Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 818
  • Last Modified:

MSMAIL --> Exchange Migrations w/ Third Party Internet Email Provider

Looking for some opinions from exchange experts.

currently my company uses MSMAIL (yes, Microsoft Mail) running on a netware server to hand its in-house email.  the company currently uses about 75 in-house mailboxes.  the network infrastructure is as follows:

2 Windows Server boxes (1x 2003, 1x 2000)
Single windows domain (matches *.com internet address)
1 Netware 5 boxes (file server)
10/100 LAN architecture throughout
DHCP/DNS/AD provided by Server boxes
Netware only for file serve, with MSMAIL currently on the system.
Internet email provided by third party ISP
Full T1 internet; Vina router acting as primary gateway with no respectable hardware firewall solution.
Office 2000 on all clients.  All but 3-4 clients are 2000/XP pro, which should be there by rollout stage.
Office 2003 licenses have been purchased for sometime, but because MSMAIL isn't supported, we haven't rolled out.

The plan is to add a second Server2k3 box (third Server box).  4x73GB U320 RAID5 array.  P4 2.8GHz Prescott.  1GB ram.  This box will be solely for exchange, maybe with DNS running.  We have a full T1, but because our firewall solution is basically non-existant, we DO NOT want to provide internet email with this box at this time.  We just want it to do in-house email, and outsource our internet email and website to Dreamhost.  Currently, everyone's mail is kept in PSTs on the netware server.  Since the mail system has been in service for 5+ years, the PSTs have gotten rather large and constantly need repair.

What is the best way to proceed with our migration?

My back-of-the-envelope plan goes something like this:

1. Setup and install exchange box onto the domain.
2. Enable everyone's email boxes in AD
3. Go client to client and install O2003 (maybe look into centralized rollout w/ windows?)
4. Add everyone's exchange box to the outlook profile.  Move PST contents to exchange account
5. Add an internet mail account to each client

Any suggestions would be appreciated.  Don't bother questioning the decision to go with exchange.  Its already been bought.  But everything else is on the table.

What is the best way to use exchange for in-house email while using third party for external?  can i configure exchange to accept all email, but forward everything outside our domain on to our third-party SMTP server and pull in everyone's incoming internet mail with a POP3/SMTP connector?  
  • 3
  • 2
1 Solution
Dual head implementations are troublesome. Take a look through this site and you will see that there have been numerous problems in the past.
The main issue is with remote users. Exchange/Outlook will send email locally, so if you have remote users they may not get the email message. However if you have all email delivered to Exchange, you can manage remote users in a number of ways (POP3 collecting, IMAP, VPN, RPC/HTTPS etc)

Your plan is pretty sound. Couple of things I would suggest that you do though.

1. Configure Exchange as if it was going to be receiving email. So enter your external domain in to recipient policy, make it the default, make sure the email addresses are correct etc. If any email does slip out through Exchange then at least it has a chance of being delivered correctly and the recipient can reply to it.

2. While you said that your firewall cover is non-existent, please try and reconsider using a third party POP3 server. Even a cheap Linksys router in front of Exchange will do the job. You are of the size where a real firewall should be considered and it will make management of the email so much easier if you let Exchange do what it was designed to do and receive email directly by SMTP.
Surely you have something protecting the LAN?

3. Don't use a POP3 connector. Dreadful things.

4. If you are going to do a centralised roll out, then use an admin install point for Outlook/Office and apply all the updates to it first. This is covered on the Office Resource Kit web site. You can then deploy once and the users have the latest updates.

Exchange MVP.
ColebertAuthor Commented:
first, thanks so much for replying to my thread, Simon.

i guess i should have been a little clearer about the setup.  There is firewall protection.  The Vina T1 router/gateway does NAT.  We have been allocated 9 static IP address with it.  The only problem is that its leased from the Telco and they don't want to open/forward ports on it.  They will let us get our own firewall solution to put behind it and let it push it all to us, but don't want to be the one to be called to open/close ports, etc.  

So I know we need something like a Sonicwall or something, but that purchase isn't planned at the moment.

The primary reason for the dual approach is because I'm concerned about security.  Currently we are a closed system with no open ports to any computers on the network.  We're understaffed (who isnt?!) and its just been most comfortable to not give any consideration to the matter.  I'd be open to any comforting words/suggestions on using our exchange box as the internet email solution, but i'm worried because we don't have the best firewall solution, we maybe opening ourselves up to more headaches than using a dual approach.

Remote users aren't really an issue.  We have 2 people who are off-site and we don't really like them anyway!  So 96% of our potential users are onsite and about 100% of the users we care about are there, too.

What are the best keywords to search for to find problems with this bifurcated approach?

Thanks for the suggestions and help.  

ColebertAuthor Commented:
also, i suppose since the topic is drifting towards using exchange as both in and out-house mail...

we technically DON'T have just one unified domain.  we have one unified domain name for administrative purposes, but about 3-5 for email.  let me break it down:

abc.org:  administrative domain; about 60% of employes have *@abc.org email
xyz.com: no corresponding in-house DC; about 30% of employees have *@xyz.com email
tuv.net: no corresponding in-house DC; about 8% of employees have *@tuv.net email

there are a couple other odd-ball addresses.  how could i possibly make something like this work w/o making all the domains into real administrative microsoft AD domains?
Exchange doesn't care what the email domains are. As long as they are listed in Recipient policy it will deliver the email to a mailbox with the required email address. It does need one consistent domain across all mailboxes to work trouble free, but this domain doesn't have to be the default address.

My home domain for example has a dozen domains listed and accepts email for all of them. While it provides additional challenges on the setup of the Exchange server, it can be done.

ColebertAuthor Commented:
did the roll out about 45 days ago.  everyhting went well.  we were using PSTs for about 80 users, so I found using EXMERGE to shotgun them into exchange saved TONS OF TIME!  

the dual head approach is annoying, though.  We have an exchange service AND a POP3/SMTP service in every outlook client.  We make the exchange service the default.  This works because I have configured the Exchange box to point outgoing mail to a smarthost/SMTP server run by out ISP provider, so it handles outgoing traffic.

each user's incoming traffic is handled by a POP3 box maintained by a third party.  this works well about 85% of the time.  however, when a user received an internet message and wants to forward it to an in-house distribution list, Outlook wants to send it out through the internet SMTP service rather than the exchange server.  This results in bounce-back/undeliverables, and very annoyed users.  The simple solution to make sure that when they forward, the check the ACCOUNTS button so that it is using EXCHANGE SERVER and not the INTERNET service.  

getting a sonicwall this fall, so hopefully all this mess will go away soon.

hope this helps anyone looking for advice on this type of rollout.

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now