July 20, 2008 01:56am pdt

1. TechSoEasy 810,807
2. RobWill 522,996
3. KCTS 206,396
4. Sembee 150,261
5. leew 138,265
6. tigermatt 127,901
7. kieran_b 126,467
8. Dave_AND 119,003
9. suppsaws 114,536
10. plug1 102,898
11. mwecompu... 94,230
12. olafdc 83,902
13. ormerodr... 81,017
14. DrDave242 75,633
15. MrManderson 72,155

1. TechSoEasy 6,202,796
2. Sembee 805,093
3. RobWill 731,686
4. olafdc 547,867
5. leew 511,131
6. KCTS 452,151
7. suppsaws 301,901
8. redseate... 251,224
9. tigermatt 228,449
10. vico1 210,195
11. Dave_AND 203,118
12. MPECSInc 170,829
13. MrManderson 170,663
14. keith_al... 169,586
15. ormerodr... 164,197

04.20.2008 at 05:44PM PDT, ID: 23338343

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

7.6

How to test MX record redirect for ISP POP3 to inhouse SBS-2003 Exchange migration project

Zones: SBS Small Business Server, Exchange Email Server, Simple Mail Transfer Protocol (SMTP)

Tags: Microsoft, Exchange, Windows SBS2003 SP2

Hello -

Making my first attempt on migrating appx 20 external POP3 accounts onto an in-house Exchange system that's running on a SBS 2003 server (SP2) network.

Exchange is already installed on this server. DNS, forwarders, recipient policies, mailboxes in the Exchange store are already setup as well. All looks to be set correctly to the best of my knowledge.

I'm trying to game plan on how exactly I manage the MX redirection process. I know how to get into the company's DNS records and add an MX, A record, and prioritize the MX record with priority values. I'm specifically trying to gameplan how I "test" that everything's a GO, that all mail flow is working correctly in/out of the Exchange server, so that I can feel confident that when it's time to make the "hard-switch" to redirect everything over, that it will work.

Right now, all internal user Outlook clients are running a POP3 connector to the ISP mail server, with some users contents being delivered to their respective Exchange server mailbox, and some are delivering mail to the local .PST file storage location on the pc.

Please ask if you need additional info. Basically think I'm to the point of beginning to test, but a bit confused on how exactly to "test". I know I can go in and redirect the MX record to the public IP, but don't have any level of confidence that I know this will work. I do appreciate the assistance -

Start your free trial to view this solution

Question Stats

Zone: OS

Question Asked By: jtreeves72

Solution Provided By: computrex

Participating Experts: 3

Solution Grade: A

Translate:

Loading Advertisement...

Microsoft

Internet Protocols
Applications

Development
OS

Hardware
Windows Security

Apple

Operating Systems
Hardware

Programming
Networking

Software

Internet

Search Engines
File Sharing
WebTrends / Stats
Spy / Ad Blockers

Web Browsers
New Net Users
Web Development
Chat / IM

Anti Spam
Web Servers
Anti-Virus
Email Clients

Gamers

Tips
Online / MMORPG
Puzzle
Emulators

Action / Adventure
Role Playing
Consoles
Game Programming

Strategy
Sports
Misc
Computer Games

Digital Living

Hardware
Automotive
New Net Users
New Users

Software
Digital Music
Gaming World
Home Security

Apple
Networking Hardware

Virus & Spyware

Vulnerabilities
IDS
Encryption
Anti-Virus

Operating Systems Security
Software Firewalls
WebApplications
Cell Phones

Operating Systems
Internet
Hardware Firewalls

Hardware

Displays / Monitors
Handhelds / PDAs
Components
Peripherals
Laptops/Notebooks

Servers
Misc
Apple
Embedded Hardware
Networking Hardware

Storage
Desktops
New Users

Software

System Utilities
Industry Specific
Network Management
Photos / Graphics
Page Layout
VMware
Misc
Web Development

OS
CYGWIN
Voice Recognition
Virtualization
Message Queue
Quality Assurance
Security
Firewalls

MultiMedia Applications
Development
Database
Office / Productivity
Business Management
OS/2 Apps
Server Software
Internet / Email

ITPro

OS
Storage
Encryption
Operating Systems Security
Apple Hardware
Laptops & Notebooks
Servers
Networking Hardware
Peripherals
Devices

Displays / Monitors
WebTrends / Stats
Search Engines
Firewalls
Web Computing
WebApplications
IDS
Vulnerabilities
Email Clients
File Sharing

Spy / Ad Blockers
Web Browsers
Web Servers
Networking
Anti-Virus
Consulting
Chat / IM
Anti Spam

Developer

Web Servers
Web Browsers
Game Programming
Dev Tools
Industry Specific
Office / Productivity

