Connecting Exchange Server to the Internet
Introduction
www.tartoos.com
Connecting Microsoft® Exchange Server to the Internet is a very quick and
simple process. Exchange Server 4.0 supports the Simple Mail Transfer
Protocol (SMTP) through the Internet Mail Connector, and Exchange Server
5.0 supports SMTP, POP3, HTTP, and Network News Transfer Protocol (NNTP)
natively. This white paper covers the minimal steps you need to follow to
configure this support. The format is equally minimal—no explanation or
justification of any of the steps is included. For further information on
any of these steps, you should consult the materials indicated in the last
section. www.tartoos.com
Before You Begin
Make sure that the Exchange Server that you intend to connect to the
Internet is running properly. Exchange clients with mailboxes on this
server must be able to send mail to each other. Also make sure that the
TCP/IP network protocol is installed on the server. If you are configuring
Exchange Internet support on a server that is already connected to the
Internet through your corporate local area network (LAN), you can skip to
step 3 below. Otherwise, follow steps 1 and 2 to set up a very basic
Internet connection:
www.tartoos.com
-
Contact an Internet Service Provider
(ISP). You can find their advertisements in the business section of your
local newspaper or in the Yellow Pages under "Internet." Tell them you
want to set up a permanent connection to the Internet, that you will be
running your own SMTP, HTTP, and NNTP servers, but that you want them to
run Domain Name Service (DNS) for you. They will want to know what sort
of hardware and software you are using on your LAN, whether you need a
router and CSU/DSU, and what speed connection you need. Unless you know
differently, tell them you want to buy the connection hardware from
them, that you want a connection guaranteed at 56 Kbps, and a fixed
Class "C" IP address. In addition, tell them that you want them to take
care of all the logistics, including working with the local telephone
company for the line, registering your domain name, and configuring your
router. Pick a domain name for your email (such as company.com), and a
name for your mail server (such as mail.company.com).
www.tartoos.com
If you believe you will have very heavy Internet traffic, you might want
to get a higher speed connection, but that will cost significantly more.
Most ISP's will recommend a higher speed link if you tell them you will
be running a news server, but that is not really necessary if you will
only be pulling down a few newsgroups. You can also run your own DNS,
but that is outside the scope of this document.
www.tartoos.com
If you can’t cost-justify a full-time connection, you can tell the ISP
that you will be dialing up on a periodic basis to download mail. In
that case, you should set up Remote Access Service (RAS) on your
Exchange server and create a phone book entry for their Point of
Presence (POP). You should consider an ISDN connection, but a modem
connection can also work for low-volume situations.
For more details on these steps, see "Appendix A, Connecting with an
Internet Service Provider," in reference (A) below.
-
Once the ISP has set up your account, the phone company has installed
the line, and the ISP has delivered and installed any hardware you are
buying from them, you may need to reconfigure the IP addresses on your
LAN to match the Class "C" address obtained by the ISP. Do this before
continuing. www.tartoos.com
-
You are now ready to begin configuring
your Exchange Server. Do the following tests from a command prompt
running on the Exchange Server. If you have a full-time connection to
the ISP, you can proceed to this step immediately; if you have a dial-up
connection, connect to the ISP over RAS before you try this step. At
this point, test connectivity to the Internet by pinging a known
host—for example, the Microsoft server at 131.107.1.240. The following
shows a successful result:
www.tartoos.com
C:\users\default>ping 131.107.1.240
Pinging 131.107.1.240 with 32 bytes of data:
Reply from 131.107.1.240: bytes=32 time=341ms TTL=115
Reply from 131.107.1.240: bytes=32 time=280ms TTL=115
Reply from 131.107.1.240: bytes=32 time=281ms TTL=115
Reply from 131.107.1.240: bytes=32 time=280ms TTL=115
-
If you got anything substantially
different, such as "Destination Host Unreachable," or "Request Timed
Out," you need to debug your TCP/IP configuration before going any
further—check out the protocol installation and your router or RAS
configuration. If you had the ISP configure your router, call their
technical support line. If you successfully pinged the host by IP
address, now try to ping a host by name, for example,
dns1.microsoft.com. The following shows a successful result:
www.tartoos.com
C:\users\default>ping dns1.microsoft.com
Pinging dns1.microsoft.com [131.107.1.240] with 32 bytes of data:
Reply from 131.107.1.240: bytes=32 time=300ms TTL=115
Reply from 131.107.1.240: bytes=32 time=281ms TTL=115
