how do configure the exchange to recieve and send e-mail securely

I have just installed exchange 2003 and tested the install useing OWA I have 2 concerns the
1.  I want to configure the server for secure e-mail the
2.  How to use how do I get external DNS resolution for the exhange
I have run SMTP and shows below the problems can anyone help

Z:\Server Software\SMTPDIAG\SmtpDiag>smtpdiag pjsoyza@sos-consultancy.co.uk psoy
za@mail.adsl4less.co.uk -d 195.74.113.58 /v

Searching for Exchange external DNS settings.
Computer name is SOS3.
VSI 1 has the following external DNS servers:
There are no external DNS servers configured.

Checking SOA for mail.adsl4less.co.uk.
Checking external DNS servers.
Checking internal DNS servers.

Checking TCP/UDP SOA serial number using DNS server [192.168.0.27].
TCP test succeeded.
UDP test succeeded.
Serial number: 2004082704

Checking TCP/UDP SOA serial number using DNS server [192.168.0.1].
TCP test failed.
UDP test succeeded.
Serial number: 2004082704
SOA serial number match: Passed.

Checking local domain records.
Starting TCP and UDP DNS queries for the local domain. This test will try to
validate that DNS is set up correctly for inbound mail. This test can fail for
3 reasons.
    1) Local domain is not set up in DNS. Inbound mail cannot be routed to
local mailboxes.
    2) Firewall blocks TCP/UDP DNS queries. This will not affect inbound mail,
but will affect outbound mail.
    3) Internal DNS is unaware of external DNS settings. This is a valid
configuration for certain topologies.
Checking MX records using TCP: sos-consultancy.co.uk.
Warning: The TCP DNS query returned no results.
Checking MX records using UDP: sos-consultancy.co.uk.
Warning: No MX or A records were found for the local domain. If the records are
not configured, incoming mail can fail to be delivered to this server.

Checking remote domain records.
Starting TCP and UDP DNS queries for the remote domain. This test will try to
validate that DNS is set up correctly for outbound mail. This test can fail for
3 reasons.
    1) Firewall blocks TCP/UDP queries which will block outbound mail. Windows
2000/NT Server requires TCP DNS queries. Windows Server 2003 will use UDP
queries first, then fall back to TCP queries.
    2) Internal DNS does not know how to query external domains. You must
either use an external DNS server or configure DNS server to query external
domains.
    3) Remote domain does not exist. Failure is expected.
Checking MX records using TCP: mail.adsl4less.co.uk.
Warning: The TCP DNS query returned no results.
Checking MX records using UDP: mail.adsl4less.co.uk.
Error: No MX or A records were found for the remote domain. Verify that the
remote domain is valid. Your firewall allows outbound DNS queries (Windows
NT/2000 Server requires TCP), and your DNS server can resolve external domains.
LionoAsked:
Who is Participating?
 
LionoConnect With a Mentor Author Commented:
I have 2 servers 1 is my domain controller (DC) the other is a member server (MS) which is hosting exchange every time i do an SMTPDIAG it comes up with this message "Connecting to the server failed. Error: 10061" i have noticed that it is giving the IP address of my (DC) 192.168.0.27 instead of the Exchange server IP Address192.168.0.3 when I telnet to 192.168.0.3 all is ok comes up with correct details.
I know port 25 on the DC is not configured / set and telnet confirms this by giving error message could not open connection to host. I dont want the (DC) useing port 25 as I have port 25 open on the (MS) can any one give me a clue how to change this so it checks 192.168.0.3 port 25 instead of 192.168.0.27 port 25. As I think this is why I cannot send or recieve mail
0
 
omarfaridCommented:
In the domain zone, add mx record that points to your exchange server IP address.

For secure mail, you need to use smtp / imap / pop3 over ssl
0
 
rogerhuntCommented:
First, you need to register your domain name (sos-consultancy.co.uk?) with a registrar & setup an A record & MX record to point the mail to your server's external IP address.
Example
A Record:   mail.sos-consultancy.co.uk   64.255.100.1
MX Record:  mail.sos-consultancy.co.uk
All mail for ??@sos-consultancy.co.uk will be sent to 64.255.100.1
Then you will need to forward the correct ports into the server's internal IP address.  As for the secure e-mail, are you looking to use SSL with just OWA or everything?
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
LionoAuthor Commented:
ok do I need a seperate static IP address for the router and the exchange server?
0
 
omarfaridCommented:
What type of link you have?

