We already have a Sophos suite that includes an ES100 email appliance. No one has taken the initiative to put it in place yet since we were using Microsoft Forefront (and now EOP since their change). I'm looking to get rid of EOP and use the Sophos email appliance we have.
About my environment:
Currently our MX record with our ISP is pointed at Microsoft EOP and then EOP is pointed to the NAT'd IP for our Exchange 2010 server. The Send Connector is set to 'Use DNS "MX" records to route mail automatically'.
Here's how I envision the change to the Sophos email appliance to go.
- Set up a new NAT for the email appliance
- Update our MX record with our ISP to the public IP for the email appliance
- In the routing on the email appliance set the Mail Delivery Servers and Internal Mail Hosts to the internal IP address of our email server.
- Disable our existing Send Connector and create a new one and select the option 'Route mail through the following smart hosts' and add the internal IP address of the email appliance.
- Add the internal IP address of the email appliance to the existing Receive Connector.
Does it sound like I missed anything? Since email will be routed through the email appliance won't emails appear as sent from the public IP of the email appliance hence screwing up the reverse DNS that spam filters check for? The DNS record for the public IP for our email server already matches what the Send Connector has for the HELO response.
What is the best way to have the lowest impact on email for the company? Should I start routing outbound email through the email appliance now and change the settings for inbound email late on a weekend?
Thanks for any input.
This thread was automatically locked due to age.