Supporting Messaging Clients

Intranet-to-Internet Communication

Your Exchange 2000 deployment should allow mail to travel back and forth between your organization and the Internet and restrict Internet access to your internal servers. This section provides recommended guidelines for enabling SMTP virtual servers to communicate with the Internet.

A common and effective method for regulating external and internal mail flow is to set up a mail gateway in your organization. A mail gateway is a server that is the only point of mail contact between your intranet and the Internet.

Also, Microsoft recommends protecting your internal mail from risks associated with the Internet, such as incorrectly configured Domain Name System (DNS) servers. Address lookups within your organization should be handled by internal DNS servers; for mail addressed to non-local users, only a pre-defined list of external DNS servers should be consulted.

The following chart illustrates common mail flow scenarios, and the ideal result in each:

Mail From Addressed To Expected Result
Internet users Internet users Mail won't be relayed. It will be rejected at the gateway.
Internet users Intranet users Mail enters your intranet at the gateway, and only internal DNS servers are used in delivery.
Intranet users Internet users Mail is forwarded to the gateway, which forwards it to the Internet. Only external DNS servers are used to resolve the non-local address.
Intranet users Intranet users Mail never leaves the intranet, and any DNS lookup is completely internal.
Spammer, unauthorized senders Intranet users Message filtering prevents these messages from entering your intranet.