Is your router capable of natting / patting?

0
 
rogerhuntCommented:
You will need a static external IP address from your ISP & you will need to set a static internal IP address on the server.  Then go into the router & forward the needed ports (at least SMTP port 25) into the server's IP address.
0
 
LionoAuthor Commented:
thanks i'll try that
0
 
LionoAuthor Commented:
I have added the static IP for the router and also configured the firewall to allow SMTP port 25 and DNS port 53 inbound and outbound I have added the MX record and A host to the forward lookup zone but when I run smtpdiag the follwoing error appears do I need to use an ISP dns or should my domain server pick up the DNS server?
in the DNS forward property box in have added the ISP dns name and IP addresses is this correct?

Z:\Server Software\SMTPDIAG\SmtpDiag>smtpdiag pjsoyza@sos-consultancy.co.uk psoy
za@mail.adsl4less.co.uk -d 195.74.113.58 /v

Searching for Exchange external DNS settings.
Computer name is SOS3.
VSI 1 has the following external DNS servers:
There are no external DNS servers configured.

Checking SOA for mail.adsl4less.co.uk.
Checking external DNS servers.
Checking internal DNS servers.

Checking TCP/UDP SOA serial number using DNS server [192.168.0.27].
TCP test succeeded.
UDP test succeeded.
Serial number: 2004082704
SOA serial number match: Passed.

Checking local domain records.
Starting TCP and UDP DNS queries for the local domain. This test will try to
validate that DNS is set up correctly for inbound mail. This test can fail for
3 reasons.
    1) Local domain is not set up in DNS. Inbound mail cannot be routed to
local mailboxes.
    2) Firewall blocks TCP/UDP DNS queries. This will not affect inbound mail,
but will affect outbound mail.
    3) Internal DNS is unaware of external DNS settings. This is a valid
configuration for certain topologies.
Checking MX records using TCP: sos-consultancy.co.uk.
Warning: The TCP DNS query returned no results.
Checking MX records using UDP: sos-consultancy.co.uk.
Warning: No MX or A records were found for the local domain. If the records are
not configured, incoming mail can fail to be delivered to this server.

Checking remote domain records.
Starting TCP and UDP DNS queries for the remote domain. This test will try to
validate that DNS is set up correctly for outbound mail. This test can fail for
3 reasons.
    1) Firewall blocks TCP/UDP queries which will block outbound mail. Windows
2000/NT Server requires TCP DNS queries. Windows Server 2003 will use UDP
queries first, then fall back to TCP queries.
    2) Internal DNS does not know how to query external domains. You must
either use an external DNS server or configure DNS server to query external
domains.
    3) Remote domain does not exist. Failure is expected.
Checking MX records using TCP: mail.adsl4less.co.uk.
Warning: The TCP DNS query returned no results.
Checking MX records using UDP: mail.adsl4less.co.uk.
Error: No MX or A records were found for the remote domain. Verify that the
remote domain is valid. Your firewall allows outbound DNS queries (Windows
NT/2000 Server requires TCP), and your DNS server can resolve external domains.
0
 
rogerhuntCommented:
You need to register your domain name with a registrar like Godaddy http://www.godaddy.com/gdshop/default.asp
After that, you will need to setup the Zones on the DNS servers that they provide you with.  It's not necessary to setup the zones on your internal DNS server for mail to flow in & out.
0
 
LionoAuthor Commented:
ok I have done this and when I run SMTP it seems it's all clear I can send a mail to an external e-mail but when I do a reply I get a 550 Relay not permitted. can any one help with this error as I have checked answers on the web and bloggs and cannot seem to phathom this problem
0
 
rogerhuntCommented:
You may need to set Exchange up to use a smart host.  Set the smart host to your internet providers email server & set the authentication if needed.  Here is more info on how to do this: http://www.amset.info/exchange/smtp-connector.asp
0
 
