New Exchange 2003 Server need configuration Tips

[marzIT]

Hello All,

I have setup our Exchange 2003 Server and its an additional Domain Controller in our office.

We currently have a mail server offsite and would like to make our Exchange Server our default Mail Server.

I was testing it by setting a test email account on Ms Outlook and was able to link to the exchange server.

Currently the Exchange Server is internal and its has no external IP's.

When I log in to OWA and send an email out it seems to work but when I send an email out or click send/receive withing Ms Outlook I get the following Error Message "Task 'Microsoft Exchange Server' reported error (0x8004010f): 'The operation failed. An object could not be found.'"

Just need to configure this server properly before setting up as our Primary Mail Server.

Thank you for your help.

M

 

[58sniper]

Well, first of all, SEND/RECEIVE doesn't do much if you've just got a MAPI account (Exchange configured).

If OWA is working fine, and Outlook isn't, I'd say the problem is with Outlook. Kill the profile and create a new one.

Pat Richard, MCSE(2) MCSA:Messaging, CNA(2)

 

[nsantin]

this error is usually caused by the issue with the OAB. Goto the system manager and try to rebuild the offline address list.

 

[marzIT]

Thank you that solved the problem.

Now I gotta setup the server to be able to receive email offsite.

I guess the only thing I need is the server to have an External IP Address.

If anyone can let me know the best way to secure exchange 2003 Server please let me know.

Thank you,
M

 

[marzIT]

When Opening ports on the firewall for the Exchange 2003 Server to be used Externally do I need HTTP, SMTP, POP3, IMAP.

Please advice which way is best to have the Server configured.

thanx,
M

 

[markdmac]

You typically will only want to open up ports 25, 80 & 443 to the exchange server.

With as robust as OWA is and the fact that you can run Outlook over HTTP, why do you need POP?

I hope you find this post helpful.

Regards,

Mark

 

[marzIT]

Hello Mark,

Wasnt sure but I will only opent 25, 80 & 443.

Thanx alot for the help.

Marcelo

 

[58sniper]

I wouldn't open 80. 25 and 443 are all you'll need if you're going to use SSL for OWA.

Pat Richard, MCSE(2) MCSA:Messaging, CNA(2)

 

[marzIT]

If I open port 25 will that cause my smtp to be used by other people that I don't want to have access to.

 

[nickpark]

@

 

[markdmac]

You want port 80 open for OWA. If you enable FBA then 443 is all that is needed, but by default you will want 80.

You need to open 25 if you want to receive ANY mail.

443 is for https traffic.

If this is the only firewall in your company then you will also want to open 123 which is needed for time sync with the atomic clocks (SNTP).

I hope you find this post helpful.

Regards,

Mark

 

[58sniper]

I would disagree on port 80. Opening that up makes you more of a target. Leave it off, open 443, and tell the users to use

https://mail.domain.com/exchange

Pat Richard, MCSE(2) MCSA:Messaging, CNA(2)

 

[jpm121]

marzIT, in answer to your question, YES! you need to configure Exchange so it only accepts mail from your IP addresses (or alternately use SMTP Auth).

I have no idea how opening port 80 makes you more vulnerable than only having port 443 open. It's still IIS listening on both ports, it's not like there's anything magical about port 443.

Having port 80 open makes it easier for "real users" who can't be bothered having to remember httpS (by setting up a redirect). Most of them will have a hard enough time with "webmail.domain.com" or something like that.

 

[marzIT]

Great Thank you. I have opened currently for testing Port: 80 and 25.

Currently my ISP needs to set me up with a Reverse DNS Entry on their Servers so I can start testing the Server.

Should I have a problem if the Mail server will be @mainmailserver.com and can I have my server with a different domain ex: @testemail.com.

Will there be any problems if I have 2 domains hosting the mail on Exchange and eventually once the Mail Server is working properly to switch and have only 1 mail Domain setup.

please let me know.

Thank you,
Marcelo

 

[markdmac]

You will need for the domain to match for the RDNS.

With multiple domains, you will probably encounter troubles with the RDNS. Best way I know of to resolve is to use a different SMTP connector for the second domain and have it have a seperate public IP so it can have its own RDNS.

I am interested to see if anyone has a better way to do this or disagrees.

I hope you find this post helpful.

Regards,

Mark

 

[jpm121]

Your reverse DNS doesn't need to match the domain of the messages you're sending, and you don't need multiple IPs; you just need it to match the HELO message that your SMTP connector sends when it connets to a remote server.

In other words, if your RDNS comes back as "44-33-22-11-dynamic.comcast.net" but Exchange says "HELO exchange.yourdomain.com" then it's going to be a big problem for remote servers, at least ones with modern spam-filtering. However, if your ISP sets your reverse to "exchange.yourdomain.com" then you can send messages from hundreds of different domains.

Properly setting up your SPF records will help too, thus indicating that your server is allowed to send mail on behalf of each domain.