Obviously these directions require some customization to fit into your network. Specifically you'll want to replace the sample server names and IP addresses with your own. Here's a little diagram of what we'll be setting up:
 |
For our examples, our internal network numbering uses the 10.0.0.0/8 private domain range. The 10.1.0.0/16 network is our main network. The 10.2.0.0/16 network is our DMZ network. Our pretend public internet class C is 65.0.0.0/24. Additionally, the server we will be setting up will be called mta1 in these directions. You can call your server whatever you want, just replace it with your name where ever you see it. For simplicity, we'll pretend that our company's domain name is domain.com.
Hopefully you have a firewall at your company. Here's a list of what traffic you will need to allow through your firewall to make all of this work.
| Source | Destination | Type | Port | Description |
| 10.2.1.50 | 10.1.1.50 and any External | TCP | 25 | Outgoing SMTP |
| 10.1.1.50 | 10.2.1.50 | TCP | 25 | SMTP from Exchange to our MTA |
| any External | 10.2.1.50 | TCP | 25 | Incoming SMTP |
| 10.2.1.50 | any External | UDP | 6277 | Outgoing from our MTA to the DCC servers |
| any External | 10.2.1.50 | UDP | 6277 | Incoming from DCC Servers to our MTA |
| 10.2.1.50 | any External | TCP | 2703 | Outgoing from our MTA to the Razor servers |
| 10.2.1.50 | any External | TCP | 7 | Outgoing ping from our MTA to the Razor servers |
| 10.2.1.50 | any External | TCP | 22 | Outgoing SSH (used to update our source code from the OpenBSD servers using CVS) |
| 10.2.1.50 | any External | TCP | 21 | Outgoing FTP (so we can download files that we need) |
| 10.2.1.50 | any External | TCP | 80 | Outgoing HTTP (also so we can download files) |
Additionally mta1 needs to have access to a DNS server. In my configuration the DNS is on the DMZ so no extra firewall rules were required.