LionoAuthor Commented:
Ok now I stumped again. I have purhcased .COM site and my internal domain is a .CO.UK site.
the  .CO.UK site can send mail out but fails to recieve mail comming in I have set forwarding on the .COM site to goto the .CO.UK site but i get domain cannot be found for the .CO.UK site how do I make my .CO.UK site viewable to the rest of the world do I need to ask my new ISP to add an MX record on there DNS? I have been given 2 NS names for my new ISP where do add these on mt internal domain can any one help?
 
0
 
rogerhuntCommented:
You must register the .CO.UK site with a registrar.  In order for the email to flow there needs to be an MX record setup for the .CO.UK domain.  If you do not own the .CO.UK domain, then you cannot receive mail for it.  You can, however, set it up so mail will flow for your new .COM site.  If you want to setup the new .COM site in Exchange 2007, in the Management Console, go to Organization Configuration  --> Hub Transport, & select the Accepted Domains tab.  Right click & click New Accepted Domain.  Enter the domain name that you registered.  Make sure that you have the A & MX records for the new domain setup with whoever is hosting you DNS.
0
 
LionoAuthor Commented:
I am only useing exchange 2003 as I have brought a license for this I don't have exchange 2007. So both .COM and .CO.UK need to be registered? can I point my .CO.UK internal domain to the .COM external domain and revieve mail that way?
0
 
rogerhuntCommented:
You cannot use the .CO.UK for incoming mail unless you register the domain.  As for Exchange 2003, this will tell you how to set it up with your new domain name: http://support.microsoft.com/kb/268838  If you set the .COM address as the primary, your clients will send mail using the new .COM address.
0
 
LionoAuthor Commented:
Ok so now I have purchased a domain called SOS-Consultancy.co.uk and my domain is named the same as yuo said above. I can send internal and external mails but I cannot recieve them I have run SMTPDIAG and this is now what it says
Successfully connected to sos-consultancy.co.uk.
Connecting to sos-consultancy.co.uk [192.168.0.27] on port 25.
Connecting to the server failed. Error: 10061
Failed to submit mail to sos-consultancy.co.uk.
can you help
0
 
rogerhuntCommented:
OK  Setup an MX record on the freeola.net DNS servers to point to sos-consultancy.co.uk.  Ping your domain name to make sure that the reply is coming from your outside IP.   I was unable to connect to port 25 using that IP so there is probably a port forward issue on the router as well.
So basically, you need to make sure that you can connect to your outside IP on port 25 (test this from another internet connection somewhere else using telnet).  Then you will need the correct MX record.  There are already two setup but they are pointing to mx1.freeola.net & mx2.freeola.net.
0
 
LionoAuthor Commented:
ok so when I ping www.sos-consultancy.co.uk i get ping request could not find host. When i ping www.bbc.co.uk i get a reply. Surely I should get something as my domain is up and running according to Freeola. What will I have to do if Freeola willnot add my MX records on there DNS
0
 
rogerhuntCommented:
They are hosting your DNS so they should make any changes that you request.  You need to have them point your domain to your qoutside IP with an A record.  Then add an MX record pointing to the new A record.
0
 
LionoAuthor Commented:
ok apparently I cannot get this for two weeks as they are upgrading there servers so that the likes of me can add MX records our selves
0
 
rogerhuntCommented:
If they are unable to add the records to their servers then you will need to have someone else host your DNS.  freedns.afraid.org is a free DNS service that you could use until your registrar is able to add the records.  If you use another DNS provider you will need to setup their name servers under your domain registration.  Freedns name servers: NS1.AFRAID.ORG (67.19.72.206), NS2.AFRAID.ORG (66.252.1.255), NS3.AFRAID.ORG (72.20.25.134), NS4.AFRAID.ORG (67.18.179.15).  There are other free DNS providers out there as well.  This is just an example.
0
 
