[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 221
  • Last Modified:

exchange 2003 dns / smtp changes

i have an exchange 2003 server on sbs.  it's currently setup to send and receive only through googles postini spam filter service.  i'm getting rid of postini and want to make sure i'm doing everything correct.  here's my list of what i need to do

1. change smtp connector settings to use DNS to route instead of forwarding through postini smart host

2. change smtp virtual server connection control under access tab to allow all ip addresses to access this server (i'm not sure on how to allow all here, as my choices are; only the list below or all except the list below) also i'm not sure if this is best practice or not

3. change any firewall settings to allow external connections to exchange

4. change mx records for my mail domain to point to my server instead of the postini server

my quetions are:
1. is what i listed above best practice?

2. do i have to make changes to my reverse pointer with my isp. right now my servers ip address points to my mail domain which i believe is correct and should remain unchanged

3. how to i setup exchange to accept connections from all ip's under note #2 above?

4. is there anything that i'm missing?
0
scraby
Asked:
scraby
1 Solution
 
xtermCommented:
1.  What you've listed is minimal practice just to get it working... there's not really anything here that is considered optional.  Just keep in mind when modifying the firewall that you probably want to leave everything else blocked in the firewall except for the ports you want to expose (25/tcp of course, but 443 if you want to allow Webmail externally, 465/587 if you want to allow authenticated SMTP, etc.)

2.  The only thing that matters about your inverse record is that it matches the forward A record.  So if your MX record is mail.yourdomain.net and it resolves to x.x.x.x, then you need to make x.x.x.x resolve back to mail.yourdomain.net - if they already match, there's nothing to be done.

3.  Choose all except the list below, and leave it empty if you have no hosts to block.

4.  Shouldn't be - I figure originally you probably only had to toggle a few things to get it to work with Postini, and now you're just changing them back.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now