• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Help setting up SBS 2003 - Mainly the Exchange part

J

jhauser

Junior Member
OK, So here i go.

I recently bought a Dell Server. This server is for use in an Attorney's office that has 15 Employees. They only have 1 user that ever accesses the system remotely. I've installed SBS 2003.

So basically here is my problem:

Install of SBS went great. I've created a new domain for the office. I'm going to migrate all their outlook to pst files to be imported into the new domain once i get exchange working.

I've never ever worked with exchange before. I'm the sole SysAdmin for this office. HELP

What do i need to do to get exchange running on SBS 2003. They already own a domain xxxxxxxxxx.com. They have a hosting company that hosts their website. I believe i need to change the MX records to point to their static IP and forward all port 25 data to the server but I don't know how to setup the 2003 box. HELP PLease.
 
I'm assuming exchange is already running (I think the SBS install sets that up) so all you need to do is set up DNS so mail delivery for the domain will come to the new server.

1. On the DNS server that hosts the domain xxxxxxxx.com add a new host record that points to the IP of the new server (or the firewall in front of it) - something like mail.xxxxx.com would work fine.
2. On the DNS server also add a MX record that points to the newly created host record
 
So I think that Exchange is running but i'm not sure. I'm not very experienced with Servers in general. I've updated the MX records with my hosting company to point to my static IP. I've also forward port 25 data to my server internal ip 192.168.0.5

when i send email to the address it bounces back within 2 or 3 minutes.

Keep the tips coming
 
Our PMs (because I wont be around much over the weekend):
currently the domain name is foo.com but the server is off - i turned it off before i left work - i'll be back at work tomorrow AM - there are 2 email addresses that you can use - jhauser@foo.com and tuser@foo.com

I'm not familiar at all with exchange so any tips that you can give me is great -

thanks so much
Click to expand...
Response:
This doesnt look right; the MX records I see are:
foo.com MX preference = 10, mail exchanger = mail2.isp.com
foo.com MX preference = 9, mail exchanger = 70.61.x.x.foo.com

70.61.x.x.foo.com resolves to 216.235.x.x
mail2.isp.com resolves to 216.235.x.y

216.235.x.x also happens to be the IP that www.foo.com resolves to.

I'm going to assume for a minute that 70.61.x.x is the IP of the server, if that's the case you need to (as I said in my post):
1. Create a new host record for your server, mail.foo.com looks like it has a cname (or other record) that points to the mail2.isp.com address. I would remove that and than create a new host record for mail.foo.com and point it to 70.61.x.x
2. Remove both existing MX records
3. Create a new MX record (preference wont matter because there is only one of them) and point it to the host mail.foo.com

Remember, MX records do not point to IP addresses; they point to host names.

-Erik
Click to expand...
 
Steps to set up Public DNS records and router (if present) for SBS:

1) Get a business-level ISP (business DSL or cable modem), so that all the necessary inbound Ports (25, 80, 443, 444, 3389, 1723 (if you want PPTP VPN), and 4125) are open.

2) Get a single static IP address.

3) On your Public DNS nameserver, create "A" records for:

mydomain.com (your web site)
www.mydomain.com (your web site)
smtp.mycomain.com (your SBS Server)

Point these records wherever your servers are.
Set your MX record to point to smtp.mydomain.com

If your Public DNS Server/Domain Registrar has a "WebForward" feature, then forward the following sites:
mail.mydomain.com = http://smtp.mydomain.com/exchange
remote.mydomain.com = http://smtp.mydomain.com/remote
(This lets you access Outlook Web Access and Remote Web Workplace by simply entering:
http://mail.mydomain.com and http://remote.mydomain.com

Otherwise, you should normally be able to access the RWW and Exchange at:
http://smtp.mydomain.com/remote
http://smtp.mydomain.com/exchange

4) If you are using a NAT router as your front end, you'll want to forward the aforementioned TCP Ports to your SBS's Internal IP address.

5) Go throught the entire "Connect to the Internet" Wizard and choose tell SBS which services you want available to the Internet. That will open up the necessary inbound ports on SBS's firewall.

