Solved

Exchange 5.5 Server not seen by Outlook Internet Mail clients

Posted on 2004-04-08
10
664 Views
Last Modified: 2010-03-05
I just set up a new server (replacing an old one) with Windows 2000 Server and Exchange 5.5.  Previously, the original server was set up to allow client relaying.  We had a spam issue (open relay) and had to close the relay and set up a message firewall (CMS Praetor, I recommend it) and installed it on the same machine as Exchange.  Since Praetor doesn't allow relaying of any kind, we bought a new server (since the first one was old anyway) to use as the new mail server while the old one became the stand-alone message firewall.  All SMTP traffic flows into the message firewall machine, then to the new Exchange server.  Outgoing messages go the other way, obviously.  Here's the fun part...

I'm setting up remote clients to connect right to the NEW server via pop3.  The new server has it's own public IP (it's hidden) and the router is configured to allow POP3 requests through.  Clients can get their mail.  Everything's great with that part.  Problem is, and you probably saw this coming, clients can't see the smtp server (Outlook times out and says "The SMTP server your provided is not available, please enter the proper mail server address" message.

The IP addresses in Outlook for both incoming and outgoing are set to the public IP of the NEW server.  Since the router is only set to allow pop3 packets through to the new server, I'm assuming that's why it wasn't responding.  Here's what I'm fuzzy on.  My company's DNS record still points to the old server, which is correct in order to use the message firewall.  If I open up the router to allow SMTP packets through to the NEW server, I'm afraid that after some time I'll have the same spam problem we once had since essencially the new server would now be open to SMTP packets from anyone with the public IP.  If I set the router to allow SMTP packets through to the new server, will that let Outlook clients on the internet see the server and relay?  AND, will that be a problem in the future like it once was?

Sorry for the novel, but there's a lot of history with this situatuation and I wanted to explain it as best I could.
0
Comment
Question by:MelvinSE
  • 4
  • 4
  • 2
10 Comments
 
LVL 10

Expert Comment

by:dstoker509
ID: 10785731
Have you considered using OWA for Exchange 5.5 instead of POP3? See http://support.microsoft.com/default.aspx?scid=kb;en-us;259240

0
 
LVL 10

Expert Comment

by:OneHump
ID: 10786866
These are POP clients coming in from the Internet, right?  I'm also assuming that Praetor has port 25 exposed to the Internet.  You could just point to Praetor, but then it's going to tell you that you cannot relay.  I don't know Praetor, but it might support authenticated SMTP.  Exchange does, but I havent run 5.5 in about a year so I can't be %100 percent sure that it supports it, but I'm pretty sure it does.  If Praetor does not, then you'll want to expose port 25 to your Exchange server and only relay for authenticated users.  I would never expose any port on an internal, non-perimeter, server to the Internet.  

I would not, however recommend that.  I would recommend that users who POP in use their ISPs SMTP server.  That's the correct way to do this.

OneHump
0
 

Author Comment

by:MelvinSE
ID: 10786875
I have considered OWA, but from what I've heard and read, it's features are very limited.  The employees who require access from the Internet would like to use Outlook so they have all the features they normally have in the office.  Can't say I blame them.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:MelvinSE
ID: 10786926
OneHump,

That's my fear.  Preator is getting all the SMTP traffic on port 25 right now.  The POP3 port to that server is disabled.  The new server is only getting POP3 packets right now.  Here's what I don't understand...

The way the system is setup, Exchange is now sending all OUTBOUND SMTP messages to the Praetor server, which checks them and sends them on their way.  If a client on the Internet is authenticated on the Exchange server (i.e. "logged in"), don't they now use Exchange just as someone would who was connected in the office?  By that I mean that when a user SENDS a message, Exchange should treat it as an internal SMTP message (since the client is authenticated and connected to Exchange and the company domain) and send it to the Praetor machine as usual, which forwards it out.  That's what I don't get.  I'm not sure what I'm trying to do is really "relaying",  I just want internet users to connect to the server via the internet.
0
 
LVL 10

Expert Comment

by:dstoker509
ID: 10786935
Outlook is also limited when you use POP3.  Have you looked at IMAP4 instead?
0
 
LVL 10

Expert Comment

by:OneHump
ID: 10787375
IMAP is indeed better but also limited.  All you really get with IMAP that you don't get with POP, in terms of content, is folders.  No calendars or tasks or meeting requests.  OWA 5.5 is really difficult to use.  OWA doesnt start getting good until E2K.

