Exchange Server as an external SMTP server
Hi all -
Here's my problem - EarthLink has been unreliable as an email SMTP relay service so I need to configure my Exchange server to take over those responsibilities. (We have configured our traveling exec's outlook to use smtpauth.earhlink.net for the outgoing mail server and now need to change that to an internal one) For the most part it looks pretty easy (and that's what worries me). I know that if you leave the relay open, your server can be used as by spammers and we can't have our site blacklisted. So does anybody out there know some good references for setting this up or have some advice having done it them selves?
I've been reading in the Learning Exchange Server 2003 book by Boswell and have read in the Exchange Server 2003 Administrators Pocket reference but I still get the feeling I'm missing something.
What I have so far is that you need to set up an SMTP connector designating the server as a bridgehead (we only have 1 Exchange Server) Allowing the server to deliver directly to the target host. The problem I see with this is allowing SMTP traffic through the firewall to the Exchange server.
The other option is to set up a Smart Host - the only server I have that might work for this is our web server - just don't know if it will work there ok.
Both our Exchange server and our web server run Antivirus software, in addition the Exchange server runs Scan mail to check the messages.
So which option is better and why? (I am still new to some of this and I really get a little paranoid when it comes to making major system changes).
Or does anybody know of some white papers out there will help me to make a good decision.
If more information is needed, please let me know.
I appreciate the assistance.
Thanks!
Lirria
Software/Hardware used:
Software/Hardware used:
ASKED:
December 15, 2006 11:18 AM
UPDATED:
December 15, 2006 12:28 PM
Answer Wiki:
If your remote exec is on dialup through earthlink, they may have SMTP blocked and you are forced to use their outgoing smtp server. The way around this is to set up your exchange server with an additional port open using a number other than 25. You'll still need 25 open to receive emails from others. Another option is to use a port forwarder or another server or virtual machine set up to forward. If you are running Exchange 2000 or better you should be able to set up an additional SMTP virtual server running on some other port like 10025 to get around that.
To see all answers submitted to the Answer Wiki: View Answer History.
Hello and I hope this helps.
Your problem isn’t a problem at all. Most Exchange installations are degisned to do exactly what you want to accomplish.
I’ll tell you the things you need to do to get SMTP to operate properly and give you a check list of things you will need to do to make sure your SMTP delivery isn’t hampered.
1. You will need a PTR record in the public domain that points to your Exchange server so that emails are not rejected by systems that do reverse domain lookups. Talk to your service provider or DNS hosting provider for this.
2. If you have not already done so, get an A record created to point to your Exchange server. Make sure you add a static route in your firewall to push this to your Exchange box.
2. Configure the SMTP connector in Exchange to only allow authenticated users to relay. This will keep your server from becoming an open relay.
3. Evaluate and select a method for your remote users to access their email. The choices depend on your
Option A) This option is easier to configure but does not offer your users the ability to utilize the full functionality of Outlook and Exchange.
Allow users to access email with POP3/SMTP and a standard email client. If you choose this option I suggest either changing the ports or using SSL.
Option B) Install RPC Proxy on your Exchange server and configure RPC over HTTP as your access method. This will allow you to shutoff POP3 and close the hole in your firewall. This method allows full functionality of Outlook and Exchange over ANY internet connection. NO additional ports need to be open other than Port 80.
This option requires the client to be running WindowsXP SP1 or SP2 and Outlook 2003 with SP2. RPC over HTTP does not work on clients running Windows Server 2003.
The only drawback to using RPC is that the clients need to either be on your LAN or VPN for the initial setup. Once the client is synchronized there is no need for LAN/VPN access. If this isn’t possible then you need to stick with option A.
Look at this TechNet link for setting up RPC on the Exchange Server.
http://www.microsoft.com/technet/prodtechnol/exchange/guides/E2k3RPCHTTPDep/1bdd45cc-e141-4901-a686-ec2e6482217b.mspx?mfr=true
Look at this Office link that explains RPC over HTTP and instructions on configuring the Outlook client.
http://office.microsoft.com/en-us/ork2003/HA011402731033.aspx
Let me know how it goes…
For the most part all the execs use the Hotel internet of where ever they are. Only on rare occasions have they had to use the dialup.
So set up another SMTP virtual server with a different number. I’m assuming that we don’t want anonymous access turned on, and we want integrated Windows Authenication turned on to get past anonymous relay issues, right? Are there any other security considerations with this? (I have to write up a proposal, have all the exec’s approve it and then get it done, so they will ask)
Any special concerns on the users end for configuration? I’m thinking a dns record change is going to have to happen as our domain lists smtp.atl.cbeyond.com, unless there is some way around this with out a DNS change (it’s been way to many years since I’ve delved into DNS records)
Thanks!
Lirria
marcola -
Wow – that helps a bunch!! I’ll spend some time looking this over and then chat with my boss about it – sounds like that is the better method. Most likely it’s going to be a few weeks before I can implement though – You know how business can work sometimes.
If you think of anything else I’d love to hear out it.
thanks!
Lirria