Database
CYGWIN
Web Development
Search Engines
File Sharing
WebTrends / Stats

Programming
Content Management
Application Servers
Protocols

Storage

Removable Backup Media
Storage Technology
Servers

Grid
Remote Access
Backup / Restore

Misc
Hard Drives

Miscellaneous
Security
Development
Linux
VMware

MainFrame OS
Unix
Apple
OS / 2
AS / 400

BeOS
Microsoft
VMS / OpenVMS

Database

Oracle
Miscellaneous
MySQL
Software
Sybase
Contact Management
PostgreSQL
Data Manipulation
Clarion
InterSystems Cache

Siebel
MUMPS
OLAP
SQLBase
SAS
GIS & GPS
4GL
Berkeley DB
DB2
Informix

Interbase / Firebird
FoxPro
Reporting
LDAP
Filemaker Pro
MS SQL Server
dBase
MS Access

Security

Misc
Web Browsers
Software Firewalls
Operating Systems Security
File Sharing

Spy / Ad Blockers
Vulnerabilities
WebApplications
IDS
Anti-Virus

Encryption
Anti Spam
Email Clients
VPN
Chat / IM

Programming

Editors IDEs
Installation
Handhelds / PDAs
Multimedia Programming
System / Kernel
Automation

Algorithms
Game
Signal Processing
Project Management
Open Source
Database

Misc
Languages
Processor Platforms
Theory

Web Development

Scripting
Blogs
Web Servers
Software
Search Engines
Web Graphics
Web Services

Images
Internet Marketing
Images and Photos
Components
Document Imaging
Web Languages/Standards
Illustration

WebApplications
Fonts
WebTrends / Stats
Authoring
Digital Camera Software
Miscellaneous

Networking

Protocols
Apple Networking
Network Management
Message Queue
Application Servers
Content Management
File Servers
Email Servers
Misc
Java Editors & IDEs

Wireless
Networking Hardware
Backup / Restore
System Utilities
ISPs & Hosting
Web Servers
Storage Technology
Removable Backup Media
Servers
Web Computing

Broadband
Grid
OS / 2
Novell Netware
Unix Networking
Windows Networking
Security
Telecommunications
Operating Systems
Linux Networking

Other

Lounge
Business Travel
Community Support
New Net Users

Philosophy / Religion
Math / Science
Miscellaneous
URLs

Expert Lounge
Politics
Puzzles / Riddles
Automotive

Community Support

Suggestions
New to EE
New Topics
CleanUp

Announcements
General
Feedback

Input
EE Bugs

04.20.2008 at 05:54PM PDT, ID: 21398140

Malmensa:

Get someone to send an email to you? (use "administrator@domain.com) You could post your domain name here, soemone can test it for you.

04.20.2008 at 06:11PM PDT, ID: 21398174

jtreeves72:

Malmensa - can you pls explain how that verifies that I have everything setup correctly and to feel confident that I won't have any type of email disruption.

What I need to understand is that when I go into the DNS records and adjust the MX record to bypass the ISP mail server and now send all mail directly to the company firewall public IP, that it's going to work.

What I don't want to happen is to make this change, have e-mail stop working, having to revert back to the original MX record setting and have the customer experience a disruption with their email operations. That's the issue I'm trying to work on how to approach.

04.20.2008 at 06:36PM PDT, ID: 21398242

Malmensa:

Set up an additional MX record. With a higher priority (lower number) that the one pointing email to your ISP. That way, if your server is not set up correctly, email will still go through your ISP. Once you have everything set up, post back here & one of us will test it for you. I can check your DNS & send an email directly to your server if you give me an email address.

04.20.2008 at 06:57PM PDT, ID: 21398302

computrex:

Normally, there is no need to modify your internal DNS. Unless you are pointing the Domain Name, (Network Solutions or GoDaddy or the like) Directly to your sever. You should really not do this.

I need to know where you are hosting your website. I will continue as if you have your website hosted at your ISP and not on your server.

The only thing you will need to do on your SBS box is to run the "Internet Configuration Wizard" in the server manager. DUring this process it will ask you if you want to turn on exchange for email, say YES. Then take the defaults for the rest of the screens. somewhere along the way you will be asked to create certificate. Give it the name MAIL.YOURDOMAINNAME.COM (or .org or .net or whatever)

The domain name should point to the domain name host or whoever is doing your public DNS configuration. This would again be Network Solutions or GoDaddy or the like. You will not need to change this setting. You will have to go into their DNS manager and create an A Record. Call it MAIL.YOURDOMAINNAME.COM (or .org or .net or whatever) And give it the public ip address of your server. Then change the MX record from what is there now to point to MAIL.YOURDOMAINNAME.COM.
This change can take from 15 minutes to 2 days depending on your ISP.

Your mail will work at this point. However, do not skip out on the following step or you will have a lot of trouble getting your outbound mail to route becuase a lot of spam filters use a technique know as reverse DNS.
To fix this problem you MUST contact your ISP. Tell them that you need the "PTR Reverse DNS" for the IP address that you have you have your sbs box set to, to be set to MAIL.YOURDOMAINNAME.COM (or .org or .net or whatever)
You can verify if the change has been made by going to a command prompy and typing the following:
NSLOOKUP sbsipaddress
If it returns something with your ISPs name in it, it is still screwed up. Just want to forewarn you that some companys like verizon have absolutley NO FREAKIN IDEA what a reverse DNS info is. SO you might need to go on a deep digging expedition. One way or another I cannot stress the importance of this enough.

