Sunday, May 29, 2011

Migrating to Microsoft SMTP Gateway guidelines and recommendations

Because of the huge success of the Forefront Protection 2010 for Exchange; a lot of companies are considering migrating from other products to FPE; so I decided to write a guidelines and recommendations to insure a smooth migration with a zero downtime,
Please make sure to read the recommendation carefully before jumping to the migration steps.


  • Plan the migration steps with the Network and External DNS teams.
  • If you network team are using Cisco PIX Firewall make sure they read the following article ahead and that the header of your SMTP gateway isn’t masked
  • Export the list of blocked IP’s, senders and domains from your old anti-spam to the Forefront Protection 2010 for Exchange.
  • Enroll your environment at the Junk Mail Reporting Partner Program
  • Make sure the new IP’s that will be assigned to your Edge Server aren’t blacklisted
  • Monitor the blacklist status of your domain sending IP’s and get email alerting when added or removed from any blacklist database by registering at
  • Install the Forefront Protection Server Management Console to get a centralized console for configuration deployment, reporting, quarantine management, engine and definition update deployment
  • Make sure to manage your customer’s expectation at the early deployment phase and try to educate them about your plan in order to win their cooperation with you.
  • Be sure to use the right disk types to provide you with enough IO’s for your SMTP gateways.
  • Don’t enable recipient filtering until you are sure the synchronization process has been completed on all SMTP Gateways.


Useful Links
Preparing the windows servers.  
Installing the file level anti-virus"FEP 2010"
Defining the anti-virus exclusions
Installing Microsoft Exchange Server 2010 SP1 Edge Server role
Creating the Accepted Domains
Configuring the External DNS Lookups
Configure DNS Records for Your Edge Servers
Installing the Forefront Protection 2010 for Exchange.
Configuring the forefront protection 2010 for exchange.
Create new MX records to point to the new edge servers with a higher priority than the old ones.
Create an Edge Subscription File on an Edge Transport Server.
Import an Edge Subscription File to an Active Directory Site.
Force EdgeSync Synchronization.
Disable the send connector that is sending to the old SMTP gateways.  
Make sure you can send mail outside your organization using the new SMTP gateways.  
Shift the priority of your MX records so the low priority will be your new Microsoft SMTP gateway.  
Make sure you are receiving emails on your new SMTP gateways.  
Shutdown your old SMTP gateways.  
After a period of time make sure to delete your old MX records after making sure that everything is working smoothly  
Congratulations; you have done a good job.  

See you soon, Hany Donia


Anonymous said...

Thanks for sharing this... really helpful :)


Hany Donia said...

Good to know that you like it; Thanks for your visit and comment

Warm Regards ...
Hany Samir Donia