Solved

Exchange 5.5 Server not seen by Outlook Internet Mail clients

Posted on 2004-04-08
10
656 Views
Last Modified: 2010-03-05
I just set up a new server (replacing an old one) with Windows 2000 Server and Exchange 5.5.  Previously, the original server was set up to allow client relaying.  We had a spam issue (open relay) and had to close the relay and set up a message firewall (CMS Praetor, I recommend it) and installed it on the same machine as Exchange.  Since Praetor doesn't allow relaying of any kind, we bought a new server (since the first one was old anyway) to use as the new mail server while the old one became the stand-alone message firewall.  All SMTP traffic flows into the message firewall machine, then to the new Exchange server.  Outgoing messages go the other way, obviously.  Here's the fun part...

I'm setting up remote clients to connect right to the NEW server via pop3.  The new server has it's own public IP (it's hidden) and the router is configured to allow POP3 requests through.  Clients can get their mail.  Everything's great with that part.  Problem is, and you probably saw this coming, clients can't see the smtp server (Outlook times out and says "The SMTP server your provided is not available, please enter the proper mail server address" message.

The IP addresses in Outlook for both incoming and outgoing are set to the public IP of the NEW server.  Since the router is only set to allow pop3 packets through to the new server, I'm assuming that's why it wasn't responding.  Here's what I'm fuzzy on.  My company's DNS record still points to the old server, which is correct in order to use the message firewall.  If I open up the router to allow SMTP packets through to the NEW server, I'm afraid that after some time I'll have the same spam problem we once had since essencially the new server would now be open to SMTP packets from anyone with the public IP.  If I set the router to allow SMTP packets through to the new server, will that let Outlook clients on the internet see the server and relay?  AND, will that be a problem in the future like it once was?

Sorry for the novel, but there's a lot of history with this situatuation and I wanted to explain it as best I could.
0
Comment
Question by:MelvinSE
  • 4
  • 4
  • 2
10 Comments
 
LVL 10

Expert Comment

by:dstoker509
Comment Utility
Have you considered using OWA for Exchange 5.5 instead of POP3? See http://support.microsoft.com/default.aspx?scid=kb;en-us;259240

0
 
LVL 10

Expert Comment

by:OneHump
Comment Utility
These are POP clients coming in from the Internet, right?  I'm also assuming that Praetor has port 25 exposed to the Internet.  You could just point to Praetor, but then it's going to tell you that you cannot relay.  I don't know Praetor, but it might support authenticated SMTP.  Exchange does, but I havent run 5.5 in about a year so I can't be %100 percent sure that it supports it, but I'm pretty sure it does.  If Praetor does not, then you'll want to expose port 25 to your Exchange server and only relay for authenticated users.  I would never expose any port on an internal, non-perimeter, server to the Internet.  

I would not, however recommend that.  I would recommend that users who POP in use their ISPs SMTP server.  That's the correct way to do this.

OneHump
0
 

Author Comment

by:MelvinSE
Comment Utility
I have considered OWA, but from what I've heard and read, it's features are very limited.  The employees who require access from the Internet would like to use Outlook so they have all the features they normally have in the office.  Can't say I blame them.
0
 

Author Comment

by:MelvinSE
Comment Utility
OneHump,

That's my fear.  Preator is getting all the SMTP traffic on port 25 right now.  The POP3 port to that server is disabled.  The new server is only getting POP3 packets right now.  Here's what I don't understand...

The way the system is setup, Exchange is now sending all OUTBOUND SMTP messages to the Praetor server, which checks them and sends them on their way.  If a client on the Internet is authenticated on the Exchange server (i.e. "logged in"), don't they now use Exchange just as someone would who was connected in the office?  By that I mean that when a user SENDS a message, Exchange should treat it as an internal SMTP message (since the client is authenticated and connected to Exchange and the company domain) and send it to the Praetor machine as usual, which forwards it out.  That's what I don't get.  I'm not sure what I'm trying to do is really "relaying",  I just want internet users to connect to the server via the internet.
0
 
LVL 10

Expert Comment

by:dstoker509
Comment Utility
Outlook is also limited when you use POP3.  Have you looked at IMAP4 instead?
0
Integrate social media with email signatures

Is your company active on social media? Do you also use email signatures? Including social media icons in your email signature is a great way to get fans for free. Let all your email users know you’re on social media quickly and easily, in a single click.