I have personally done 35 of these setups and have never had to do anything with the servers internal DNS.

Any other questions please ask.

Hopefully this is helpful.

Accepted Solution

04.20.2008 at 07:10PM PDT, ID: 21398357

computrex:

One more thing. If you really want all of this to work well, you really need to get the users off of those PSTs.
You are right to be cautious. Just take it one step at a time.
1. Reverse DNS PTR Record fix at your ISP
2. Internet connection Wizard
3. Add the A record at your ISP (takes 2 days to propigate) Please note that if your ISP has MAIL. already defined there is an extra step that needs to be done. Stop and do not conflete this step.

After completing all of the above tasks and WAITING 72 HOURS. do step 4.

4. Change the MX record at the ISP to point to MAIL.YOURDOMAINNAME.COM (or .org or .net or whatever)

Do not move onto ateps 3 or 4 unless you are comfortable. You can lose mail if you make changes too fast.

04.20.2008 at 07:34PM PDT, ID: 21398439

jtreeves72:

Malmensa - I'm going to direct my follow-on conversation to computrex, as he's giving a level of detail I feel will more appropriately move me in the direction I feel this needs to go. Thanks for your responses.

Computrex - thanks for assisting as well. A few points to get the scenario up to speed.

-- The Internet Connection Wizard. The SBS 2003 server has already been setup/configured by the customer. Exchange has already been configured, mailboxes created, with some users storing email in their message store. Do I still need to run this?

-- DNS is setup in the sense that it's setup in support of their Active Directory operations. They are not running a full-blown DNS server internally per se. They are using the ISP DNS server for resolution.

-- THey do have a website that is also being hosted by the same ISP. All external at this point. The registrar is Network Solutions. I don't recall at the moment what their A records are set to. But do understand this to some degree, and know that I'll need to setup a record that I plan on setting as "mail"

-- As far as giving the A record the address of their "server", this will need to be set to the public IP of their firewall. Correct? It's a simple network, with the resultant port 25 SMTP traffic being forwarded to the internal IP of their Exchange box. There is no front-end server, DMZ located, box etc. Pretty simple I believe as far as setups go.

-- I'm not sure I understand the need to go to the ISP with the "PTR reverse DNS" requirement. Don't remember reading up on this during my studies. Could you please expand upon if still a requirement with this new information I'm updating you on.

Hopefully this will help level-set the topology I'm working with. I'm probably intermediate skill level with networks, routing, firewall, etc. Just my first time doing an Exchange setup. Thanks for helping.

04.26.2008 at 08:42AM PDT, ID: 21445856

markusdamenous:

Hi

It seems that you have everything spot on, all the way through this question. All you need is resassurance, and here it is:

- Test from outside your SBS network, "telnet PUBLIC_IP_ADDRESS 25", which will prove that your server is listening on port 25 and ready to accept mail
- Add a new MX record which points to your SBS server
- Give the new MX record lowest priority number
- Once the change above propogates around the internet, mail flow to your domain name should now be coming straight to your SBS server. If it works, great!! If it doesnt work, then mail will simply still flow to the next MX record and be just the same as normal!

The issue about PTR reverse DNS, goes something like this. Most SMTP servers on the internet are not configured to require that PTR records for your domain are setup, but SOME are! Therefore, it is strongly recommened that you do get your ISP to add a PTR record which maps PUBLIC_IP_ADDRESS to mxrecord.domain.com. If you have a problem sending to certain domains as I do, then you can use an SMTP Connector to route mail to your ISPs SMTP servers.

Assisted Solution

05.02.2008 at 03:23PM PDT, ID: 21490426

jtreeves72:

Just now getting back to updating this record after dealing with an Exchange service (routing engine) on this server that wasn't starting. Could not get internal email to flow between internal accounts which I needed to resolve before moving forward.

Appreciate your input markusdamenousas as that does help me with organizing my thoughts on how to tackle.

I believe I'm now clear on the need for a PTR record, and have submitted a request just today, but have a question if I'm on the right track.

The ISP servicing this customer location is NOT the company hosting the email or the company website. The ISP providing the broadband service feeding this site, is providing only the broadband link. It is another 3rd party company that is providing the web/email hosting services. I initially went to the web/mail hosting company requesting a PTR record be setup, but they directed me back to the ISP to get this setup. I contacted the ISP and submitted a PTR request, they accepted, and are processing as I type. Is this the correct process? The PTR record associates the public IP of the mail server to the MX record that points to this same public IP. I'm thinking this is correct but could use some verification.

I just tested a telnet x.x.x.x 25 from an external location...which did not connect. The firewall has supposedly been configured to direct port 25 traffic received on the public interface to the internal mail servers IP. So will need to followup on that.

Making progress and appreciate all who assist -

20080236-EE-VQP-29 / EE_QW_2_20070628