Solved

Migrating from POP to SMTP and Exchange 2010 - Configuring Firewall and Send/Recieve Connectors

Posted on 2010-11-23
4
861 Views
Last Modified: 2012-05-10
Hello Experts,
My company currently uses POP email that is hosted by one of the larger carriers which of course is where my MX records are pointing.My users just check that mail with Outlook.It has been sufficient in the past but we are looking for some more functionality so I am in the process of migrating to Exchange 2010 and hosting our own email. My server is built and operational locally. Windows Server 2008 R2 running on a HP DL385 with almost a terabyte of storage.I've also allowed SMTP traffic to pass through my Firebox firewall. This same carrier offers a Secure Email Gateway that I plan to use to filter spam,etc. I realize of course that I will need to update our MX record to point to that gateway once I'm ready to switchover however they are recommending that I get my Exchange server fully operational prior to going through their gateway,which to me sounds like 2 MX record updates? Their reasoning is to insure I don't have any problemswith my Exchange box. I'm not using the Edge transport portion of Exchange.....anyway one of my questions concerns send and receive connectors. I would need both send and receive correct? Would this be my firewall or when I switch the Secure Email Gateway?  I'm not sure if I understand this concept. Sounds like a relay of sorts? I read somewhere online that I could configure my Outlook clients for both POP and SMTP where I'm sending using SMTP and Exchange and all my replies are coming back to our POP service provider and I can collect it as usual with Outlook and then remove the POP accounts one by one. If anybody has recomendations or suggestions on how I can simplify this task I would greatly appreciate it. I tried configuring an Exchange only Outlook client and attempted to send to an outside recipent but the message just sits in the Que saying it has no connector or something? Last Error: A matching connector cannot be found to route the external.
Thanks    
0
Comment
Question by:Kgrimm38
  • 2
  • 2
4 Comments
 
LVL 11

Expert Comment

by:JuusoConnecta
ID: 34205622
I have broken down your comment to give you my input in the matter

1.My company currently uses POP email that is hosted by one of the larger carriers which of course is where my MX records are pointing.My users just check that mail with Outlook.It has been sufficient in the past but we are looking for some more functionality so I am in the process of migrating to Exchange 2010 and hosting our own email. My server is built and operational locally. Windows Server 2008 R2 running on a HP DL385 with almost a terabyte of storage.I've also allowed SMTP traffic to pass through my Firebox firewall. This same carrier offers a Secure Email Gateway that I plan to use to filter spam,etc

The above sounds good.


2.I realize of course that I will need to update our MX record to point to that gateway once I'm ready to switchover however they are recommending that I get my Exchange server fully operational prior to going through their gateway,which to me sounds like 2 MX record updates?

Are you the one in charge of your web-registered domain, in other words do you handle your external DNS server ?
If the answer is yes and you have verified that your exchange 2010 server functions with the mail gateway, you wount need to have this setup for long. Though I understand the recommendation, considering there will be a small "co-existance period" with the company and your new exchange 2010 server, If I understood it correctly ?


3.Anyway one of my questions concerns send and receive connectors. I would need both send and receive correct? Would this be my firewall or when I switch the Secure Email Gateway?  I'm not sure if I understand this concept. Sounds like a relay of sorts?

Your send connector is the connector your exchange servers (the exchange servers that withholds the Hub transport role) use to send out mail to the internet (using your MX records or thru a smarthost, a smarthost could be a spam server for example)

Receive connectors are per exchange server defined (rather said per hub transport exchange server defined). By default when you install the hub transport role, two receive connectors are created. This is for your clients (outlook users for example), to send mail to your exchange server.
(If i explain it like this, an exchange server have several roles, cas, hub, mb. Unlike from exchange 2007 when a user connected to their exchange server mailbox, they did it by connecting directly to the mailbox role, now users first connect to CAS and cas queries a mailbox server asking which mailbox database holds the users mailbox. All incoming and outgoing, basically all mail flow goes thru the exchange servers that holds the hub transport role


4. I read somewhere online that I could configure my Outlook clients for both POP and SMTP where I'm sending using SMTP and Exchange and all my replies are coming back to our POP service provider and I can collect it as usual with Outlook and then remove the POP accounts one by one. If anybody has recomendations or suggestions on how I can simplify this task I would greatly appreciate it.

