Feedback/advice on MS Exchange 2003 issues. System Mgmt is fooling us?

155 pts.
Tags:
Exchange performance
Exchange System Manager
Microsoft Exchange
Microsoft Exchange 2003
Outlook Web Access
Hi all, new to this forum, and I'm afraid I am not an exchange expert. Not even close. I would appreciate some feedback on the following: The situation I see myself in is the following. I have recently joined a company, now staff totals 2. We've just hired another person so there's three of us now. I am "the designated IT guy". I do have a long IT background, but in development, consultancy etc. Not in techy server stuff. I am confident setting up websites, FTP-ing, coding, manipulating MX records etc. But I am not the system admnistrator, I just happen to know more than the average user. Anyway, before I joined my boss, it was him and just him. He knows absolutely nothing of IT (barely knows the difference between a mouse and a keyboard and I am not joking), so some clever IT folks from town managed to sell him a server running MS exchange 2003, sold him MS Office professional, the lot. For 3 years, all he did was sending and receiving a few e-mails a day. I joined, and adjusted to the setup. Exchange Webmail is (sorry) a bit crappy (and completely crap on a non IE browser, which I found out after 2 months), I can't access my mail when I'm not physically connected to the server, but anyway. Then I started getting complaints about e-mails that haven't arrived. Turns out quite a few e-mails from our domain end up in spam filters, and when I looked at it it had to do with "reverse DNS" and PTR. Whatever that may be. Reply from our system managers was that "that is normal". Incoming mail also never arrived on many occassions. That was also normal, all the could do was loosen up the Spam filter settings. Still, we have a lot of false positives and positive falses. At least I get to see them. The spam filter they describe as a black box, and in their words settings depend on some sort of majority. If all black box users decide some gmail account is sending spam, than the whole thing shuts out all gmail. "That is normal'. Twice (in the past 6 months) spam is being sent using our server, we get a lot of angry e-mails telling us to stop selling watchs and Viagra. We never send that out, but was done via our mail servers. That is "inevitable and normal". Another thing is that all our e-mail accounts have the same password, and that can't be changed. It's also an embarassing password, I hope I can stay anonymous otherwise the entire e-mail system is open to the world. Ok, don't tell anyone ... it's "password" Since last week again some mail that we send out doesn't reach it's destination, again PTR issues. As we are growing, and as I try to get us up to some standard, we can't afford to send project proposals or offers to potential customers not knowing for sure it hasn't arrived. I can live with an error margin, but if after 5 days such issues aren't resolved, I worry. Now my boss (never aware of any issues but taking them seriously) of course is telling me, if I am so clever and they are so stupid, go and set it up yourself. I have lots of other things to do, I am not the sytem admin, but I do know something stinks. Their advice was ïf there's no more trust in us, go and get yourself some hotmail accounts and sort it out yourself!" The insult of them to assume that we (I) don't know there's more than hotmail as an alternatic. Anyway, I am very close to setting up e-mail on google apps, easy and as a google and gmail user I know about their spam filters, they're good. I can set the mx records, I can configure IMAP and all should be fine. The way my boss was told to acces his e-mails from home is to leave his PC at work switched on, and then use some tool to take over the work pc from home. Lovely isn't it? All in all (and there's a lot more), I am not blaming MS Exchange for this, but I need some assurance that what they say "is normal" actually isn't and that they are incompetent. I feel they are. All we need is to be able to send e-mails. We don't use calendars, don't use anything else. Having some backup server somewhere is fine, yet for the few 100 MB of files. I think the whole setup is expensive overkill, and not serving it's purpose. Oh well, at least I got it of my chest, I would appreciate any input on some of the issues, or (worst case) confirmation that "it is normal" yet I fully refuse to accept that. Thx at least for listening!!

Answer Wiki

Thanks. We'll let you know when a new response is added.

Wow…. I do feel for you! I agree that your sysadmins are not as technically skilled as they may think they are or making those who hired them believe they are.

The first thing to do is to remove the ability to relay e-mail off your server. This is not a normal condition for a company e-mail server except for permitted parties and even then relay is not a good thing. Right now your mail server is an open relay. This is why you are getting nastygrams from other companies and the real reason that sometimes your company’s legitimate outbound mail is being spam filtered (companies tend to blacklist/blackhole known relay sources). It really does not have to do with the PTR record or reverse DNS. I have had other companies tell me that but actually they don’t understand how to whitelist a company or that not all organizations really do have PTR records setup that match their inbound MX records. I don’t know myself how to remove the open relay settings on Exchange so someone else will have to help you there.

As far as the password issue goes…. my answer to that is bullhockey!! Why can’t the passwords be changed? They should be the same as the users’ Active Directory passwords (if Exchange is AD integrated) or something else but there should be no reason why all users should have the same password!! This sounds like someone wants to be able to get into other folks mailboxes without them knowing that it happened.

I think you should find a good implementation partner and go implement Exchange 2007 and not migrate any of the old e-mail over to the new platform. Implement a pristine and competently managed environment (not by your local sysadmin staff). Take ownership of it and tell the sysadmins they are responsible for desktop support and the servers are yours.

