Setting up a small business mail server...?

shrumhead

Gawd
Joined
Feb 11, 2002
Messages
531
I work as a paralegal in a small law firm (4 people) and I also moonlight as the IT person in the office. I'm not a network professional by any stretch of the imagination but before I began working as a paralegal, network administration was the path I was walking.

I learned enough to understand the basics of a file/fax/application/backup/print servers and got those setup here in our small office. I also had a bit of training with active directory but again, I wouldn't exactly call that training extensive, nor do we have an active directory here at the office. We operate as a simple workgroup.

In our office, we all use yahoo/gmail for our emailing needs and while it suits us just fine, it does look rather unprofessional to put on a business card or give out to other attorneys/law professionals. I would like to setup a mail server so that we can have centralized archiving and a professional looking email address.

We have a server running windows server 2003 / SBS 2003 and a static external ip address from our ISP.

I've done a bit of searching around and I would prefer not to pay some hosting site an absurd amount of money per address. What would be the best way for me to go about setting up a mail server for our small business? Should we host it on site since we have a static ip? We have plenty of space on the server, 3TB free to be exact. We also have plenty of bandwidth to spare.

Would it be easier to rent space from a hosting service and run the server from there? How would that work?

I would have no problem doing my research and setting up an exchange server if yall feel that would be the best way to go. Its not like we need the server up and running this week. I guess what I really need is a place to start.

Thank for any help yall can provide =D
 
While I have done some SBS 2003/2008 work I am by no means an expert. If you have an SBS 2003 server then you already have Exchange and the ability to host your own e-mail. But, to do so will entail a certain level of risk in exposing that server to direct connections from outside entities. Also consider this. If e-mail is a critical communication path for the firm then having your e-mail hosted may be worthwhile. Should your connection drop or, heavens forbid, your server die, then you will still be able to communicate.
 
Small Business Servers are what I mostly work with....as what I do for a living is setup/install/manage networks for small businesses.

It's a great server suite for a small business. Lots of useful tools such as internal collaboration with Outlook, public folders. Access to e-mail remotely, Web Access, Remote Web Workplace portal to get to your workstations from home, etc.

Anyways..onto e-mail. Yes you can setup your own e-mail...you can change your Exchange settings with a default recipient policy so that Exchanges handles e-mail for @shrumhead.com or whatever. And you can register shrumhead.com as a domain, and point the MX record to your static IP address of the office network, forward port 25 to your Exchange server, setup outgoing e-mail to shoot out to the internet..and it will start working. Years ago it was basically that simple.

However....these days we have insane spam, and stringent rules with spam, and script kiddies trying to hack into any SMTP service they find out on the internet and turn your mail server into a spambot. You'll soon find your inboxes are stuffed with 99.9% spam, viruses, worms, and you'll find that many recipients that you send e-mail to will reject your e-mail as spam.

You can tackle some of this by getting a UTM appliance to sit in front of your server and filter spam/viruses, or installing a 3rd party anti spam and antivirus software on the server. And you can fix most of the people rejecting your e-mail as spam by learning about a-records, reverse dns, PTRs...and taking care of that with your DNS and with your ISP. And setting up SMTP forwarding to your ISP will take care of a good chunk of that.

However...and this is my opinion, and has become my standard "best practice"...don't do this. Instead...find an SMTP smart host/mail bastion. Meaning...a service like Postini, or MXLogic, or Appriver....there are quite a few others too.

We actually have so many clients with Exchange...it became worth it to setup our own service..we filter e-mail for clients...through our office.

The advantage to this type of setup..is many fold:
*The MX record points to the IP of the service that you use....they "scrub/wash" your e-mail...removing spam/viruses, and then the remaining clean mail is passed onto the public IP of your network. Less traffic on your internet pipe.....less processing of your server, less space used on your server, and you don't need to purchase spam filtering software, install, and bog down...your mail server.
*You set your mail servers SMTP service to ONLY accept incoming traffic from the IP(s) of your mail host...which closes your mail server to the rest of the world..and the script kiddies. MUCH more secure. Your mail server isn't sticking it's SMTP service out to the whole world wide open with vasoline on it screaming "please take me..hack into me!" Plus...if your edge firewall allows it..you can further lock down port 25 on that also.
*You set your outgoing SMTP connector to send outgoing e-mail to your mail hosts servers. So you don't have to worry about RevDNS and getting on spam blacklists, etc. People are much more likely to receive your outgoing e-mail.

Overall..just a much more reliable setup. Cost a little bit of money? Yes! But...you're a law office, isn't reliable e-mail important to you and your business?
 
While I have done some SBS 2003/2008 work I am by no means an expert. If you have an SBS 2003 server then you already have Exchange and the ability to host your own e-mail. But, to do so will entail a certain level of risk in exposing that server to direct connections from outside entities. Also consider this. If e-mail is a critical communication path for the firm then having your e-mail hosted may be worthwhile. Should your connection drop or, heavens forbid, your server die, then you will still be able to communicate.


