smart host to foreard or DNS to route (ORF+SMTP betwwen Exchange and TrendMicro DDEI) - ORF Forums

smart host to foreard or DNS to route (ORF+SMTP betwwen Exchange and TrendMicro DDEI) RSS Back to forum


InternaI we have 3 exchange server, Now I will install ORF with WIN2012+smtp in DMZ , and place it behind Trendmicro DDEI Gataway in DMZ.
Mail inbound : Internet-->DDEI-->ORF-->Exchange servers
1. How to set Multiple host address to forward all mail ? If use DNS, which is better for local host or DNS server ? which is efficient?
2. Intermediate host input?
3. the Deployment is best practice?

by Monkeenmao 6 months ago

@Monkeenmao: Hello Monkeenmao,

When you have a gateway/front-end server relaying emails to ORF, there are only three things you have to make sure of:

1. The gateway must not remove "Received:" headers from the message header, or modify the content of the email header and body. The former will prevent ORF from determining the source IP of the email, the latter can break DKIM signatures. Both will result in false-positives.

2. You must disable SMTP authentication on the gateway-facing Exchange Receive Connector on the ORF Server, to mimic internet-facing Receive Connectors. Emails sent through authenticated SMTP connections are whitelisted by ORF automatically.

3. If the gateway is deployed outside of your network boundary and forwarding emails in a non-transparent manner (i.e. it adds its own IP to the message trace fields in the message header) via a network interface with a public IP, then you have to add that public IP to the Intermediate Host List of ORF (Administration Tool: Filtering > Intermediate Hosts).

Since ORF is not an SMTP proxy (it does not actually receive and send emails, the underlying mail server is responsible for that), there are no network interface or connector settings to worry about.

With regards to the DNS settings, we always recommend to use the "built-in DNS resolver" of ORF (Administration Tool > System > DNS > DNS Settings), unless you have to share cached data between multiple servers.

For best practices, I suggest you consult the Deployment ( and Best Practices ( guides.

If you have further questions, just let me know.

by Daniel Novak (Vamsoft) 6 months ago
(in reply to this post)


I would suggest to change the order of your SMTP chain:
Internet-->ORF-->DDEI-->Exchange servers.
Also you should know, that 2012 isn't far from end of lifecycle. ;) IIS SMTP does not support/use oportunistic TLS as well.


by NorbertFe 6 months ago

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2