I would be glad to talk to you more about this situation. If you ask a moderator to contact me on your behalf, they will let me know your contact information to get back to you on this issue.

You can remove the open relay ability in Exchange 2003 by opening Exchange System Manager and selecting Servers >
(your server name) > Protocols > SMTP and right-clicking “Default SMTP Virtual Server” (or whatever it might be named).

Choose “Properties” from that list. Under the Access tab, click “Relay”. You really only need to allow localhost (127.0.0.1) and your server’s private IP addres to relay if your network is set up properly, so choose “Only the list below” and add these two IP addresses to the list. You should also make sure the box to “allow all computer which successfully authenticate to relay”, so that your users will be able to send email out. After this, head over to mxtoolbox.com and run their Diagnostics test, which will, among other things, check if your server is operating as an open relay.

While you’re there, you should also check your domain in their Blacklist checker. If you are blacklisted on any of the RBLs, you will have to contact them to get removed (which is not the easiest thing in the world).

As for setting up reverse DNS, you will have to contact your ISP tech support and ask them to set up a PTR record for your domain.

Discuss This Question: 7  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Simplr
    Labnuke99, thanks for your lengthy and clear reply, As I am new to this site, I am not sure whether a "forum" sort of thread should appear here. As of yesterday, ALL outgoing mails are returned, so there's a bomb ticking here. I do not have access to anything other than my (and my colleagues) e-mail, let alone Active Directory (and to be honest, I have no clue what that is). One reason for the Open Relay (Is there a way I can check that without any admin rights?) is that there are 2 companies sharing the same server. Going Dutch is what it's called I think, and that's what we are ;-) I will see what I can do, but the attitude of our sysadmins (a 3rd party company), who think they can d*ck us around is not very promising. But thanks a bunch for your reply and taking the time for it, it will give me some ammo.
    155 pointsBadges:
    report
  • Labnuke99
    We can take this conversation offline if you put a request to the moderator to get in touch with me. I think you should look for another 3rd party provider and discuss your issues and see what solutions they offer. If you are a senior member of the IT team there your voice should carry some weight into making the services reliable and services work for your organization. There are several ways to test for open relay. Try a Google search for open relay test. One site is http://www.checkor.com/.
    32,960 pointsBadges:
    report
  • Pressler2904
    As per the suggestion from LabNuke99, re-set your Exchange relay option: once you are on a blackhole/blacklist, it's sometimes difficult to get yourself removed... That having been said, look at the Microsoft support link here: http://support.microsoft.com/kb/324958 for additional information regarding relay settings on MS Exchange and how to close them. The suggestion to walk away from your existing provider is a good one, although one question comes to mind: if your company bought the Exchange server and the hardware it runs on (???) exactly why is another company piggybacking on your server? If you own the program but not the hardware, get your hands on the physical CD install media and the installation key(s), uninstall the existing setup and re-install on your own hardware. Alternatively, Windows Small Business Server (WSBS) can be used, and it has a version of Exchange included...
    2,190 pointsBadges:
    report
  • Jenrzzz
    Switching to Google Apps sounds like it'd be perfect for your company. Definitely cheaper and easier to manage than running your own server, and if you aren't using any Exchange features other than calendars, there's really no reason to pay people to support your broken network.
    420 pointsBadges:
    report
  • Simplr
    All, thanks for your advice (and sympathy ;-) I do not have physical access to the server (no key), nor do I have access to system manager tools (no password). So I just have to let it all happen, but I need some reassurance that my simple demands (mainly being able to send and receive e-mail) are not extreme. Jenrzzz, G APSS is the way I want to go, I have already set that up for my domain(s) and feel comfortable with it. Yet I can't just ignore expenses that have been made. I can also admit that my lack of MS Exchange knowledge plays a role in this, and I would like to stay unbiased. However, giving the situation of 3 users that want to use e-mail, I don't feel MS Exchange is "exactly what we need". However, I get the feeling that we're systematically being lied to, and treated like dumb a******, and that we're paying for that. To be continued, at the moment we're not making decisions. Will keep you all updated, thanks again!
    155 pointsBadges:
    report
  • Pressler2904
    I agree that Exchange is a <sarcasm> little bit </sarcasm> of overkill for 3 users. I asgree that you are <understatement> being mislead </understatement> by your current sysadmins (or whatever they call themselves. As soon as your organization can reasonably do so, walk away (fast, very fast) from these people...
    2,190 pointsBadges:
    report
  • Simplr
    Well, not a lot is going to change I'm afraid, so preparing to "walk away" seems the best option. I started looking into migrating to Google Apps, after all, only 2 or 3 mailboxes need to be "converted". I have experience managing GA domains, so no learning curve there. I'll see how far I get, there's some info to be found on the net, I'll probably have to open another thread/question once I get stuck. I hope that one day I'll be able to see the benefts of MS Exchange, I am sure it's a great product, just the guys "managing" it seem to know next to nothing.
    155 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following