Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Help with Exchange 2003 setup

Posted on 2004-04-26
Last Modified: 2006-11-17
We have exchange server 2003 installed on W2003 server but not uisng it at the moment.  Until now we have received e-mail via pop3.

I need to configure dns mx records correctly etc to start forwarding mail to our server.  Am a bit clueless in some areas here so would appreciate some help setting all of this up securely.

We have a domain name set up.  INternet access is adsl via a belkin wireless g router.

I would also like to set up OWA (securely).

Can anyone help?

Much obliged


Question by:WingYip
  • 4
  • 3
  • 2
  • +1
LVL 23

Expert Comment

ID: 10917156

You have to report your ISP that you would like to create a MX record for your domain. Let the ISP forward the mail for mydomain.com to your firewall or routers external ip address. Then all mail for mydomain.com will be send to your external ip address. There you can NAT the external ip address into the internal ip address of your mailserver, and you will recieve all mail at your mailserver.

Here ase some links for installation of OWA

Here's a link for rights and security on OWA.
LVL 20

Expert Comment

ID: 10917172

Author Comment

ID: 10918007
MX record is now pointing to external ip of router.

I seem to be able to send mail but cannot at present receive it.

I should tell you that the Internet Mail wizard has been run already.  We really just guessed at the options at that stage.

Would appreciate some help checking the current config of the Exchange server.  So that we can start to recieve mail when the MX record update has propogated.

There are 2 nics in the machine and 2 entries under Servers>Protocols>SMTP tab - "Default smtp virtual server" and "Internet smtp virtual server"


Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

LVL 23

Expert Comment

ID: 10918094

How does your mail enter your company??? Via A router and then ISA??
If the mail comes in through ISA, make sure to make a Server Publishing Rule that points from the external ip address of your ISA to the internal ip address of your Mailserver.

Please post your progress, so we can help..

Author Comment

ID: 10918155
Don't use ISA at present

Mail is forwarded from ISP to External static IP of Router and NAT'd to Exchange server which obviously has internal IP.

LVL 20

Expert Comment

ID: 10918912
If the NAT is configured on  the Router then you need to wait till your MX record have been updated

check the site http://www.dnsstuff.com to check whether your MX record has been updated on all the DNS servers.

make sure that you can telnet to your exchange server on port 25 from internet.


Expert Comment

ID: 10924978
1- make sure your mx record replicated. Once you sure mx is replicated, go to the next step
2 - Vireless G router isn't secure at all. If you have to use wireless part of that unit at lease enable encription & disable wireless broadcast net name.
3 - Get a true hardware firewall. NAT-ing on it's own is not enough. If money is an issue (when it isn't?) at least use Linux based firwall solution. They need dedicated pc for it. I've used ipcop for many  commercial deployments of email systems (windows & linux based). support is avilable from many sites & it's free download  with active development.
ihttp://www.ipcops.net  - free suport & downloads.
4 - Forward  ports from firewall  to your exchange (the less ports the better)
5 - install security cerfiticate on your windows 2003 server for OWA & forwared  ssl port to exchange server. You can use OWA without certificate but that won't be secure .
6 - Email fitering is optional but highly recomended.

Damn it's to late. gtg to get some sleep :)

Good luck!



Author Comment

ID: 10926885
trbonja a couple more questions.

Everything seems to be working however OWA is set up on port 80 at the moment as we have no certificate.  Is there any other way to secure it other than buying a ssl certificate (more money).   How much of a real security risk is this?

I notice that our norton anti virus does not seem to scan incoming mail anymore.  Does this mean that norton does not work with exchange/outlook client.  Or can it be reconfigured?

Any all seems to be working if insecurely at present.

Thanks for the checklist


LVL 20

Assisted Solution

ikm7176 earned 50 total points
ID: 10927968
You can secure your OWA by installing the windows 2003 CA server its free you dont need to pay for it!
you can visit  http://www.isaserver.org/tutorials/pubowa2003toc.html site to see the Tom Shiniders article on Publishing OWA it is explained in Part-2

Else, Search microsoft site for how to setup CA server

For Antivrus you should use the Exchange aware antivirus software if you are using NAV you should have NAV 8.6 enterprise edition which is compatible with windows 2003 and exchange 2003.

Accepted Solution

trbonja earned 200 total points
ID: 10928667
- As stated in the post by ikm7176 you don't have to pay for it use the link or there a lot of tutorials on how to setup CA server.  I my-self wouldn't bother with it. Read on...
- Yes, you do need exchange aware virus scanner. I does cost money but there is no safe way around it
Benefits of having exchange aware virus scanner (I preffer eTrust InoculateIT):
1 Central management - All clients can be installed/updated from server
2 Auto virus signature update server/client
3 It will scan not just emails (done on the server)  but user's local file system (user locally installed client)...
You should also have a look at products like:
I've been using mail marshall for over 3 years now. Saved me a lot of work.

Do not let users to  use port 80 directly from internet. Instead configure you windows 2003 server as a vpn server:
Click next twice & from the list select remote access / VPN server
Click next & follow the instructions on the screen.

Once your done with the vpn server, on your firewall open & forward TCP 1723 & GRE to your vpn server (just configured).
From this point your external users (xp & win2000) can use "new network wizard" to attach to your vpn server.
Once they authenticated they'll get an einternal ip address and have encripted access to your lan (including OWA)
If user's are connecting using highspeed connection they'll be able to use not just OWA but their files....
Naturally this can't be compared with Cisco/PIX vpn setup but is the secure for most part. After all you get what you paid for:(
gtg back to work :(

Good luck to you!



Author Comment

ID: 10934224
Great! thanks for the help all


Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question