Improve company productivity with a Business Account.Sign Up

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 502
  • Last Modified:

SBS2003 from POP3 connector to full service Exchange

i have SBS2003 server installed nad  working fine as DC, Exchange with pop3 connector behind DSL connection, sharepoint services and rest of bunch. Finaly company decited to invest in proper link so we can now "unleash" exchange in full power haha. Im planning to configure SBS to be a l mail server with domain hosted on it, no www , just MX, its behind Zywall35 UTM firewall with static IP.
Can i have some advices or howto first steps and what to do and not to do?
thx in advance!
5 Solutions
Alan HardistyCo-OwnerCommented:
Okay - first of all - make sure you open TCP Port 25 on your firewall and forward that to your SBS server.

Make sure you have Anti-Spam software installed and configured on your server otherwise you will get plenty of spam!

Change your MX records to point to your Fixed IP Address (assuming you have a fixed IP Address) e.g., MX = so you have to change the A record for MAIL on your domain to point to the IP Address of your server.

Make sure you call your ISP once you have change your MX records and get them to configure Reverse DNS to something like so that you don't get problem sending out mail as some will reject you if you don't.

After a week or so - ditch the POP3 collection.

You might also consider this:

Have your ISP configure al least one backup-SMTP server (most do). (MX with higher number).

But also consider this: Your provider and/or hosted anti-spam/anti-virus providers also have options to set NO MX records to your server. Instead, all mail is first send to your providers mailservers. They optionally filter/scan/archive or whatever service they provide, your email and then send the email to you (as long as  your server is on-line).
This way, you can open up port-25 not to the whole world, but only to the range where your provider's mailservers are. Just some extra security.

If your port-25 is open to the whole world, a small configuration flaw can turn your server inbto an open relay. If that happens, you'll not be sending mail for a while because you will get blocked very soon on a lot of SMTP-blacklists.

Good luck,

Thomas Roes
Also some messageing anti-virus licensing also have hosted anti-spam solutions. I know Trend Micro includes this. So double check before you spend money on a anti-spam solution.
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Cliff GaliherCommented:
I'm going to add some advice here that I haven't seen yet. While all the advice here is valid (checking ports, checking A/V, etc) when you change that MX record, you risk the chance of mail not getting delivered, and that is usually not a good thing.

When switching from pop3 to SMTP, I follow the following steps:

1) Check internal configuration (firewall, AV, etc) to best *estimate* that mail flow works.

2) I then add an A record for the server to the public DNS records (I do not yet change the MX record!)

3) While I'm in the public DNS records (usually hosted), I take note of the existing TTL of the MX record and change it to a very low number. For this example, lets say I change it from 3 days to 1 hour.

4) While usually not necessary to *receive* email, while you are in DNS, might as well check any SPF/SenderID records and make sure your new public IP is appropriately listed. This can be additive to any smarthosts and old servers so it won't impact the existing configuration.

5) I verify that the server *can* receive mail from the outside world by using This can be done *before* the MX record is changed because you now have an A record to test against. You can verify that mail comes in to a test account created for the purpose so you also know the pop3 connector was not in play (as the test account would not have a pop3 entry.)

6) After the old TTL has expired (so in this example, after 3 days has passed since the TTL was changed) I change the MX record to point to the new A record and change the TTL to a nice large number again (with today's DNS hosts, 1 day is my usual default.)

7) After an hour has passed (hence the reason for the change to a one hour TTL) you can safely disable the pop3 connector.

8) Now that you are receving email properly, you can also transition off smarthosts if that is your ultimate plan (usually a smarthost is used in tandem with a pop3 connector) and adjust your SenderID/SPF records accordingly removing old servers as you move away from them.

The purpose behind changing the TTL and then waiting the 3 days is to minimize the window where mail will be both directly delivered *and* still be coming down through the pop3 connector. If you have both running concurrently and someone reports a message has gone "missing" troubleshooting is very nasty and time-consuming. By waiting the 3 days (or old TTL more specifically) before switching the MX record, you are ensuring that mail is still *only* coming in via the pop3 connector, and then when you make the switch, because of the very short TTL, you are ensuring that the switch propogates quickly and that mail will quickly *only* be coming from SMTP servers.

Additionally, the added step of testing via before making the switch helps verify that your firewall and AV configuration are correct before making the MX change so that, if there *are* configuration issues, they are caught while mail is still coming down via pop3. It is a safety net to allow you to fully verify your configuration while avoiding the risk of delivery issues.

When done properly, the service interruption is insignificant, near seamless, and also nearly bulletproof.


bbmservisAuthor Commented:
hi all & sorry for inactivity , been gone for couple days.
thank you for all yours tips, all very helpfull.
1 more question, is it possible to have only MX on my box and WWW on different location(it is allready hosted elswhere and it is limited to Linux platform), is there somekind of limitation on SBS2003 Exchange?
Alan HardistyCo-OwnerCommented:
You can happily point your MX and WWW records to completely different IP addresses without any problems at all.

The only real limitation with SBS is the number of users it can handle (75 maximum).

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now