?
Solved

Exchange 2003: Use both direct delivery and pop3

Posted on 2009-04-15
9
Medium Priority
?
516 Views
Last Modified: 2012-08-13
I'm finally at the point where a SBS2003 network need to use Exchange for direct delivery of incoming mail. Nowadays it used pop3-connector to recieve mail from a webhosting company.

In this fascinating spam-world this causes a lot of error because mail are sended through another host than it first was recieved from..

This pop3-connector is big enough that I can't handle and control the risc of loosing delivery of incoming mail. I want to have the pop3-connector behave just like normal while Exchange operating just normal with direct delivery. How do I do?

I understand that I could,
1. Set our external IP as lowest MX record 10, then use the webhostings e-mail MX as 20. Which will carry the mail if our exchange server not responding.
2. I need to SAT/NAT/Accept open port 25 for incoming traffic in the firewall?
3. What do I (best practic/basic) need to do for security in this case of direct delivery, that our webhosting doing automatically today?
4. If I run the CEICW and select the Exchange for direct delivery, is pop3-connector still working as usual (if it got any mail from the webhosting)
0
Comment
Question by:dingir
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
9 Comments
 
LVL 65

Accepted Solution

by:
Mestha earned 2000 total points
ID: 24147022
Ideally you need to stop using the POP3 connector completely.
When it comes to MX records as far as I am concerned they are all equal. Email will go to both. However, what you will find is that more spam goes to an MX record with a higher cost. Spammers target them on purpose.

You cannot have an IP address as the MX record, so you will need to set a host name up first, then use that as the MX record. You don't have to change anything in SBS to accept email, just open the port on the firewall. Once the MX records have updated email will come in and be delivered.

As for security, most ISPs, webhosting companies do close to nothing about email. Having seen what many of them do, I would never trust one of them with my email service again.
On your server you need to ensure that you have recipient filtering and the tarpit enabled. That should be set by default on SBS. http://www.amset.info/exchange/filter-unknown.asp

Simon.
0
 
LVL 1

Author Comment

by:dingir
ID: 24147161
Hi

Thank's for answer. The port is now open. the TARPIT and recipient filtering is (as i know) untouched. However I know that our Exchange is answering with no mailbox and out of office responders. I will check your link.

I  need to use pop3 connector to be sure that no message are being recieved that way. I'm not sure how to check if the e-mail are recieved through our exchange or through pop3?

Is there possible to check if I create a mailbox in exchange that does not exist on the webhosting?
0
 
LVL 1

Author Comment

by:dingir
ID: 24147201
TYPE      HOST                    DATA
MX         domain.com.          20 mx.domain.com.
A            mx.domain.com.    <external ip>
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 
LVL 65

Expert Comment

by:Mestha
ID: 24147245
If you maintain the POP3 accounts then you have to maintain two sets of accounts. It would be more efficient to drop the POP3 accounts completely by removing the web host from the MX records and then waiting at least 48 hours before doing anything with the POP3 mailboxes.

As for being able to tell if the POP3 connector is receiving email, all you could do is turn on logging on the connector and then look in the event viewer of the server to see how many emails are downloaded for each user.

Simon.
0
 
LVL 1

Author Comment

by:dingir
ID: 24147284
Thank's, I know it twice the job to set up mail boxes.. ;).


So.. I leave my new nice mx record and deactivate that points to the web hosting company. After a few hours/days the e-mail will going stright to the exchange.. In theory, when dns is activated, i should be able to send mail (from an external host) to a exchange connected SBS user that before only could recieve internal mail (because it has no account in sbs connector)?
0
 
LVL 1

Author Comment

by:dingir
ID: 24147416
I asking extra ordinary because I can't sit there in about 48 hours to understand that my exchange server rejecting all messages and have no backup through the pop3 connector..
0
 
LVL 1

Author Comment

by:dingir
ID: 24147479
Do I need to understand something about this, that are stored in my web  hostings dns table?

TXT        domain.com.       v=spf1 a mx

0
 
LVL 65

Expert Comment

by:Mestha
ID: 24147637
As long as the user accounts are valid in Exchange, then Exchange will accept the email. However during the propagation period you cannot control which server a remote server will send email to. It may send it to your web hosting company, it may send it to your Exchange server. Therefore it will be 48 hours before you can guarantee that all email is delivered to your Exchange server and email addresses not on the POP3 connector work for external senders.

That DNS record is an SPF record and should be updated to include your server.
There are instructions on how to change it on the SPF web site here:
http://www.openspf.org/
or at Microsoft here: http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

Simon.
0
 
LVL 1

Author Comment

by:dingir
ID: 24165357
Everything is transferred to exchange server and seems to works just fine! Next stop is installing antispam software for extra protection. Thank's a lot. I will start a new exchange-related question.
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The SBS 2011 release date (RTM) is supposed to be around Christmas, 2011.  This article is a compilation of my notes -- things I have learned first hand.  The items are in a rather random order, but I think this list covers most of what is new and d…
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question