Whats up fellas?

As i continue my journey thru the worlds of technology, a new theme has popped up for me, called MS Exchange.

I just setup a new SBS 2003 Premium R2 server.

I have around 25 AD accounts, and Exchange is working well for internal mail (mydomain.local).

But i also have 5 external email accounts, given by our ISP (xxx@isp.net).
What is the best way of delivering the external mail to my users?


Right now, im doing it by setting up a new POP3 account on their Outlook clients.
But that sucks because everytime they create a new message they have to select the account they are going to use to send the message thru, and sometimes they forget about it, and its a hassle really.

So i read about connectors and the POP connectors seam easy to configure, but i was wondering about the SMTP ones, and how exactly that works.

Anyone care to explain this stuff on 3 or 4 lines?

TIA

The POP3 connector is just as simple as filling in the POP3 section of Outlook. You enter the ISPs POP3 server name, the user name, and the password...and you select the Exchange mailbox to deliver that users mail to.

The SMTP connector..you set that up to deliver to your ISPs SMTP server, or the mail hosts SMTP connector if you wish to use that. If you need to authenticate to that..there is a section to fill that in. If you need to customize the ports..you can also do that (such as from default port 25 to port 28)

You will need to change the users default SMTP address in ADUC to their POP3 e-mail address..unless your default active directory SMTP address is also legit.

Setting up the POP3 and SMTP connector is done when you run the "Connect to the Internet Wizard"...which you can run over and over and over again.

I'd also point out that you really should just bite the bullet and set up SMTP mail and dump the POP3 connector...there are a number of advantages to going that route

You may also want to invest in a book or two to help you get up to speed...

http://msmvps.com/blogs/bradley/archive/2005/02/07/35264.aspx

It might be easier on you to just buy a domain (yourcompany.com) and just have all the MX (mail) requests sent to your subdomain (exchange.yourcompany.com), which you would setup an MX record for pointing to your server's public IP address.

Then, ALL mail going to *@yourcompany.com would go to your server. You can manage all the accounts on the server at that point in time and not have to screw with connectors.

www.msexchange.org

you need a pop3 connector to have exchange down email from a provider unless your MX records point to your servers and you are the real host for the domain and not just downloading the emails from another host, only using an SMTP wont download messages from another host.


your main concern is security and properly locking things down.

I'd also point out that you really should just bite the bullet and set up SMTP mail and dump the POP3 connector...there are a number of advantages to going that route

You may also want to invest in a book or two to help you get up to speed...

http://msmvps.com/blogs/bradley/archive/2005/02/07/35264.aspx

However...one huge advantage to sticking with just the POP3 connector.
*Don't need to open/expose port 25 ...so your Exchange server isn't hanging it's arse out to the world begging to be dug into. For a small network that doesn't have someone experienced in Exchange...locking it down, and constantly monitoring it...it's a nice relief to not have to worry about it.

The default limitation of the POP3 connector checking for e-mail in as little as 15 minutes? Spend a 1 minute making one quick change in the registry...you can ratchet that down to a couple of minutes. Obviously for a larger network with many users who may get lots of mail..this isn't good to do, but for small networks with a couple of POP mailboxes getting checked...dropping this to 5 minutes isn't bad.

I actually intentionally do not do any open SMTP on any clients...I refuse to, I don't want the potential hassles of it. Where I don't use the POP3 connector...I use a partner of mine that does "smart hosting". The MX records form "myclient.com" point to his mail servers. His scrubbing servers remove viruses/worms/spam. His servers then forward them to the alias and IP of my clients. On my clients networks...I put an ACL on their router...to only accept port 25 from the 2x IP addresses of my partners mail servers. This way port 25 isn't hanging its K-Y'd butt out to the entire world.

I know you can set "only accept from" in SMTP properties..but I much prefer to set the ACL on their router..I'll take hardware ACLs over software any day of the week.

The SMTP connector..you set that up to deliver to your ISPs SMTP server, or the mail hosts SMTP connector if you wish to use that. If you need to authenticate to that..there is a section to fill that in. If you need to customize the ports..you can also do that (such as from default port 25 to port 28)

Thanks. I'm going to use my ISP's smtp server. It doesnt need auth because we're using their internet service.


You will need to change the users default SMTP address in ADUC to their POP3 e-mail address..unless your default active directory SMTP address is also legit.

I dont get this :( Whats a user default SMTP address. Whats ADUC. Whats my SMTP address, and how do i know if its legit/not legit?



