Link to home
Start Free TrialLog in
Avatar of laurencoull
laurencoull

asked on

Advice on Email settings in Exchange SBS2003

Using Exchange on SBS2003.
Without our say-so, our ISP moved us onto a new server called Office 365. Since then, every day a few people say they emailed us but it didn't get to us & they didn't get an NDR. Called ISP tech support who readily confirmed this was due to their system change and sent me instructions on what to change my POP & SMTP settings to, ie:
        You will need to setup a pop3 connector for each user setup as follows
·         Incoming Server: pop.outlook.com
·         Server Port: 995
·         Enable SSL
·         Username: Email address
For sending mail out you can either use smtp.outlook.com using Port 587 and Enable TLS encryption or you can just send the mail out via DNS provided you have  reverse DNS setup on your IP address


I managed to change the POP3 connectors to be as per their instructions with the exception of the 'Enable SSL' which I couldn't see a tick box for (any ideas here?).
Early indications are the incoming email failures have lessened but now getting outgoing failures. I hadn't altered these as there hadn't initially seemed to be a problem with mail out, only mail in. But on going into the ICW to do so, while it's clear where to change the smtp entry to smtp.outlook.com, there aren't settings for Port number or Enable TLS Encryption.
Another call to Tech Support got me the answer that the settings they gave me are geared for simple pc-based email client packages and not Exchange; they could assist me with Exchange but at a huge charge!
Anyhow, I dug a bit deeper into Exchange System Manager and found 2 places where I could specify Enable TLS:
1) Connectors/Small Business SMTP Connector/Advanced/Outbound Security
2) Servers/MyServer/Protocols/SMTP/Default SMTP Virtual Server/Delivery/Outbound Security
.....and one place  where I can change the Port to 587 (is currently 25):
Servers/MyServer/Protocols/SMTP/Default SMTP Virtual Server/Delivery/Outbound Connections

But this is out of my depth so I want to be sure I'm doing the right thing by changing these settings and won't have any knock-on effects.
As for the option "you can just send the mail out via DNS provided you have reverse DNS setup on your IP address", I haven't a clue how I could find out whether we have or not, but am not aware we have, so would rather not go down this route unless I have to.
ASKER CERTIFIED SOLUTION
Avatar of Frosty555
Frosty555
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Regarding incoming mail:

I strongly recommend you do NOT use the POP3 connector. It's meant as a bandaid solution while you migrate your systems over to Exchange. It was never meant to deliver the bulk of your organization's mail.  In this regard, you should ditch your ISP's POP3 services.

Instead, incoming mail should be delivered directly to an Email Gateway (which performs antivirus/antispam checking, store-and-forward in case your server goes down etc). Then the Email Gateway should be configured to relay mail directly to your Exchange server.

^^^ This means changing your domain's MX records to point at the Email Gateway.

Your Exchange server should be whitelist and always accept incoming mail from the gateway. For extra security, listen only on a nonstandard port (e.g. 587, 2525 etc.), and deny all other IP addresses, accepting connections ONLY from the Email Gateway's IP. This can be done at the firewall level, or directly in Exchange.

If your ISP gives you a dynamic IP address, use a service like DynDNS or NoIP.

This way, email is delivered directly to your Exchange server, arrives in real-time, and is properly scanned for spam/viruses, and there is less special configuration to set up new users.


My personal recommendation is to use Dyn's Email Gateway

http://dyn.com/email/dyn-email-gateway/

Others exist - such as GFI MailEssentials and Trend Micro Hosted Email Security.
SOLUTION
Avatar of Rob Williams
Rob Williams
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial