We are a small enough shop that, at least at this time, we cannot afford the second hardware and license of Exchange to do the Edge Server. So, from what I am reading I am going to have to set up the HUB transport to allow for incoming mail from the internet. I have read the article about allowing anonymous and whatnot. Currently my set up is incoming mail hits my firewall, then goes to a Barracuda anti-spam box. Then the Barracuda sends the mail on in to the server (currently to the 2003 server til I get this task completed). So, my question is this, is there a way to set up the HUB transport to only allow the anonymous connections from the Barracuda box and not anyone in the internet? And would this idea work? I know it would still not be as secure as a true Edge server but would be more secure than straight up to the internet I would think.

You don't need an Edge if you have a 'cuda. I don't think I have ever deployed Exchange with an Edge server, mainly because I cannot justify the cost- even on a large implementation. Just add an IP address restriction on the Default Receive connector so that it only has the 'cuda's IP address listed. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.

Ok, thanks. But, that brings up the implementation question for me: I open up the default connector and it has in the Network Tab to Receive mail from : IP6 address 0.0.0.0-255.255.255.255 And on the Permisions group tab it does not have the anonymous selected. So, I added the exact IP address of the cuda into the Receive mail from (at this point I have not removed the other items that were in there by default). But, when I do a test email from my gmail account in, I get it returned saying 530 not authorized. I am guessing that means I still have to check the box saying allow Anonymous. But the question is, should I remove the 0.0.0.0 address from the network tab?