6) Hopefully, you didn't name your internal domain the same name as your public domain.
 
OK so does my A records need to be name specific to my server? IE server.xxxxx.com or do i just make it smtp.xxxxxx.com?
 
Originally posted by: jhauser
OK so does my A records need to be name specific to my server? IE server.xxxxx.com or do i just make it smtp.xxxxxx.com?
Click to expand...
You can call it whatever you want. It's just a name that's used by other SMTP servers to find your mail server. You can call it:
mydomain.com (if you are hosting your web site at the same IP address as your email)
mail.mydomain.com
server.mydomain.com
smtp.mydomain.com
or
anything.mydomain.com
 
OK, I've udpated all the settings that i need to (I THINK???) and the server is turned on. I've changed my DNS settings to reflect the changes that were specified in the previous posts.

I'm trying to test my server but it doesn't seem to work - ARGHHHHHHHHH -

Here is a edited copy of the email i get back when sending

**********************

Your message did not reach some or all of the intended recipients.

Subject: test
Sent: 4/1/2006 7:42 PM

The following recipient(s) could not be reached:

'xxxxxxx@xxxxxxxxxxx.com' on 4/1/2006 7:42 PM
550 sorry, no mailbox here by that name (#5.1.1)

***********************

this is only a test deployment for one that i'm doing next week. It might be easier if i call someone for help. PM me if anyone is interested in a call. I can call anytime M-F (Preferably during the day)

HELP A BROTHER OUT - PLEASE
 
I didnt have any problem sending mail to either address you gave me.

Tried it using my mail client; also tried it manually with telnet and it accepted my messages.
 
OK so i got my exchange set up and it appears to be working but - my Out of Office still isn't working but i can work with that later.

Thanks for all your help i really appreciate it
 
By your "Out of Office not working" do you mean that people on the outside arent getting responses?

That is the default behavior by design; one reason is that if you have automatic responses sent to SPAMmers it will serve to validate your address for them...

You can change this in the ESM under global settings>Internet Message Formats>properties on the domain>advanced

Regards,
Erik
 
my next question is SPF? What is it and how does this stop spammers from sending email as my domain. I see that it's a free service but how to I set it up? Should i post this under a new topic?
 
I suppose it's probably appropreate for this topic.

SPF is hit or miss but definetly a good thing to have. Basically the way it works is that you publish an additional record on your domain's DNS server(s) that give a list of the addresses/hosts that are allowed to send messages for your domain. That way when someone recieves a message for you they can verify that the email is from a server that has "rights" to send for your domain (if their server is SPF lookup capable and setup to do so).
More information about SPF here:
http://en.wikipedia.org/wiki/Sender_Policy_Framework
http://www.msexchange.org/tutorials/Sender-Policy-Framework.html

You can find easy wizards to help you create your records here:
http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/
http://www.openspf.org/

So generally all you have to do is create a single text record on your DNS server(s); typically for a smaller organization all that I would do is create the record like this:
v=spf1 a mx ~all
Which basically says that all servers that there is an A or MX record for are allowed to send mail for the domain (which is fine, why would you publish SPAMmers' servers in your DNS namespace).

Regards,
Erik
 
So in your opinion I will only be having 15 users on this whole domain - It's an attorney's office. Would you recommend using an SPF record? This will be their only server -

2ndly - how does one go about setting up outlook for use from any web browser? Do i need a certificate for that? What services do i need a certificate for?
 
Would you recommend using an SPF record?
Click to expand...
Yes definetly, if they send an email to a system that compares SPF records their mail may end up getting filtered as SPAM if you dont. I think moving forward the number of mail systems that look at SPF records will only increase.
2ndly - how does one go about setting up outlook for use from any web browser?
Click to expand...
Do you mean Outlook Web Access? If that's the case just open up port 80 or 443 to the server and browse to it from the outside using the url http(s)://hostaddress/exchange (presumably http(s)://smtp.xxxxxx.com as per your posts above).

I highly suggest getting a SSL certificate and running it all over https/443; if you do not access will be unencrypted.
 
