Exchange OWA 2003

Hi,

What must I do to publish my OWA to the internet? I know I need 443 through the firewall, but what do I tell my ISP? I have a domain. I plan to use a self SSL Certificate. No problem there. What DNS record should I tell the ISP to add? www.domain.com/owa? (Or anything else I choose)+the internal IP of the mail server? FIXed WAN address? what are the exact steps?

I used to do this years ago...but I forgot the procedure.
cybroshAsked:
Who is Participating?
 
tigermattConnect With a Mentor Commented:
>>> I don't have to modify the A record, by adding the /Exchange, right? since it's already embedded? true?'
Correct, you just add https:// to the beginning and /Exchange at the end assuming you're using mail.companydomain.com

-tigermatt
:)
0
 
tigermattCommented:
I assume you already have your MX records configured for domain.com so that mail is flowing in and out of Exchange correctly. I won't go into it here but let me know if you want me to.

You cannot tell your ISP to add a DNS record just for /owa. The whole point of DNS records is that they are independent of protocol, so you can use any protocol before domain.com and you will get to the same place on the Internet. If you use /owa, that is only accessible by HTTP or HTTPS.

The easiest way to access your OWA would be to simply use the subdomain which your MX record is tied to, most often mail.domain.com. Alternatively, some people like to make a subdomain called webmail.domain.com, then set that as an A record for your fixed WAN IP address.

-tigermatt
0
 
cybroshAuthor Commented:
Ok, thanks for the comment, but can you be a little more specific? more details on the technical steps needed to be done.
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
tigermattCommented:
As you haven't said otherwise, I will still assume you have MX records set up correctly and that you can send mail in and out of the Exchange server.

Probably the easiest way to do this would be to:

1) Create a subdomain: webmail.<yourdomain>.com
2) Ask your ISP/registrar to change the A record IP address on the subdomain to the IP address of your router which is accessible on the Internet (i.e. not the internal 10.x.x.x, 192.168.x.x or 172.x.x.x address, but the external one)
3) Once the record is changed, forward requests to port 443 on that IP address to the internal IP of the Exchange server
4) Go to https://webmail.<yourdomain>.com/exchange or /owa to test

If you have MX records set up already, you could just use them.

-tigermatt
0
 
cybroshAuthor Commented:
Tiger,

Thanks for replying. Sorry for being such a pest.
Yes, I have set up MX records, as well as the ISP's mail servers for fault tolerance(rating).

*In the event of having MX records, how do I use them?

*Again, sorry for being a pain...
0
 
tigermattCommented:
>>> *In the event of having MX records, how do I use them?

I'm not quite sure what you mean by "having MX records". MX records stands for "Mail Exchanger Records"; this is the DNS record which is looked up by mail servers attempting to send mail to a recipient at your domain. The MX record points to an FQDN (fully qualified domain name), which is then configured as an A record to your WAN IP address, which means connections are passed directly to your Exchange server assuming port 25 is forwarded correctly.

So having MX records *is* a good thing, otherwise mail wouldn't flow into your domain and possibly not outwards, depending on the setup of some recipients' mail servers they may reject messages if they can't perform a lookup of your MX records and verify that all sorts of other settings are correctly configured.

-tigermatt
0
 
cybroshAuthor Commented:
Hi TIger,

Here's the  MX/A records config :

-A record, FQDN=mail.companydomain.com, value=214.X.X.X(Real WAN IP), MX Pref=none
-MX record, FQDN=companydomain.com, value=mail.companydomain.com, MX Pref=10
-A Record, FQDN=mail.isp.com, value=Real wan IP, MX Pref=none
-MX Record, FQDN=companydomain.com, value=mail.isp.com, mx pref=100

How do I combine the OWA address with the above config?

Appreciate the help.
0
 
tigermattCommented:
Hi again,

I hope I don't over-complicate my posts! I always like to explain things thoroughly to make sure you everyone understands, but it often seems to complicate things a little!

The OWA address needs an A record which is mapped to the Exchange WAN IP. In this case, mail.companydomain.com has an A record of 214.x.x.x which is your WAN IP. Therefore, you could quite easily use mail.companydomain.com as your OWA address, just append /owa or /exchange depending on which of the two your OWA site uses.

Also, don't forget you will need port 443 forwarded in your router firewall and need your self-signed SSL certificate set up before the HTTPS through port 443 will work. Once everything is in place, you should be able to go to https://mail.companydomain.com/owa or /exchange from outside with no issues. Make sure you enter the https, http:// will only work if you forward port 80 too (insecure) to the Exchange server, in which case Exchange *should* redirect to the SSL connection although I believe this has to be manually configured.

--
So:
1) Forward port 443 in your router's firewall to Exchange server (just like you did with port 25, expect for TCP port 443)
2) Set up SSL certificate
3) Use https://mail.companydomain.com/owa or /exchange as your OWA URL.
--

Hope this helps!
-tigermatt
0
 
cybroshAuthor Commented:
Hi TIger,

Last question, just to make sure.

I don't have to modify the A record, by adding the /Exchange, right? since it's already embedded? true?'


0
 
cybroshAuthor Commented:
Thanks mate!!!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.