Outlook's are only applications for receive mail from different mail systems, mostly exchange. In outlook 2007 you can only have one exchange mailbox connected using SMTP (mapi connection from outlook to exchange server). The other "mailboxes" that you want to add (if they are within the same exchange organization you can just add another mailbox), however if they are mailboxes that resides in another exchange organization, or if it is another mailing system you will need to configure to setup this account onto the same mailprofil (mailprofile on outlook) using pop3 for example.


5.I tried configuring an Exchange only Outlook client and attempted to send to an outside recipent but the message just sits in the Que saying it has no connector or something? Last Error: A matching connector cannot be found to route the external.

If I were in your shoes, basically I would just try to get basic external -> internal mail flow and vice versa to work first, before entering the other problems configurations that you might have or want to modify. Make sure you have basic mail flow first.

Hope this sheed some light,

cheers
0
 

Author Comment

by:Kgrimm38
ID: 34208954
Thanks for all your input JuusoConnecta,

I am the one in charge of our  web-registered domain. I did verify that I can send email externally. I initially was trying to send to my personal comcast account which wasn't working so I went into the tracking and discovered the following:

Comcast requires that all mail servers must have a PTR record with a valid Reverse DNS entry. Currently your mail server does not fill that requirement.

I then tried sending to my hotmail account which worked fine and then to another outside address which was delivered sucessfully also. I guess some mail servers have this PTR requirement and some don't? What I'm really trying to do here is have my users send using Exchange and then collect their mail using their existing POP accounts that are already configured. Once I have done that my plan was to either edit or just add an additional MX record with a lower priority, so I don't risk losing anything if for some reason things go awry,that points to the outside interface of my firewall. Can I have 2 MX records for my domain that point to 2 different ip addresses? I'm just trying to limit the possibility of my users not being able to send or recieve email during this transition.
0
 
LVL 11

Accepted Solution

by:
JuusoConnecta earned 500 total points
ID: 34211121
1.I then tried sending to my hotmail account which worked fine and then to another outside address which was delivered sucessfully also. I guess some mail servers have this PTR requirement and some don't?

Your absolutely right. Some mail server require that your mail infrastructure has ptr records so the other mail systems / servers can do a reverse lookup. This is mostly to avoid spammers.
For more reading check out this article: http://support.microsoft.com/kb/300171


2.What I'm really trying to do here is have my users send using Exchange and then collect their mail using their existing POP accounts that are already configured

Like I mentioned before you can setup your exchange server, and have your users create a mailprofile on their respective outlook, then add another account (pop) to that mailprofile. So each user will have a mail profile with 2 accounts, one against your exchange server and one for the pop.


3.Once I have done that my plan was to either edit or just add an additional MX record with a lower priority, so I don't risk losing anything if for some reason things go awry,that points to the outside interface of my firewall. Can I have 2 MX records for my domain that point to 2 different ip addresses? I'm just trying to limit the possibility of my users not being able to send or recieve email during this transition.

Yes you can have 2 mx records for the same domain pointing against two different public ip addresses. Most companies have this, because imagine having a single mx record for single point of contact for mail communication, like a front-end server for example. If that front-end server would fail, all mail communication would fail, regardless if you have disaster recovery site, redundant server. Those does not really matter if your "single point of contact" goes down.


So your MX records should look like the following I assume ?

MX record for your domain with a cost 10 against pop accont
MX record for your domain with a cost 20 against your exchange server (public ip of your firewall or whatever you use as a front end)

Once all users have been setup with their mailprofil and everything is working for them and you've confirmed all the correct settings are applied on your exchange 2010 server, just modify your MX record, so that the mx record with the lower cost is the one against your exchange server.
0
 

Author Closing Comment

by:Kgrimm38
ID: 34214135
Excellent ! Thanks for your input JuusoConnecta!
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now