SBS2003 from POP3 connector to full service Exchange

Posted on 2011-03-21
Last Modified: 2012-05-11
i have SBS2003 server installed nad  working fine as DC, Exchange with pop3 connector behind DSL connection, sharepoint services and rest of bunch. Finaly company decited to invest in proper link so we can now "unleash" exchange in full power haha. Im planning to configure SBS to be a l mail server with domain hosted on it, no www , just MX, its behind Zywall35 UTM firewall with static IP.
Can i have some advices or howto first steps and what to do and not to do?
thx in advance!
Question by:bbmservis
LVL 76

Accepted Solution

Alan Hardisty earned 200 total points
ID: 35180863
Okay - first of all - make sure you open TCP Port 25 on your firewall and forward that to your SBS server.

Make sure you have Anti-Spam software installed and configured on your server otherwise you will get plenty of spam!

Change your MX records to point to your Fixed IP Address (assuming you have a fixed IP Address) e.g., MX = so you have to change the A record for MAIL on your domain to point to the IP Address of your server.

Make sure you call your ISP once you have change your MX records and get them to configure Reverse DNS to something like so that you don't get problem sending out mail as some will reject you if you don't.

After a week or so - ditch the POP3 collection.


Assisted Solution

Thomas_Roes earned 100 total points
ID: 35180995
You might also consider this:

Have your ISP configure al least one backup-SMTP server (most do). (MX with higher number).

But also consider this: Your provider and/or hosted anti-spam/anti-virus providers also have options to set NO MX records to your server. Instead, all mail is first send to your providers mailservers. They optionally filter/scan/archive or whatever service they provide, your email and then send the email to you (as long as  your server is on-line).
This way, you can open up port-25 not to the whole world, but only to the range where your provider's mailservers are. Just some extra security.

If your port-25 is open to the whole world, a small configuration flaw can turn your server inbto an open relay. If that happens, you'll not be sending mail for a while because you will get blocked very soon on a lot of SMTP-blacklists.

Good luck,

Thomas Roes
LVL 13

Assisted Solution

connectex earned 100 total points
ID: 35182121
Also some messageing anti-virus licensing also have hosted anti-spam solutions. I know Trend Micro includes this. So double check before you spend money on a anti-spam solution.
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

LVL 57

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 100 total points
ID: 35184779
I'm going to add some advice here that I haven't seen yet. While all the advice here is valid (checking ports, checking A/V, etc) when you change that MX record, you risk the chance of mail not getting delivered, and that is usually not a good thing.

When switching from pop3 to SMTP, I follow the following steps:

1) Check internal configuration (firewall, AV, etc) to best *estimate* that mail flow works.

2) I then add an A record for the server to the public DNS records (I do not yet change the MX record!)

3) While I'm in the public DNS records (usually hosted), I take note of the existing TTL of the MX record and change it to a very low number. For this example, lets say I change it from 3 days to 1 hour.

4) While usually not necessary to *receive* email, while you are in DNS, might as well check any SPF/SenderID records and make sure your new public IP is appropriately listed. This can be additive to any smarthosts and old servers so it won't impact the existing configuration.

5) I verify that the server *can* receive mail from the outside world by using This can be done *before* the MX record is changed because you now have an A record to test against. You can verify that mail comes in to a test account created for the purpose so you also know the pop3 connector was not in play (as the test account would not have a pop3 entry.)

6) After the old TTL has expired (so in this example, after 3 days has passed since the TTL was changed) I change the MX record to point to the new A record and change the TTL to a nice large number again (with today's DNS hosts, 1 day is my usual default.)

7) After an hour has passed (hence the reason for the change to a one hour TTL) you can safely disable the pop3 connector.

8) Now that you are receving email properly, you can also transition off smarthosts if that is your ultimate plan (usually a smarthost is used in tandem with a pop3 connector) and adjust your SenderID/SPF records accordingly removing old servers as you move away from them.

The purpose behind changing the TTL and then waiting the 3 days is to minimize the window where mail will be both directly delivered *and* still be coming down through the pop3 connector. If you have both running concurrently and someone reports a message has gone "missing" troubleshooting is very nasty and time-consuming. By waiting the 3 days (or old TTL more specifically) before switching the MX record, you are ensuring that mail is still *only* coming in via the pop3 connector, and then when you make the switch, because of the very short TTL, you are ensuring that the switch propogates quickly and that mail will quickly *only* be coming from SMTP servers.

Additionally, the added step of testing via before making the switch helps verify that your firewall and AV configuration are correct before making the MX change so that, if there *are* configuration issues, they are caught while mail is still coming down via pop3. It is a safety net to allow you to fully verify your configuration while avoiding the risk of delivery issues.

When done properly, the service interruption is insignificant, near seamless, and also nearly bulletproof.



Author Comment

ID: 35331011
hi all & sorry for inactivity , been gone for couple days.
thank you for all yours tips, all very helpfull.
1 more question, is it possible to have only MX on my box and WWW on different location(it is allready hosted elswhere and it is limited to Linux platform), is there somekind of limitation on SBS2003 Exchange?
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 200 total points
ID: 35331359
You can happily point your MX and WWW records to completely different IP addresses without any problems at all.

The only real limitation with SBS is the number of users it can handle (75 maximum).


Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to:…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question