I see your point and it is extremely valid. Our lawyers/paralegals access the servers 24/7... things come up in this industry =D

I have a question about the difference between strictly email address hosting and web hosting on a hosting site like networksolutions.com.

They charge a certain amount of money PER address for the plans that are strictly email hosting... then when you look at their "web hosting", listed under the details it says "1000 email boxes".

If we were to purchase a web hosting plan, what steps would need to be taken to setup email that way instead of the email address hosting plan where you have to pay per box?

Also, what are the major differences between the two methods?

EDIT:: @YeOldeStonecat, wow! Thanks for all that great information! I'm going to have fun doing my research on all that! Thanks!
 
Last edited:
As others have said you can setup your own email with exchange. I wrote a guide on how to get Exchange up and sending/recieving email. I used it here at work and for the past 2 years we havent gotten a single ounce of spam. This is all with out an extra UTM taking up space to block spam traffic. If you leave your smtp server wide open youll get blacklisted in less than a week. However the guide shows you how to lock it down. The guide is for Exchange 2007. I just need to go hunting for that post....

*EDIT*

http://hardforum.com/showpost.php?p=1036600930&postcount=33

here you go. this will get your exchange up and going in under an hour. and you shouldnt see an ounce of spam other than junk people sign up for on their own.
 
Last edited:
As others have said you can setup your own email with exchange. I wrote a guide on how to get Exchange up and sending/recieving email. I used it here at work and for the past 2 years we havent gotten a single ounce of spam. This is all with out an extra UTM taking up space to block spam traffic. If you leave your smtp server wide open youll get blacklisted in less than a week. However the guide shows you how to lock it down. The guide is for Exchange 2007. I just need to go hunting for that post....

I would be very grateful for that guide! I'm doing research now on the options that YeOldeStonecat presented. I definitely want to understand all options before I make a proposal to my boss.
 
Don't forget to think about user access too. Are they going to be accessing only from computers in the office or are you looking at a mix of of office, remote laptop, and Blackberry/smart phone. The first two are fairly easy but adding phone syncing into the mix can get complicated quickly.
 
I would be very grateful for that guide! I'm doing research now on the options that YeOldeStonecat presented. I definitely want to understand all options before I make a proposal to my boss.

I edited my other post. The guide is a little old and even goes as far as to show how to enable pop/imap. I wrote all this down because its not like I setup (3) or even manage (1) exchange servers on a daily basis. The only time I ever go into the console here at work is when something isnt working, or I add/delete a user.
 
Since you are a law firm, it's worth consulting a lawyer (ba dum tish) about whether you should have in house email that's 100% under your control.. not to say you can't outsource to a trustworthy location.

If a host is advertising a per mailbox rate it usually means they are offering hosted Exchange, which offers you a lot more features like shared calenders, global address books etc. However a $10/month web hosting company will still offer dozens if not unlimited mailboxes. Most of them will include IMAP which lets your computer, laptop, tablet and phone all have a synchronized mailbox. You'll get webmail access too. (Exchange would have web and IMAP as well) You can use the website portion of your account or not. Even if you don't use web hosting at least put up a single webpage with your business information, in case someone types in your domain when they see it at the end of your email address.

As with anything you'll have to weigh the pros and cons of something like this, things like 365/24/7 reliability and dealing with keeping your domain from being blacklisted by anti-spam systems..
 
I would be very grateful for that guide! I'm doing research now on the options that YeOldeStonecat presented. I definitely want to understand all options before I make a proposal to my boss.

Realize that you're on Exchange 2003..the guide above is for Exchange 2007. You'll have a hard time trying to follow that if you're sitting in front of your ESM (Exchange System Manager).

E2K7 is a bit more secure than E2K3..which itself was quite a bit more secure and resistant to open relay than E2K. Also the antispam built into E2K7 is a bit better....that requires a bit more setting up, but running alone, I would not consider relying on that alone, nor the anti spam built into 2K3 which again is what you have. And the "accept from any IP address" illustrated in that is allowing your Exchange to hang outside wide open. And there are a few steps that I do to lock down E2K3.
 
And the "accept from any IP address" illustrated in that is allowing your Exchange to hang outside wide open.

This has to be done otherwise your server wont accept mail from anybody. You cant possibly enter every IP address for every known good server on the internet. This is what blacklists are for.

Ideally in larger deployments youd have an edge transport server dealing with this and only that server's IP address would be entered into your receive connector.

If you have something to add to the "guide" id be more than happy to edit it. Indeed this guide is for 2007. thankfully I was never tasked with setting up a 2003 install. If I remember correctly 2003 sends mail ootb where as 2007 doesnt. The gui will be different but the theory is the same though.
 
This has to be done otherwise your server wont accept mail from anybody.

Correct, but it's also why one of the several reasons I endorse, and practice, using an outside host. For a larger company with a full time IT staff to monitor and maintain a mail server....that's not that bad to stick a Microsoft servers butt out in the wild like that. But for a small biz, where it's not a trained IT guy maintaining the server, and it's not his full time job...nor even barely a part time job...that's the VERY last thing you want to do is expose a Microsoft server like that. A law firm inviting a compromised mail server? Yikes! You set your SMTP accept connections from to internal LAN resources needed, and to your mail hosts IP(s). And layer on hardware ACLs on the edge. Now you're comfy.