 
LVL 10

Expert Comment

by:OneHump
Comment Utility
IMAP is indeed better but also limited.  All you really get with IMAP that you don't get with POP, in terms of content, is folders.  No calendars or tasks or meeting requests.  OWA 5.5 is really difficult to use.  OWA doesnt start getting good until E2K.

"If a client on the Internet is authenticated on the Exchange server (i.e. "logged in"), don't they now use Exchange just as someone would who was connected in the office?  "

In your case, the answer to this is no.  When you are using a standards based protocol like POP, you are not considered "logged on" to the server in an Exchange sense.  You use the POP protocol to get to connect and download your email and then disconnect.  When email is being sent, a different protocol, SMTP, is used to connect. If you want to authenticate for delivery, you need to use SMTP authentication; something Outlook express supports.  You also need to configure the relay settings on your IMC to relay for authenticated clients.

What you are thinking is when MAPI Outlook clients connect.  They use RPC to both send and recieve email and are considered authenticated.  When you use POP, it's a different ballgame.  In reality, you Exchange server is really no different than a Sendmail server when using POP.

OneHump

0
 

Author Comment

by:MelvinSE
Comment Utility
Thanks for the explaination.  This is very helpful.

So, my question now is...
a) I'm sure that I've configured the clients for SMTP authentication (On the Servers page of the connection properties, it has a checkbox for requiring authentication on the outbound server) and Outlook still asks for a "proper SMTP server address" because it "can't find" the one I set it for (which it DID find using POP3).  Is there something I'm missing to get SMTP authentication to work under full versions of Outlook (97, 2000, XP, etc.)?

Or...
b) Can I set up an RPC connection through the firewall for Internet clients?  I've been reading up on a situation like that (opening up ports 135 and staticly mapping the higher ports - 5001, 5002, etc.) and was wondering if that may be the answer.  I think OWA is out of the question.

As an aside, would a VPN solve all this?  Or is an RPC connection considered a VPN?  This is the one area of Exchange I've never worked in before, so thanks for all your patience.
0
 
LVL 10

Accepted Solution

by:
OneHump earned 250 total points
Comment Utility
a)  "Full verions" of Outlook run differently.  I wouldnt use Outlook 97/98 so let's talk about versions starting with 2000.  There are two modes; Enterprise and Internet Email Only (IMO).  IMO functions a lot like Outlook Express.  It supports standards based protocols like POP, IMAP, SMTP and LDAP.  It does not support MAPI.  The Enterprise install supportst MAPI by default and can support some standards based protcols by setting up an extra service.  It's not a very clean way to do things, but people do it and it does bring flexibilty to the application.

What you need to do is configure your client to use any SMTP server, preferably the user's ISP's SMTP server, to delivery email.  They need access to port 25 on that server.  I suggest Outlook Express as a better alternative to Outlook for standard protocols.  It does not, however, have Calander, Tasks, etc.

b)  I wouldnt do that.  It's a security problem.  I do agree that OWA is not a great solution with 5.5.

VPN would absolutely solve this.  With VPN, you could allow MAPI and be done with POP/IMAP/SMTP.  RPC is not VPN.  To put it simply, RPC makes the client computer think it's getting information from the local machine.  It's a protocol that can run within a VPN and can run over a TCP/IP connection as well.  If you did run it over a VPN, the VPN would run over a TCP connection as would RPC, but the RPC communication would be tunneled inside the VPN.

Keep asking questions if you have them.

OneHump
0
 

Author Comment

by:MelvinSE
Comment Utility
I guess it's time to look into setting up a VPN.  I'm sure I'll have questions along the way, but as far as this question, you've helped a lot.  Thanks.

0
 
LVL 10

Expert Comment

by:OneHump
Comment Utility
Just let us know.  

OneHump
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now