It might be easier on you to just buy a domain (yourcompany.com) and just have all the MX (mail) requests sent to your subdomain (exchange.yourcompany.com), which you would setup an MX record for pointing to your server's public IP address.

Then, ALL mail going to *@yourcompany.com would go to your server. You can manage all the accounts on the server at that point in time and not have to screw with connectors.

Yeah that would be great! But buying the domain is planned only for the end of the year. And we're using these 5 email accounts from the ISP for more than 2 years now. Its not something that i can just throw away :(

When you create a user on your server...it's created in ADUC....Active Directory Losers...oops...:D Active Directory Users and Computers.

Sa you create the account for Joe Blow with username of jblow
The users default SMTP address will be jblow@mydomain.local assuming mydomain.local is your active directorys full name.

Under the users account properties on ADUC..you can add, change, edit, the primary e-mail address..and also set the default one. Say the persons additional POP3 e-mail address is jblow@hisisp.net and you set the POP3 connector to download that to his jblow@mydomain.local Exchange e-mailbox. By default..if he sends an e-mail out, the reply address will be jblow@mydomain.local. If someones goes to reply, they'll get an NDR, unless you've setup the domain, pointed MX, and RevDNS stuff. So..you can edit his accounts properties...add jblow@hisisp.net e-mail address..set it as his default, so when he sends..Exchange will puke out his e-mail with that correct address as the return.

Ooh, I know ADUC, I didnt know the acronym.

But thanks for being so explicit, i completely understood the message this time :)

One question:

.add jblow@hisisp.net e-mail address..set it as his default, so when he sends..Exchange will puke out his e-mail with that correct address as the return.

Does that cause any problem when sending messages, internally (ie to other coworkers) ??

Does that cause any problem when sending messages, internally (ie to other coworkers) ??

No...because you don't delete this original SMTP address, jblow@mydomain.local...you can create many SMTP addresses in ADUC...joeb@, joe@, blow@, josephine@....and Exchange will accept all of those and deliver them to him....Exchange will figure them out. You just set his public address as hit default one....which reflects on sending out.

No...because you don't delete this original SMTP address, jblow@mydomain.local...you can create many SMTP addresses in ADUC...joeb@, joe@, blow@, josephine@....and Exchange will accept all of those and deliver them to him....Exchange will figure them out. You just set his public address as hit default one....which reflects on sending out.

Thanks man, ill try that soon, and make sure to post the results here :D

Its-a-working!


I followed these steps:

1) Run Internet/Email Connection Wizard to set up POP3 Connector and SMTP settings.

2) Go to ADUC and add a new SMTP address (external) to the User properties, on "Email Addresses" tab. Also, make that new address Primary ("Set as Primary").

3) Follow the steps from http://support.microsoft.com/kb/842293 - Otherwise emails were not being delivered from the Exchange server to the users.


Thanks Stonecat. Your tips were unvaluable.




PS - I will post later, with some additional questions.

3) Follow the steps from http://support.microsoft.com/kb/842293 - Otherwise emails were not being delivered from the Exchange server to the users.


I noticed that after Step 3, a new SMTP address was added to ALL my SBS users (i saw this on User Properties via ADUC). This new address is something like johnnyblow@myisp.net where "johnnyblow" is a SBS username from the local domain. This is not the same address that i added on Step 2 (see above post)!


Anything wrong in this? Should i delete that entry?
I did on the 5 accounts i mentioned before, just to be on the safe side.

Without knowing the exact steps that you did...I'm going to bet a pint or two of Guinness that it's related to the "default recipient policy".

Go into a users properties in ADUC, E-Mail addresses tab. Note that checkbox on the bottom of the window..."Automatic update e-mail addresses based on recipient policy"

In "Server Management"...one of the places you can fiddle with recipient policies is...Advanced Management, <domainname>(Exchange) management, Recepients, Recipient Policies....right click properties over on "default policy" on right side.

Or just run the ICW again..that sets it.

However...on smaller networks with a handful of users..especially when only a few users use the POP3 connector...it's pretty much easier to uncheck that box on each users properties..so they don't use the default recip policy. And set your own..manually, for each user.

For large networks though..certainly easier to manage it via default recipient policy..for the entire directory.

6 of 1, half a dozen of the other...more than 1x way to skin a cat...

Thanks again Stonecat!!!

I'm leaving as it is right now (because it works), but will check into things and follow your newest suggestions later (when there's time).