These anti-spam features execute at different stages during SMTP session. You can now deploy Exchange Server 2003 SP2 server behind the perimeter and still benefit by using the Connection filtering.
Depending on position of Exchange Server 2003 in your environment - on perimeter vs. behind perimeter - the order of execution for anti-spam features could differ. I want to take this opportunity and provide a global view of the order of execution for anti-spam features in both the scenarios of Exchange Server 2003 SP2 deployment.
The Sender ID implementation in Exchange Server 2003 SP2 and deployment of Exchange Server 2003 SP2 behind perimeter with Connection filtering enabled, requires you to first define the list of IP addresses that are in your control (refer to the screen shot below). The examples are: perimeter server's IP addresses, internal IP range etc.
Following screenshot is from Exchange Sever 2003 SP2 environment, under Global Settings ' Message Delivery.
Following diagram links different Exchange Server 2003 SP2 anti-spam features to different stages of SMTP session, in both the scenarios:
1. Exchange Server 2003 SP2 implemented on perimeter In this scenario, the IP address of connecting server is NOT listed in the local IP list
2. Exchange Server 2003 SP2 implemented behind perimeter In this scenario, the IP address of connecting server is listed in the local IP list
Note: RBL Connection Filtering is executed immediately after the connection is established, but the results are presented after RCPT TO: command. This is done to accommodate the exceptions to the block list service rules.