"If a client on the Internet is authenticated on the Exchange server (i.e. "logged in"), don't they now use Exchange just as someone would who was connected in the office?  "

In your case, the answer to this is no.  When you are using a standards based protocol like POP, you are not considered "logged on" to the server in an Exchange sense.  You use the POP protocol to get to connect and download your email and then disconnect.  When email is being sent, a different protocol, SMTP, is used to connect. If you want to authenticate for delivery, you need to use SMTP authentication; something Outlook express supports.  You also need to configure the relay settings on your IMC to relay for authenticated clients.

What you are thinking is when MAPI Outlook clients connect.  They use RPC to both send and recieve email and are considered authenticated.  When you use POP, it's a different ballgame.  In reality, you Exchange server is really no different than a Sendmail server when using POP.

OneHump

0
 

Author Comment

by:MelvinSE
ID: 10796961
Thanks for the explaination.  This is very helpful.

So, my question now is...
a) I'm sure that I've configured the clients for SMTP authentication (On the Servers page of the connection properties, it has a checkbox for requiring authentication on the outbound server) and Outlook still asks for a "proper SMTP server address" because it "can't find" the one I set it for (which it DID find using POP3).  Is there something I'm missing to get SMTP authentication to work under full versions of Outlook (97, 2000, XP, etc.)?

Or...
b) Can I set up an RPC connection through the firewall for Internet clients?  I've been reading up on a situation like that (opening up ports 135 and staticly mapping the higher ports - 5001, 5002, etc.) and was wondering if that may be the answer.  I think OWA is out of the question.

As an aside, would a VPN solve all this?  Or is an RPC connection considered a VPN?  This is the one area of Exchange I've never worked in before, so thanks for all your patience.
0
 
LVL 10

Accepted Solution

by:
OneHump earned 250 total points
ID: 10797125
a)  "Full verions" of Outlook run differently.  I wouldnt use Outlook 97/98 so let's talk about versions starting with 2000.  There are two modes; Enterprise and Internet Email Only (IMO).  IMO functions a lot like Outlook Express.  It supports standards based protocols like POP, IMAP, SMTP and LDAP.  It does not support MAPI.  The Enterprise install supportst MAPI by default and can support some standards based protcols by setting up an extra service.  It's not a very clean way to do things, but people do it and it does bring flexibilty to the application.

What you need to do is configure your client to use any SMTP server, preferably the user's ISP's SMTP server, to delivery email.  They need access to port 25 on that server.  I suggest Outlook Express as a better alternative to Outlook for standard protocols.  It does not, however, have Calander, Tasks, etc.

b)  I wouldnt do that.  It's a security problem.  I do agree that OWA is not a great solution with 5.5.

VPN would absolutely solve this.  With VPN, you could allow MAPI and be done with POP/IMAP/SMTP.  RPC is not VPN.  To put it simply, RPC makes the client computer think it's getting information from the local machine.  It's a protocol that can run within a VPN and can run over a TCP/IP connection as well.  If you did run it over a VPN, the VPN would run over a TCP connection as would RPC, but the RPC communication would be tunneled inside the VPN.

Keep asking questions if you have them.

OneHump
0
 

Author Comment

by:MelvinSE
ID: 10800942
I guess it's time to look into setting up a VPN.  I'm sure I'll have questions along the way, but as far as this question, you've helped a lot.  Thanks.

0
 
LVL 10

Expert Comment

by:OneHump
ID: 10801578
Just let us know.  

OneHump
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question