LionoAuthor Commented:
ok so I have signed up with freedns.afraid.org and have now configured my doamin to use the NS1.afraid.org and ns2.afraid.org do I need to now point my internal domain to point to these records? or do I put these in the forwarders in my internal dns
0
 
rogerhuntCommented:
OK.  Everything looks good so far.  You need to make sure that the DNS record listed below matches your outside IP.
mail.sos-consultancy.co.uk 1 A  --> 67.19.72.202
If this is the outside IP of your router, then mail should start flowing in.  You do not need to setup anything on your internal DNS server.
0
 
LionoAuthor Commented:
So Now I can send internal mail and OWA works internally but I get this error when I try and send externally. Before I couls send externally but not recieve from external mail
   psoyza@hotmail.co.uk on 23/03/2008 11:57
            There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator.
            <mail.sos1.SOS-Consultancy.co.uk #5.5.0 smtp;550 relay not permitted>
0
 
rogerhuntCommented:
Are you using Outlook to send using Exchange or are you attempting to relay through your exchange server using SMTP?  You will need to use outgoing authentication in your email client if you wish to use SMTP with your Exchange server.  The error is saying that you are attempting to relay through the Exchange server.
0
 
LionoAuthor Commented:
right I think I have fixed this as I can now send to an external mail address and it gets there but when I reply I get the following message it seems my e-mail server still cannot be located on the internet


This message was created automatically by mail delivery software.
A message that you sent has not yet been delivered to one or more of its
recipients after more than 60 minutes on the queue on smtp.hotchilli.net.

The message identifier is: 1JdRi8-0007em-Bq
The subject of the message is: test6
The date of the message is: Sun, 23 Mar 2008 15:02:11 -0000

The address to which the message has not yet been delivered is:

pjsoyza@sos-consultancy.co.uk

No action is required on your part. Delivery attempts will continue for
some time, and this warning may be repeated at intervals if the message
remains undelivered. Eventually the mail delivery software will give up,
and when that happens, the message will be returned to you.
0
 
LionoAuthor Commented:
I can now recieve mail and I can send internally but I cannot send externally this is really anoying me can any one help as I have researched this but cannot seem to find an answer. it seems to indicate an SMTP error which i have checked and I can telnet to sos1 port 25 all ok. other then that I have no idea whats happening can any one help
0
 
rogerhuntCommented:
Go to a command prompt on the server & type nslookup & press enter.  Then type set q=MX & press enter.  Finally, type mailinator.com.  You should get a response back similar to this:
mailinator.com  MX preference = 10, mail exchanger = mail.mailinator.com
mail.mailinator.com     internet address = 66.135.33.159
Try to telnet to mail.mailinator.com on port 25 from your server & see if you get a response.  The above will show that DNS is working correctly.  It sounds like it may be a DNS issue.
Do you have an SMTP connector setup under connectors in your First Routing Group?
0
 
LionoAuthor Commented:
this is the results od the mailinator I have also telneted into mail.mailinator.com and this is the result
220 mail.sogetthis.com ESMTP Postfix
quit
250 Ok
Connection to host lost.
C:\Program Files\Support Tools>
Below is the nslookup it seems to indicate a DNS error

C:\Program Files\Support Tools>nslookup
Default Server:  sos2.sos-consultancy.co.uk
Address:  192.168.0.27

> set q=MX
> mailinator.com
Server:  sos2.sos-consultancy.co.uk
Address:  192.168.0.27

DNS request timed out.
    timeout was 2 seconds.
Non-authoritative answer:
mailinator.com  MX preference = 10, mail exchanger = mail.mailinator.com

mail.mailinator.com     internet address = 66.135.33.159
>
0
 
rogerhuntCommented:
Do you have an SMTP connector setup under connectors in your First Routing Group?
0
 
LionoAuthor Commented:
yes
0
 
LionoAuthor Commented:
thank you all for your help figured it out DNS required forwarding when useing SMTP only
0
 
rogerhuntCommented:
Glad to hear it's working!
0
 
kodiakbearCommented:
Closed, 500 points refunded.
kb
Experts Exchange Moderator
0
All Courses

From novice to tech pro — start learning today.