Solved

Help with Exchange 2003 setup

Posted on 2004-04-26
11
633 Views
Last Modified: 2006-11-17
We have exchange server 2003 installed on W2003 server but not uisng it at the moment.  Until now we have received e-mail via pop3.

I need to configure dns mx records correctly etc to start forwarding mail to our server.  Am a bit clueless in some areas here so would appreciate some help setting all of this up securely.

We have a domain name set up.  INternet access is adsl via a belkin wireless g router.

I would also like to set up OWA (securely).

Can anyone help?

Much obliged

Wing

0
Comment
Question by:WingYip
  • 4
  • 3
  • 2
  • +1
11 Comments
 
LVL 23

Expert Comment

by:rhandels
ID: 10917156
Hi

You have to report your ISP that you would like to create a MX record for your domain. Let the ISP forward the mail for mydomain.com to your firewall or routers external ip address. Then all mail for mydomain.com will be send to your external ip address. There you can NAT the external ip address into the internal ip address of your mailserver, and you will recieve all mail at your mailserver.

Here ase some links for installation of OWA
http://support.microsoft.com/?kbid=234805
http://support.microsoft.com/default.aspx?scid=kb;en-us;290287


Here's a link for rights and security on OWA.
http://support.microsoft.com/default.aspx?scid=kb;en-us;301428
0
 
LVL 20

Expert Comment

by:ikm7176
ID: 10917172
0
 
LVL 1

Author Comment

by:WingYip
ID: 10918007
MX record is now pointing to external ip of router.

I seem to be able to send mail but cannot at present receive it.

I should tell you that the Internet Mail wizard has been run already.  We really just guessed at the options at that stage.

Would appreciate some help checking the current config of the Exchange server.  So that we can start to recieve mail when the MX record update has propogated.

There are 2 nics in the machine and 2 entries under Servers>Protocols>SMTP tab - "Default smtp virtual server" and "Internet smtp virtual server"

Regards

Wing
0
 
LVL 23

Expert Comment

by:rhandels
ID: 10918094
Hi,

How does your mail enter your company??? Via A router and then ISA??
If the mail comes in through ISA, make sure to make a Server Publishing Rule that points from the external ip address of your ISA to the internal ip address of your Mailserver.

Please post your progress, so we can help..
0
 
LVL 1

Author Comment

by:WingYip
ID: 10918155
Don't use ISA at present

Mail is forwarded from ISP to External static IP of Router and NAT'd to Exchange server which obviously has internal IP.

Wing
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 20

Expert Comment

by:ikm7176
ID: 10918912
If the NAT is configured on  the Router then you need to wait till your MX record have been updated

check the site http://www.dnsstuff.com to check whether your MX record has been updated on all the DNS servers.

make sure that you can telnet to your exchange server on port 25 from internet.

0
 
LVL 2

Expert Comment

by:trbonja
ID: 10924978
1- make sure your mx record replicated. Once you sure mx is replicated, go to the next step
2 - Vireless G router isn't secure at all. If you have to use wireless part of that unit at lease enable encription & disable wireless broadcast net name.
3 - Get a true hardware firewall. NAT-ing on it's own is not enough. If money is an issue (when it isn't?) at least use Linux based firwall solution. They need dedicated pc for it. I've used ipcop for many  commercial deployments of email systems (windows & linux based). support is avilable from many sites & it's free download  with active development.
ihttp://www.ipcops.net  - free suport & downloads.
4 - Forward  ports from firewall  to your exchange (the less ports the better)
5 - install security cerfiticate on your windows 2003 server for OWA & forwared  ssl port to exchange server. You can use OWA without certificate but that won't be secure .
6 - Email fitering is optional but highly recomended.

Damn it's to late. gtg to get some sleep :)

Good luck!

Regards,
Trbonja


0
 
LVL 1

Author Comment

by:WingYip
ID: 10926885
trbonja a couple more questions.

Everything seems to be working however OWA is set up on port 80 at the moment as we have no certificate.  Is there any other way to secure it other than buying a ssl certificate (more money).   How much of a real security risk is this?

I notice that our norton anti virus does not seem to scan incoming mail anymore.  Does this mean that norton does not work with exchange/outlook client.  Or can it be reconfigured?

Any all seems to be working if insecurely at present.

Thanks for the checklist

Wing

0
 
LVL 20

Assisted Solution

by:ikm7176
ikm7176 earned 50 total points
ID: 10927968
You can secure your OWA by installing the windows 2003 CA server its free you dont need to pay for it!
you can visit  http://www.isaserver.org/tutorials/pubowa2003toc.html site to see the Tom Shiniders article on Publishing OWA it is explained in Part-2

Else, Search microsoft site for how to setup CA server

For Antivrus you should use the Exchange aware antivirus software if you are using NAV you should have NAV 8.6 enterprise edition which is compatible with windows 2003 and exchange 2003.
0
 
LVL 2

Accepted Solution

by:
trbonja earned 200 total points
ID: 10928667
- As stated in the post by ikm7176 you don't have to pay for it use the link or there a lot of tutorials on how to setup CA server.  I my-self wouldn't bother with it. Read on...
- Yes, you do need exchange aware virus scanner. I does cost money but there is no safe way around it
Benefits of having exchange aware virus scanner (I preffer eTrust InoculateIT):
1 Central management - All clients can be installed/updated from server
2 Auto virus signature update server/client
3 It will scan not just emails (done on the server)  but user's local file system (user locally installed client)...
You should also have a look at products like:
http://www.nwtechusa.com/mailmarshal.php
I've been using mail marshall for over 3 years now. Saved me a lot of work.

SECURING OWA:
Do not let users to  use port 80 directly from internet. Instead configure you windows 2003 server as a vpn server:
START->ADMINISTRATIVE TOOLS->CONFIGURE YOUR SERVER WIZARD
Click next twice & from the list select remote access / VPN server
Click next & follow the instructions on the screen.

Once your done with the vpn server, on your firewall open & forward TCP 1723 & GRE to your vpn server (just configured).
From this point your external users (xp & win2000) can use "new network wizard" to attach to your vpn server.
Once they authenticated they'll get an einternal ip address and have encripted access to your lan (including OWA)
If user's are connecting using highspeed connection they'll be able to use not just OWA but their files....
Naturally this can't be compared with Cisco/PIX vpn setup but is the secure for most part. After all you get what you paid for:(
gtg back to work :(

Good luck to you!

Regards,
Trbonja

 
0
 
LVL 1

Author Comment

by:WingYip
ID: 10934224
Great! thanks for the help all

0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now