Typical deployment scenarios
This chapter explains the different scenarios how GFI MailEssentials can be installed and configured.
You can install GFI MailEssentials directly on Microsoft® Exchange Server 2010 or later, without any additional configuration.
In Microsoft® Exchange 2010 environments, GFI MailEssentials can only be installed on the servers with the following roles:
- Edge Server Role, or
- Hub Transport Role, or
- Hub Transport and Mailbox Roles - with this configuration GFI MailEssentials can also scan internal emails for viruses.
In Microsoft® Exchange 2013/2016/2019, GFI MailEssentials can only be installed on the servers with the following roles:
- Edge Transport role, or
- Mailbox role.
This setup is commonly used to filter spam on a separate machine, commonly installed in the DMZ. In this environment a server (also known as a gateway/perimeter server) is set to relay emails to the mail server. GFI MailEssentials is installed on the gateway/perimeter server so that spam and email malware is filtered before reaching the mail server.
This method enables you to filter out blocked emails before these are received on the mail server and reduce unnecessary email traffic. It also provides additional fault tolerance, where if the mail server is down, you can still receive email since emails are queued on the GFI MailEssentials machine.
When installing on a separate server (that is, on a server that is not the mail server), you must first configure that machine to act as a gateway (also known as “Smart host” or “Mail relay” server). This means that all inbound email must pass through GFI MailEssentials for scanning before being relayed to the mail server for distribution. For outbound emails, the mail server must relay all outgoing emails to the gateway machine for scanning before they are sent to destination.
If using a firewall, a good way to deploy GFI MailEssentials is in the DMZ. GFI MailEssentials will act as a smart host/mail relay server when installed on the perimeter network (also known as DMZ - demilitarized zone).
In Microsoft® Exchange Server 2010 or later environments, mail relay servers in a DMZ can be running the Edge Transport Server Role.
Configure the IIS SMTP Service to relay emails to your mail server and configure the MX record of your domain to point to the gateway machine. For more information refer to Installing on an email gateway or relay/perimeter server.