Reply from 131.107.1.240: bytes=32 time=280ms TTL=115
Reply from 131.107.1.240: bytes=32 time=881ms TTL=115
-
If you got a message such as "Bad IP address," you need to debug your
TCP/IP configuration before going any further—check out the DNS settings
to make sure that you have an entry for a valid DNS server. If you had
your ISP run DNS for you, call their technical support line. If you
successfully pinged the host by name, this means that TCP/IP on your
server and the DNS are working, and you can continue. At this stage,
TCP/IP is adequately set up to allow us to configure the Exchange Server
to send outbound mail. www.tartoos.com
-
Find out the IP address and the TCP/IP
host name of the Exchange Server. Suppose the server is mail.company.com
at 206.247.73.110. Try to ping this by IP address. If you cannot, you
did not find out the correct IP address for your server—check the TCP/IP
properties in the Control Panel Network applet. www.tartoos.com
-
Ping your Exchange Server by name. This
is critical—all the Internet protocols require that clients and other
servers on the Internet can find your system by name. If this fails,
contact whomever is running DNS and tell them to add an Address ("A")
record for your server (mail.company.com) into the DNS. Again, this may
be someone in your own company, if you are running your own DNS, or it
may be someone at your ISP. www.tartoos.com
-
You need to advise other mail servers
on the Internet to forward mail to your Exchange Server. Suppose you
want to receive mail as user@company.com. Tell the DNS administrator to
add a Mail Exchanger ("MX") record for your domain (company.com) to the
DNS for this purpose if it is not already there. www.tartoos.com
-
Test the MX record using
NSLOOKUP, a utility provided with Windows NT® 4.0. (If you are running
NT 3.51, you will need to find a third-party vendor of this product.)
From a command prompt, load NSLOOKUP, type
set type=MX
and hit Enter. Now enter your company's e-mail domain name, such as
company.com. A successful result would be one that returned the host
name of your Exchange Server, mail.company.com, as in the following
example:
C:> NSLOOKUP
Default server: sec1.dns.psi.net
Address: 39.8.92.2
>set type=mx
>company.com
Server: sec1.dns.psi.net
Address: 38.9.92.2
Non-authoritative answer:
Company.com MX preference = 10, mail
exchanger=mail.company.com
-
The default server should show the name
and IP address of the DNS server that is set up in your TCP/IP
configuration, mentioned in steps 5 and 6 above. Depending upon whether
the DNS server you point to is the main DNS server for your company, you
will get either an authoritative or a non-authoritative answer—this is
irrelevant. If you get any line that shows that the MX preference for
your company (company.com) is your Exchange Server (mail.company.com),
you are fine. If you do not get some such line, you will not be able to
receive inbound mail and need to have the DNS administrator correct this
before continuing. If this is working, TCP/IP is adequately set up to
allow us to configure the Exchange Server to receive inbound mail.
www.tartoos.com
Installing, Configuring, and Testing the Internet Mail Service (SMTP)
In Exchange Server 5.0, the SMTP protocol support is installed by default
when you install the server, and you configure the protocol the first time
by running the Internet Mail Service installation wizard from the "New
Other…" option in the File menu. If you are running Exchange Server 4.0,
you need to run the Exchange Server installation program and select
"Internet Mail Connector" as one of the options. In either case, the
Internet Mail Connector (in Exchange Server 4.0) or the Internet Mail
Service (in Exchange Server 5.0) installs as an object in the Connections
container for the site. The step-by-step instructions follow—if you are
using Exchange Server 4.0, jump to step 2; if you are using Exchange
Server 5.0, follow step 1:
-
If you are using Exchange Server 5.0 and run the Internet Mail Service
wizard to configure the service, answer all the questions with the
default (proposed) answer to achieve a minimal working configuration of
the Internet Mail Service. The first two screens of the wizard are
informational, and you should click Next to reach the first of the
questions. Note that there is a whole page of information on making sure
that you understand the DNS issues mentioned above. The questions you
will be asked (and answers) are as follows:
|
Question
|
Answer
|
|
Select the Microsoft Exchange server…
|
<name of your server>
|
|
Use DNS to send mail
|
Use DNS (typical)
|
|
Send mail to…
|
All Internet mail addresses (typical)
|
|
Select the site address…
|
@site.company.com
|
|
Specify the administrator mailbox
|
Create/use mailbox called Administrator
|
|
Type the password to the service account
|
<password>
|
When you have finished, the wizard will have configured SMTP support and
started the Microsoft Exchange Server Internet Mail service (which you
can verify in the Control Panel Services applet).
