Exchange as a gateway?

(Written with Jamie Bernstein)

Nobody with an ounce of security sense would plug a Web connection directly to an e-mail server behind the firewall. That's one reason why, around the time the firewall was invented, the DMZ was born. A DMZ is a network segment that sits between two firewalls: one facing the dangerous Internet and the other protecting the safe interior of the LAN. If the SMTP gateway is kept in the DMZ, the risk of a hacker taking over the mail server and using it as a jumping off point to attack the rest of the network is reduced by that extra firewall.

Until recently, Exchange wasn't really suited for edge server duty in the DMZ, because an Exchange SMTP relay server required a full Exchange implementation, with all of the associated overhead and license costs, when all that was required was a mail gateway to relay between outside and inside.

As a result, many organizations that run Exchange internally have been opting for an open source e-mail server to act as their SMTP gateway. Common choices include Sendmail or Postfix running on Linux. These free, open source choices can be bundled with anti-virus and anti-spam packages to create a full e-mail security gateway.

Exchange 2007, however, introduces the Edge Transport Server role. This is a modified Exchange installation that includes only functions that need to run on a gateway server. And, more important, the server does not need to be a member of the Active Directory domain, reducing the chance hackers can bust open your network directory. Instead, it uses ADAM (Active Directory Application Mode) to manage a list of Exchange users permitted through the gateway. In short, e-mail that is not addressed to a valid Exchange mailbox is denied at the gateway, rather than coming all the way to the destination server.

But does that really mean it's time to give up Postfix and go all-Redmond, all the time? Microsoft sure makes a good case for it. For one, it's done a lot more than just basic SMTP relay functionality. Anti-virus and anti-spam functions are part of the edge transport server role, assuming the Exchange enterprise license has been purchased, and you can get it as either an in-house software purchase or as part of the Exchange Hosted Filtering Service, similar to the type of off-site e-mail filtering provided by MessageLabs.

An especially nice feature is the safe-sender function. When an Outlook user chooses to flag a specific sender as either "safe" or "blocked," this information is now distributed to the Edge Server. This means that blocked e-mail, on a per-user basis, can now be denied at the gateway as well. Conversely, a sender known to be safe can be allowed through the anti-spam filter. And it is handled per user; Bob's blocked sender can be Irving's safe sender.

So with all these new features, why consider using anything else as your SMTP relay server? Cost. Microsoft's not requiring another Exchange server license, and you'll already have the Exchange CALs (client access licenses), but you will need a new Windows 2003 server license. Anti-virus and anti-spam also cost extra, with the hosted version requiring monthly fees. Also note Exchange 2007's requirement for 64-bit hardware.

If those numbers don't bother your budget, however, then the Edge Transport Server role fills a significant gap in Exchange functionality and adds a few Exchange-only features that would be harder to configure using a third-party solution.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Oliver Rist

Show Comments

Brand Post

Bitdefender 2019

Taking cybersecurity to the highest level and order now for a special discount on the world’s most awarded and trusted cybersecurity. Be aware without a care!

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?