SBS 2003 - Exchange Settings

I'm about to embark on upgrading our current network structure (Windows 2000 Server - DC, Windows 98 - running VPOP3 Mail Server & Comodo Trustix 4) with a new server running SBS 2003. One of the areas that I'm obviously looking to implement is Exchange. I'd like to receive the mail directly to my server (rather than POP3 thru my ISP) but I'm a bit confused as to who I should speak to about setting this up.

I believe that I need to contact my ISP (that is hosting my domain) to setup a MX record for my DNS domain (ie my MX record is so server would be addressed as I also need an A Level entry ( and this is to point to the external IP address of my firewall) - this was read from question 21112412. I then need to configure the Exchange Server on SBS 2003 accordingly. Is this correct?

Now the main problem I have is that our organisation is supplied their internet access from British Telecom using an Intelligent Gateway Router (a 1Mb line). We have a static IP address supplied by them for our connection. Our website (domain) is hosted by a company called Clearfuse and our current POP3 provider is called Onthespot. Now who should I contact to setup this MX record to point to our server? I would have thought it would be Clearfuse as they host the domain but they are not our ISP.

Also, would I use my server as the primary DNS Server after all of this or should it point to my ISP? At present we have no thoughts of bringing the external website hosted by Clearfuse into the internal server. We'll prehaps open Sharepoint for Internet use at some stage but no right away.

Any advice is welcome as always.
Steven O'NeillSolutions ArchitectAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security OfficerIT Consultant, Network Engineer, Windows Network Administrator, VMware AdministratorCommented:
Setup your SBS server with your Domain Name.  

Whomever you have your Domain Name registered through is probably handling the DNS for it.  You will need to put in an A record for the server.  You will also make an MX record for the server.  Right now that may or may not point to your ISP's mail server.

For these IP addresses, you will put the public IP address of your organization.  You may have it on your Router or firewall.  Anyway, those names will point to your public IP address.  If your SBS has a public IP itself, then you would point it there.  Otherwise, it points to the router/firewall that is providing NAT for you.  You would then Open up TCP port 25 for SMTP and forward that to the internal IP address of your server.  If you want OWA to also work, do the same for port 80.

With and SBS server online, the proper setup for your internal DNS is to have the SBS server point to itself. All Clients will point to the SBS server.  The only place you need your ISP's DNS settings is in the router/firewall.  If a resolution request hits the DNS server and it cannot resolve it, then it will contact the Internet Root Servers for resolution, get the answer, put it in it's cache and return the answer to the workstation.

You pretty much have all the right information in you post.
I would not setup your internal domain with the same exact name your are registered on the Internet with.  This is not recommended and will lead to Internal DNS problems.

So, if externally, you company is known on the Internet as, make your internal domain name company.local.

To find out who controls your DNS Internet domain, go to this website:  You are looking for your DOMAIN will return contact information.  You will need to contact these people to make changes such as MX records.

Otherwise, you everything you say looks right.

Note:  You will want to point all of your internal clients to your internal Windows 2003 DNs server ONLY.  Then configure your Windows 2003 DNS server to forward requests to the ISP DNS servers.  To configure fowarding, Right click your DNS server in the DNS console, and choose properties.  Then click the Forwarders tab.  Enter your ISP DNS servers here...

Steven O'NeillSolutions ArchitectAuthor Commented:
Guys thanx for this, puts my mind at ease.

Our internal domain is already known as domain.local (were we have for our Internet site). I take it that I'm looking for something like Registrant's Agent when doing the lookup (our domain is actually a but I'm simplifing it for usage here).

As for the public IP address, I take it that this is the one that I have on my Default Gateway of my Firewall? The IP address used by the Router is different but is on the same subnet but I take it that I'd use the IP address supplied by my ISP that is used at the Default Gateway, right? The Default Gateway is on ***.***.***.6 and the Router is using ***.***.***.3. Perhaps thinking about it it should be the Router? The network card at the Trustix firewall (not the Router) is on ***.***.***.3, so is this our public IP?

Checking over the Router settings I note that the internal firewall is set for maximum protection (no unsolicited inbound traffic). I take it that in order for me to receive the mail I want to I'd need to open this up slightly to allow traffic to access the network?
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security OfficerIT Consultant, Network Engineer, Windows Network Administrator, VMware AdministratorCommented:
Yes, on your firewall setting, you will have to open TCP port 25 and forward it to the IP address of your mail server for proper operation.

At your registrant, who probably holds your Internet DNS records, just have them point the A Record and MX record to your public IP address, the external interface on your router/firewall.  
For Example External Interface |Router/Firewall|Internal Interface Server

ok...  Lets say I'm sending you an email.  My server queries DNS and is told that is at, is the public IP of your Router/firewall  ...........  Now the packet on port 25 is being allowed by the rules through the firewall and forwards it to the mail server,

Does that clear it up a little?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Steven O'NeillSolutions ArchitectAuthor Commented:
Very clear now thanx. I've split the points somewhat as NJComputerNetworks gave some valuable advise as well.
Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security OfficerIT Consultant, Network Engineer, Windows Network Administrator, VMware AdministratorCommented:
Thanks and Good Luck!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.