We are a small enough shop that, at least at this time, we cannot afford the second hardware and license of Exchange to do the Edge Server. So, from what I am reading I am going to have to set up the HUB transport to allow for incoming mail from the internet. I have read the article about allowing anonymous and whatnot. Currently my set up is incoming mail hits my firewall, then goes to a Barracuda anti-spam box. Then the Barracuda sends the mail on in to the server (currently to the 2003 server til I get this task completed). So, my question is this, is there a way to set up the HUB transport to only allow the anonymous connections from the Barracuda box and not anyone in the internet? And would this idea work? I know it would still not be as secure as a true Edge server but would be more secure than straight up to the internet I would think.

You don't need an Edge if you have a 'cuda. I don't think I have ever deployed Exchange with an Edge server, mainly because I cannot justify the cost- even on a large implementation. Just add an IP address restriction on the Default Receive connector so that it only has the 'cuda's IP address listed. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.

Ok, thanks. But, that brings up the implementation question for me: I open up the default connector and it has in the Network Tab to Receive mail from : IP6 address 0.0.0.0-255.255.255.255 And on the Permisions group tab it does not have the anonymous selected. So, I added the exact IP address of the cuda into the Receive mail from (at this point I have not removed the other items that were in there by default). But, when I do a test email from my gmail account in, I get it returned saying 530 not authorized. I am guessing that means I still have to check the box saying allow Anonymous. But the question is, should I remove the 0.0.0.0 address from the network tab?

Ignore the IPv6 data. If you don't remove the 0.0.0.0 - 255.255.255.255 then anything can still send to the server. Although if you have your firewall setup correctly then this isn't a problem. You will still need to enable anonymous. Restart the MS Exchange Transport Service before testing. Another option would be to leave the default alone and create a new connector: New-ReceiveConnector -Name "Inbound Email" -Usage Internet -PermissionGroups AnonymousUsers -Bindings 192.168.11.1:25 -RemoteIpRanges 192.168.12.2 Where 192.168.11.1 is the Exchange server's IP address and 192.168.12.2 is the 'Cuda. Simon. Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.