Originally posted by: jhauser
So in your opinion I will only be having 15 users on this whole domain - It's an attorney's office. Would you recommend using an SPF record? This will be their only server -

2ndly - how does one go about setting up outlook for use from any web browser? Do i need a certificate for that? What services do i need a certificate for?
Click to expand...
There is no reason NOT to set up a SPF record. It takes two minutes.

The question is whether/how to use INBOUND SPF records. Exchange SP2 only allows three options:
1) Reject email from Domains with no SPF record. No NDR generated by you.
2) Accept email and then delete it if there's no SPF. No NDR will be generated at all.
3) Accept the email into the server.

Regarding OWA, assuming you are using SBS SP1, OWA is automatically working, requires SSL, and a usable SSL certificate has been generated. You just have to make sure inbound traffic on TCP Port 443 (and, usually, Port 80) is allowed through your firewalls.

If your users have problems figuring out how to allow or add your private SSL certificate, you might want to install a public SSL certificate. They are only $20 or so a year. A SINGLE support call from a user will cost your company more than $20.
 
I think moving forward the number of mail systems that look at SPF records will only increase.
Click to expand...

Yeah...like all systems are going to start complying with reverse DNS authentication as well 🙂

I once enabled my mail gateway to tag all incoming e-mail when it didn't pass reverse DNS authentication, and found incming mail from even fortune 500 companies didn't pass the test. If these guys can't set up a port :I P address correctly, then...well...you get my point.


I honestly believe having this guy set up any incoming filter above and beyond relay blocks, and a few basic RBL lists is asking for trouble. Lawyers can get pretty grumpy and nasty when they don't get E-mail from other grumpy lawyers in another law office, and they don't understand the explanation.
 
Yeah...like all systems are going to start complying with reverse DNS authentication as well 🙂

I once enabled my mail gateway to tag all incoming e-mail when it didn't pass reverse DNS authentication, and found incming mail from even fortune 500 companies didn't pass the test. If these guys can't set up a port :I P address correctly, then...well...you get my point.
Click to expand...
Unfortunetly you're right, unless enough people get on board it's hard to make something like that work correctly.

BTW I've seen plenty of emails get rejected from failing reverse DNS so I always make it a point to make sure the hosts are in DNS (or if not to masqurade the address). There are companies out there that enforce the lookups, just not that many. A lot of SPAM products just use the reverse DNS lookup failures to assign a higher probabily to a message being SPAM.
I honestly believe having this guy set up any incoming filter above and beyond relay blocks, and a few basic RBL lists is asking for trouble. Lawyers can get pretty grumpy and nasty when they don't get E-mail from other grumpy lawyers in another law office, and they don't understand the explanation.
Click to expand...
That sounds to me like a good reason to setup the SPF records, so that they dont run into issues sending because of it. I do agree however that blocking all inbound messages that fail SPF records is not a good idea.

Personally I'm waiting for more SPAM vendors to incorporate SPF lookups into their product, if they fail SPF lookup simply assign the message a higher liklihood of being SPAM. Until than I'm going to continue making sure that all of my systems support the lookups properly so that it wont be an issue.
 
I kinda' wish there was an option to ACCEPT no-SPF email, but to send a reply to the sender telling them their mail will be rejected soon unless they SPF in place. 😉

Regarding Reverse DNS records, I know that AOL looks at them before accepting email. The problem with RDNS is that you are often at the mercy of your ISP to set up those records. SPF is a LOT easier to set up.
 
Please keep in mind i want this exchange server to run by itself as much as possible. I'm only in the office a few hours a week.

Also - I currently use Trend Micro as my AV and also use Norton 9 Corp in another office. Is there any others that you recommend?

I also decided that I will add the SPF records but i will not set up filtering
 
I havent been too impressed with the Norton engine the past several years.

On our Exchange servers we run McAfee's GroupShield, I've also used CA's Exchange engine. Havent had any major problems with either.
I kinda' wish there was an option to ACCEPT no-SPF email, but to send a reply to the sender telling them their mail will be rejected soon unless they SPF in place.
Click to expand...
Write a SMTP app that does this and stick it between your Windows SMTP and the outside world :thumbsup:
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top