Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Help with Exchange 2003 setup

Posted on 2004-04-26
Medium Priority
Last Modified: 2006-11-17
We have exchange server 2003 installed on W2003 server but not uisng it at the moment.  Until now we have received e-mail via pop3.

I need to configure dns mx records correctly etc to start forwarding mail to our server.  Am a bit clueless in some areas here so would appreciate some help setting all of this up securely.

We have a domain name set up.  INternet access is adsl via a belkin wireless g router.

I would also like to set up OWA (securely).

Can anyone help?

Much obliged


Question by:WingYip
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
LVL 23

Expert Comment

ID: 10917156

You have to report your ISP that you would like to create a MX record for your domain. Let the ISP forward the mail for to your firewall or routers external ip address. Then all mail for will be send to your external ip address. There you can NAT the external ip address into the internal ip address of your mailserver, and you will recieve all mail at your mailserver.

Here ase some links for installation of OWA;en-us;290287

Here's a link for rights and security on OWA.;en-us;301428
LVL 20

Expert Comment

ID: 10917172

Author Comment

ID: 10918007
MX record is now pointing to external ip of router.

I seem to be able to send mail but cannot at present receive it.

I should tell you that the Internet Mail wizard has been run already.  We really just guessed at the options at that stage.

Would appreciate some help checking the current config of the Exchange server.  So that we can start to recieve mail when the MX record update has propogated.

There are 2 nics in the machine and 2 entries under Servers>Protocols>SMTP tab - "Default smtp virtual server" and "Internet smtp virtual server"


Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 23

Expert Comment

ID: 10918094

How does your mail enter your company??? Via A router and then ISA??
If the mail comes in through ISA, make sure to make a Server Publishing Rule that points from the external ip address of your ISA to the internal ip address of your Mailserver.

Please post your progress, so we can help..

Author Comment

ID: 10918155
Don't use ISA at present

Mail is forwarded from ISP to External static IP of Router and NAT'd to Exchange server which obviously has internal IP.

LVL 20

Expert Comment

ID: 10918912
If the NAT is configured on  the Router then you need to wait till your MX record have been updated

check the site to check whether your MX record has been updated on all the DNS servers.

make sure that you can telnet to your exchange server on port 25 from internet.


Expert Comment

ID: 10924978
1- make sure your mx record replicated. Once you sure mx is replicated, go to the next step
2 - Vireless G router isn't secure at all. If you have to use wireless part of that unit at lease enable encription & disable wireless broadcast net name.
3 - Get a true hardware firewall. NAT-ing on it's own is not enough. If money is an issue (when it isn't?) at least use Linux based firwall solution. They need dedicated pc for it. I've used ipcop for many  commercial deployments of email systems (windows & linux based). support is avilable from many sites & it's free download  with active development.
i  - free suport & downloads.
4 - Forward  ports from firewall  to your exchange (the less ports the better)
5 - install security cerfiticate on your windows 2003 server for OWA & forwared  ssl port to exchange server. You can use OWA without certificate but that won't be secure .
6 - Email fitering is optional but highly recomended.

Damn it's to late. gtg to get some sleep :)

Good luck!



Author Comment

ID: 10926885
trbonja a couple more questions.

Everything seems to be working however OWA is set up on port 80 at the moment as we have no certificate.  Is there any other way to secure it other than buying a ssl certificate (more money).   How much of a real security risk is this?

I notice that our norton anti virus does not seem to scan incoming mail anymore.  Does this mean that norton does not work with exchange/outlook client.  Or can it be reconfigured?

Any all seems to be working if insecurely at present.

Thanks for the checklist


LVL 20

Assisted Solution

ikm7176 earned 200 total points
ID: 10927968
You can secure your OWA by installing the windows 2003 CA server its free you dont need to pay for it!
you can visit site to see the Tom Shiniders article on Publishing OWA it is explained in Part-2

Else, Search microsoft site for how to setup CA server

For Antivrus you should use the Exchange aware antivirus software if you are using NAV you should have NAV 8.6 enterprise edition which is compatible with windows 2003 and exchange 2003.

Accepted Solution

trbonja earned 800 total points
ID: 10928667
- As stated in the post by ikm7176 you don't have to pay for it use the link or there a lot of tutorials on how to setup CA server.  I my-self wouldn't bother with it. Read on...
- Yes, you do need exchange aware virus scanner. I does cost money but there is no safe way around it
Benefits of having exchange aware virus scanner (I preffer eTrust InoculateIT):
1 Central management - All clients can be installed/updated from server
2 Auto virus signature update server/client
3 It will scan not just emails (done on the server)  but user's local file system (user locally installed client)...
You should also have a look at products like:
I've been using mail marshall for over 3 years now. Saved me a lot of work.

Do not let users to  use port 80 directly from internet. Instead configure you windows 2003 server as a vpn server:
Click next twice & from the list select remote access / VPN server
Click next & follow the instructions on the screen.

Once your done with the vpn server, on your firewall open & forward TCP 1723 & GRE to your vpn server (just configured).
From this point your external users (xp & win2000) can use "new network wizard" to attach to your vpn server.
Once they authenticated they'll get an einternal ip address and have encripted access to your lan (including OWA)
If user's are connecting using highspeed connection they'll be able to use not just OWA but their files....
Naturally this can't be compared with Cisco/PIX vpn setup but is the secure for most part. After all you get what you paid for:(
gtg back to work :(

Good luck to you!



Author Comment

ID: 10934224
Great! thanks for the help all


Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to:…
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question