual Server and choose Properties. Click on the bottom 'Outbound Connections'. DO NOT set Outbound Security on the Default SMTP Virtual Server. Here is where we set the non-standard SMTP port. In our case the ISP told us that smart host runs on port 2525 so that is what we fill in. Yours maybe different, ask your ISP. Use a smart host using an encrypted connection (SSL) This is not used a lot but if you want to use an encrypted connection when routing mail to a smarthost you will need to set TLS encryption when authenticating to the smarthost, set a secure smart host like smtps.isp.com and set the Outgoing port on the default SMTP virtual server to port 465. How to set a different port for the default SMTP Virtual Server is described in http://www.server-essentials.com/support/articleid/69/how-to-use-a-smart-host#use-a-different-port-to-send-email. Set TLS encryption on the 'Smart host' connector. Configure ISA to allow outbound traffic on a non-standard SMTP port If you do not have ISA 2004 installed you can skip this chapter. SBS 2003 without ISA 2004 does not have any outbound port restrictions so that does mean your Default SMTP Virtual Server can connect to any remote mail server on any port you wish. As we all know the default port for SMTP is 25 but because our ISP blocks outgoing mail on port 25 and we need to use a smart host that is not part of the ISP's network we need to allow outbound traffic on the port the Default SMTP Virtual Server is set on. In our case that is 2525. Open ISA 2004 server manager. The SBS SMTP Outbound Access Rule makes it possible for the Default SMTP Virtual Server to connect to mail servers on the Internet on the standard SMTP port 25. Double click the SBS SMTP Outbound Access Rule, choose the tab Protocols. There is our SMTP protocol listed for port 25. Click add to create a new protocol to allow traffic on port 2525. Click add New Protocol and choose 'Protocol'. We will name the new protocol 'SMTP to Smart Host'. Click next. Click New. Define the properties of the new protocol. If you are done click OK. We have defined the primary connection for our new protocol, click next. We don't need to set a secondary connection, click next. The wizard has completed the creation of our 'SMTP to Smart Host' protocol. Click finish. The new protocol is listed under User-Defined protocols, click add and then close. With the new rule highlighted click edit. Check the SMTP Filter. Click OK to accept all changes. Click Apply to save the changes and update the configuration. Note: I have not removed the default SMTP port in this example because you never now when you will need it. If you decide to remove port 25 from the SBS SMTP Outbound Access rule be sure to make a note of that!