Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


SBS2003 from POP3 connector to full service Exchange

Posted on 2011-03-21
Medium Priority
Last Modified: 2012-05-11
i have SBS2003 server installed nad  working fine as DC, Exchange with pop3 connector behind DSL connection, sharepoint services and rest of bunch. Finaly company decited to invest in proper link so we can now "unleash" exchange in full power haha. Im planning to configure SBS to be a l mail server with domain hosted on it, no www , just MX, its behind Zywall35 UTM firewall with static IP.
Can i have some advices or howto first steps and what to do and not to do?
thx in advance!
Question by:bbmservis
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 76

Accepted Solution

Alan Hardisty earned 800 total points
ID: 35180863
Okay - first of all - make sure you open TCP Port 25 on your firewall and forward that to your SBS server.

Make sure you have Anti-Spam software installed and configured on your server otherwise you will get plenty of spam!

Change your MX records to point to your Fixed IP Address (assuming you have a fixed IP Address) e.g., MX = mail.domain.com so you have to change the A record for MAIL on your domain to point to the IP Address of your server.

Make sure you call your ISP once you have change your MX records and get them to configure Reverse DNS to something like mail.domain.com so that you don't get problem sending out mail as some will reject you if you don't.

After a week or so - ditch the POP3 collection.


Assisted Solution

Thomas_Roes earned 400 total points
ID: 35180995
You might also consider this:

Have your ISP configure al least one backup-SMTP server (most do). (MX with higher number).

But also consider this: Your provider and/or hosted anti-spam/anti-virus providers also have options to set NO MX records to your server. Instead, all mail is first send to your providers mailservers. They optionally filter/scan/archive or whatever service they provide, your email and then send the email to you (as long as  your server is on-line).
This way, you can open up port-25 not to the whole world, but only to the range where your provider's mailservers are. Just some extra security.

If your port-25 is open to the whole world, a small configuration flaw can turn your server inbto an open relay. If that happens, you'll not be sending mail for a while because you will get blocked very soon on a lot of SMTP-blacklists.

Good luck,

Thomas Roes
LVL 13

Assisted Solution

connectex earned 400 total points
ID: 35182121
Also some messageing anti-virus licensing also have hosted anti-spam solutions. I know Trend Micro includes this. So double check before you spend money on a anti-spam solution.
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

LVL 59

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 400 total points
ID: 35184779
I'm going to add some advice here that I haven't seen yet. While all the advice here is valid (checking ports, checking A/V, etc) when you change that MX record, you risk the chance of mail not getting delivered, and that is usually not a good thing.

When switching from pop3 to SMTP, I follow the following steps:

1) Check internal configuration (firewall, AV, etc) to best *estimate* that mail flow works.

2) I then add an A record for the server to the public DNS records (I do not yet change the MX record!)

3) While I'm in the public DNS records (usually hosted), I take note of the existing TTL of the MX record and change it to a very low number. For this example, lets say I change it from 3 days to 1 hour.

4) While usually not necessary to *receive* email, while you are in DNS, might as well check any SPF/SenderID records and make sure your new public IP is appropriately listed. This can be additive to any smarthosts and old servers so it won't impact the existing configuration.

5) I verify that the server *can* receive mail from the outside world by using testexchangeconnectivity.com. This can be done *before* the MX record is changed because you now have an A record to test against. You can verify that mail comes in to a test account created for the purpose so you also know the pop3 connector was not in play (as the test account would not have a pop3 entry.)

6) After the old TTL has expired (so in this example, after 3 days has passed since the TTL was changed) I change the MX record to point to the new A record and change the TTL to a nice large number again (with today's DNS hosts, 1 day is my usual default.)

7) After an hour has passed (hence the reason for the change to a one hour TTL) you can safely disable the pop3 connector.

8) Now that you are receving email properly, you can also transition off smarthosts if that is your ultimate plan (usually a smarthost is used in tandem with a pop3 connector) and adjust your SenderID/SPF records accordingly removing old servers as you move away from them.

The purpose behind changing the TTL and then waiting the 3 days is to minimize the window where mail will be both directly delivered *and* still be coming down through the pop3 connector. If you have both running concurrently and someone reports a message has gone "missing" troubleshooting is very nasty and time-consuming. By waiting the 3 days (or old TTL more specifically) before switching the MX record, you are ensuring that mail is still *only* coming in via the pop3 connector, and then when you make the switch, because of the very short TTL, you are ensuring that the switch propogates quickly and that mail will quickly *only* be coming from SMTP servers.

Additionally, the added step of testing via testexchangeconnectivity.com before making the switch helps verify that your firewall and AV configuration are correct before making the MX change so that, if there *are* configuration issues, they are caught while mail is still coming down via pop3. It is a safety net to allow you to fully verify your configuration while avoiding the risk of delivery issues.

When done properly, the service interruption is insignificant, near seamless, and also nearly bulletproof.



Author Comment

ID: 35331011
hi all & sorry for inactivity , been gone for couple days.
thank you for all yours tips, all very helpfull.
1 more question, is it possible to have only MX on my box and WWW on different location(it is allready hosted elswhere and it is limited to Linux platform), is there somekind of limitation on SBS2003 Exchange?
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 800 total points
ID: 35331359
You can happily point your MX and WWW records to completely different IP addresses without any problems at all.

The only real limitation with SBS is the number of users it can handle (75 maximum).


Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
New style of hardware planning for Microsoft Exchange server.
how to add IIS SMTP to handle application/Scanner relays into office 365.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question