But back to the OP, he's dealing with "SBS" 2003...which is different from even vanilla E2K3...because SBS bundles in its own special connectors for both incoming and outgoing.
 
If you want to avoid the hassle of managing a mail server you might want to look into a hosting solution like US Internet which can include securence spam filtering. They can do hosted exchange or even pop3 which is really cheap.
I don't think network solutions offers spam protection which can become annoying and a security threat.
 
Great thread! This might be a stupid question, but as some suggested (at least I think), why not a hosted exchange or better yet google apps? Just wondering why or why wouldn't it work, or any drawbacks.

Edit: Well one reason would be because a website hosting company was never mention lol but I would have to assume the firm has a basic website at least?
 
You have to be nuts to want the hassle of running an email server. When spam quixote jr decides to blacklist your entire ISP, it's an emergency. An "important" address ends up blacklisted because the sender likes to spice up his "stationary" with chinese characters? Emergency. After you've explained for the 15th time that you have no idea why a message never reached its destination, or why anyone can put anything they want in the sender field and there is absolutely nothing you can do when someone starts "using our domain to make us look bad", you still feel like a complete moron for having to say it. Then there's the inevitable all-night showdown with the bounced message that was sent to a non-existent address, but would require days of bureaucratic inveiglement to have re-sent.

Email is garbage. It's an essential service that is completely broken by design. Go with hosted exchange or google apps now before people get used to the convenience of having email integrated in a domain. Everyone will be glad that there's someone else to blame when things go wrong.
 
For just a few people, unless you really want to deal with the IT stuff, I'd look at google apps or BPOS. Costs you around $50 a month, and gets rid of a big headache.
 
I would also say googleapps is well worth it with postini if you can strech to it to archive all mail (must be needed for a law firm?)
 
I knew very little about Google Apps for business when I made this post earlier this morning. From what I've seen, it looks like the best option for our small business. After reading all the comments and doing some research about hosting in-house vs remote hosting with filter relays, it looks like Google Apps is going to give us the biggest bang for our buck.

We're going to go ahead and do the 30 day free trial but considering that half of us already use Google Mail and 100% of us use Google's calendar as our main office calender, I think we have found our solution.

Thanks to everybody who helped today!

PS. The amount of resistance I was getting from the two Yahoo users when I casually mentioned the potential change to Google Apps was hysterical =P
 
Google is one of the very few things that makes me wear a tinfoil hat. But its not like its not warranted given their history.
 
Care to elaborate? I feel like i may have missed something, which is easy to do given that google makes headline news just about everyday.

In the IT world it has been common knowledge for years that google doesn't really share your best interest when it comes to security.

But to the general public I was under the impression they are unblemished as a brand and their history is clean. Their stock price reflects this as well.
 
Go Exchange. Sign up for Postini (THROUGH A RESELLER) so you actually have support, get Static IP from your ISP.

Point MX to Postini, Point Postini to your static ip at the office
Open port 25
Run the Internet Connection Wizard in SBS 2003
Google the guide for Postini Outbound, configure and test
 
Another vote for Google Apps for Business. If you're just a small office with a limited IT budget, it can't be beat. I'm sure your boss(es) hired you to be a paralegal, not an IT consultant! Couple that with the fact that I'd hate to have to report to a lawyer if/when the mail server crashes and he isn't getting his email.
 

I'm testing the beta right now, it's pretty damn good. We've actually got a full Exchange and Sharepoint env internally, but its woefully out of date and we'd need to spend a fortune on licensing when upgrading. So instead I'm going to migrate us to 365 as soon as it's available. Cost wise, about 4 years of 365 equals the cost of buying Exchange 2010 + necessary CALs for 25 people. So pricewise it will be more expensive in the long run (I'd expect 2010 to last me 5+ years), but that doesn't factor in of the extras like reduced backups, reduced storage requirements, no patching, etc...

Hell, they may even save a chunk of cash by not needing a full time IT guy. Oops, just designed myself out of a job. :)
 
Hell, they may even save a chunk of cash by not needing a full time IT guy. Oops, just designed myself out of a job. :)

I think that's the thing which will hold back a lot of us that do SMB consulting for a living...the fact that having some clients "go to the cloud" will reduce their need for us.
 
your going have to weight the cost between up keeping the server vs google apps and just a heads up I do believe you can get 50 free users and after 50 its going to cost you like 2-3 dollars per user per year. Correct me if I am wrong about this.
 
Actually, at the beginning of May, Google changed their TOS so that the free Google Apps service will only allow you to have up to 10 mailboxes... Though those who were using the service before the changes are grandfathered in and can continue to have 50 mailboxes under the free service. :)

Even so, 10 mailboxes is still a pretty good deal for a free service!
 
Back
Top