WingYip
asked on
Help with Exchange 2003 setup
We have exchange server 2003 installed on W2003 server but not uisng it at the moment. Until now we have received e-mail via pop3.
I need to configure dns mx records correctly etc to start forwarding mail to our server. Am a bit clueless in some areas here so would appreciate some help setting all of this up securely.
We have a domain name set up. INternet access is adsl via a belkin wireless g router.
I would also like to set up OWA (securely).
Can anyone help?
Much obliged
Wing
I need to configure dns mx records correctly etc to start forwarding mail to our server. Am a bit clueless in some areas here so would appreciate some help setting all of this up securely.
We have a domain name set up. INternet access is adsl via a belkin wireless g router.
I would also like to set up OWA (securely).
Can anyone help?
Much obliged
Wing
ASKER
MX record is now pointing to external ip of router.
I seem to be able to send mail but cannot at present receive it.
I should tell you that the Internet Mail wizard has been run already. We really just guessed at the options at that stage.
Would appreciate some help checking the current config of the Exchange server. So that we can start to recieve mail when the MX record update has propogated.
There are 2 nics in the machine and 2 entries under Servers>Protocols>SMTP tab - "Default smtp virtual server" and "Internet smtp virtual server"
Regards
Wing
I seem to be able to send mail but cannot at present receive it.
I should tell you that the Internet Mail wizard has been run already. We really just guessed at the options at that stage.
Would appreciate some help checking the current config of the Exchange server. So that we can start to recieve mail when the MX record update has propogated.
There are 2 nics in the machine and 2 entries under Servers>Protocols>SMTP tab - "Default smtp virtual server" and "Internet smtp virtual server"
Regards
Wing
Hi,
How does your mail enter your company??? Via A router and then ISA??
If the mail comes in through ISA, make sure to make a Server Publishing Rule that points from the external ip address of your ISA to the internal ip address of your Mailserver.
Please post your progress, so we can help..
How does your mail enter your company??? Via A router and then ISA??
If the mail comes in through ISA, make sure to make a Server Publishing Rule that points from the external ip address of your ISA to the internal ip address of your Mailserver.
Please post your progress, so we can help..
ASKER
Don't use ISA at present
Mail is forwarded from ISP to External static IP of Router and NAT'd to Exchange server which obviously has internal IP.
Wing
Mail is forwarded from ISP to External static IP of Router and NAT'd to Exchange server which obviously has internal IP.
Wing
If the NAT is configured on the Router then you need to wait till your MX record have been updated
check the site http://www.dnsstuff.com to check whether your MX record has been updated on all the DNS servers.
make sure that you can telnet to your exchange server on port 25 from internet.
check the site http://www.dnsstuff.com to check whether your MX record has been updated on all the DNS servers.
make sure that you can telnet to your exchange server on port 25 from internet.
1- make sure your mx record replicated. Once you sure mx is replicated, go to the next step
2 - Vireless G router isn't secure at all. If you have to use wireless part of that unit at lease enable encription & disable wireless broadcast net name.
3 - Get a true hardware firewall. NAT-ing on it's own is not enough. If money is an issue (when it isn't?) at least use Linux based firwall solution. They need dedicated pc for it. I've used ipcop for many commercial deployments of email systems (windows & linux based). support is avilable from many sites & it's free download with active development.
ihttp://www.ipcops.net - free suport & downloads.
4 - Forward ports from firewall to your exchange (the less ports the better)
5 - install security cerfiticate on your windows 2003 server for OWA & forwared ssl port to exchange server. You can use OWA without certificate but that won't be secure .
6 - Email fitering is optional but highly recomended.
Damn it's to late. gtg to get some sleep :)
Good luck!
Regards,
Trbonja
2 - Vireless G router isn't secure at all. If you have to use wireless part of that unit at lease enable encription & disable wireless broadcast net name.
3 - Get a true hardware firewall. NAT-ing on it's own is not enough. If money is an issue (when it isn't?) at least use Linux based firwall solution. They need dedicated pc for it. I've used ipcop for many commercial deployments of email systems (windows & linux based). support is avilable from many sites & it's free download with active development.
ihttp://www.ipcops.net - free suport & downloads.
4 - Forward ports from firewall to your exchange (the less ports the better)
5 - install security cerfiticate on your windows 2003 server for OWA & forwared ssl port to exchange server. You can use OWA without certificate but that won't be secure .
6 - Email fitering is optional but highly recomended.
Damn it's to late. gtg to get some sleep :)
Good luck!
Regards,
Trbonja
ASKER
trbonja a couple more questions.
Everything seems to be working however OWA is set up on port 80 at the moment as we have no certificate. Is there any other way to secure it other than buying a ssl certificate (more money). How much of a real security risk is this?
I notice that our norton anti virus does not seem to scan incoming mail anymore. Does this mean that norton does not work with exchange/outlook client. Or can it be reconfigured?
Any all seems to be working if insecurely at present.
Thanks for the checklist
Wing
Everything seems to be working however OWA is set up on port 80 at the moment as we have no certificate. Is there any other way to secure it other than buying a ssl certificate (more money). How much of a real security risk is this?
I notice that our norton anti virus does not seem to scan incoming mail anymore. Does this mean that norton does not work with exchange/outlook client. Or can it be reconfigured?
Any all seems to be working if insecurely at present.
Thanks for the checklist
Wing
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Great! thanks for the help all
You have to report your ISP that you would like to create a MX record for your domain. Let the ISP forward the mail for mydomain.com to your firewall or routers external ip address. Then all mail for mydomain.com will be send to your external ip address. There you can NAT the external ip address into the internal ip address of your mailserver, and you will recieve all mail at your mailserver.
Here ase some links for installation of OWA
http://support.microsoft.com/?kbid=234805
http://support.microsoft.com/default.aspx?scid=kb;en-us;290287
Here's a link for rights and security on OWA.
http://support.microsoft.com/default.aspx?scid=kb;en-us;301428