-
If you have a dial-up connection to the Internet, check the box that
says "Allow Internet mail through a dial up connection" on the page
where you are asked to select the Microsoft Exchange server. This will
create a second page where you select the RAS phone book entry for the
ISP and change the default for the Use DNS answer. If you choose the
default to send all mail to the ISP's SMTP host for further delivery,
rather than use DNS, the use of the connection time will probably be
more efficient. wwww.tartoos.comww.tartoos.com
-
If you are using Exchange Server 4.0, make sure that you have installed
at least Service Pack 2 or later. Run the setup program and choose the
option to install the Internet Mail Connector. Once the install program
has finished, load the Exchange Server Administrator program and
double-click on the Internet Mail Connector in the Connections container
for your site. You will need to do only two things here. First, specify
an administrator for the connector on the General page—choose the
Administrator or any user from the GAL. Second, go to the Address Space
page, click on the New Internet button, then click OK to close the next
dialog box without entering any data. You should see an entry in the
Addresses window that shows SMTP with a cost of "1". Click OK to close
this window, click OK on the information screen about DNS, and close the
Administrator program. Now open the Control Panel services applet, set
the Internet Mail service to start automatically, and start the service. www.tartoos.com
-
If you have a dial-up connection to the
ISP, go to the Dial-up Connection tab in the Internet Mail Connector
properties, and configure Exchange Server to dial the ISP and transfer
mail. Pick the ISP’s RAS phone book entry under the Available
Connections. Under the Dial options, you can schedule the IMC to call
the ISP every few hours or at a predetermined time of the day.
Initially, pick an interval such as every hour—you can go back and
change this later. When the IMC uses RAS to dial up the ISP, it will
establish a connection with the ISP’s SMTP host and wait for mail to be
downloaded. Usually this will happen after the SMTP host senses the
presence of the Exchange server, but it may take up to 15 minutes or so.
If you want to have the ISP start downloading mail immediately to you,
you should enter a command in the Retrieving Mail options box. The exact
format of this command depends upon the ISP, and you should contact them
for the correct syntax. Typically you can use either a finger command or
a rsh command. The syntax of the finger command is:
Finger your_domain@isp_smtp_host,
Where your_domain is your domain name (for example, company.com),
isp_smtp_host is the name of the SMTP host at the ISP (for example,
mx4.smtp.psi.net). The syntax of the rsh command is typically similar
to:
Rsh -Iisp_domain –l logon “/user/lib/sendmail –q –Ryour_domain”,
Where isp_domain is the name of the ISP’s domain (for example, psi.net),
logon is a logon alias that has permission to create a shell at the ISP,
and the balance is the command that the remote shell is spawning. An
excellent location for documentation of these and other available
commands is http://www.swinc.com/resource/exch_dq.htm. You should check
with your ISP for the exact syntax of the command you would use in your
installation.www.tartoos.com
If you followed steps 1–8 above, TCP/IP
is set up and tested. Now we need to test the Exchange Server
configuration. The simplest way to test this is to send a piece of mail
from a user to someone on the Internet, and ask for a reply. This,
however, is particularly uninformative if it does not work. The best
thing to do is to test the service using Telnet first. To do this, load
a command prompt and type "Telnet". From the File menu of the Telnet
window select New, and enter the host name of your Exchange server (for
example, mail.company.com), and enter 25 as the TCP/IP port. Click
Connect, and you should get a connection to the Exchange Server. If the
process in steps 9 or 10 above worked, you should see a line at the top
of the screen similar to the following:
220 mail.company.com Microsoft Exchange Internet Mail Service 5.0.1457.7
ready www.tartoos.com
Configuring and Testing the POP3 Support
Exchange Server 5.0 includes support for the POP3 protocol, allowing you
to use a standard POP3 client to retrieve mail from the server. To
configure this at the Server, follow the following steps:
www.tartoos.com
-
Bring up the Exchange Server Administrator program, go to the Protocols
container for your site, and double-click on the POP3 protocol object.
Check the checkbox that reads "Enable protocol." Go to the
Authentication tab and make sure that all four checkboxes are selected.
Close the POP3 properties window. This enables individuals with
mailboxes on the server to access them using the POP3 protocol and read
their mail. You can use any POP3 client such as the Exchange client with
the Internet Mail Service added, Eudora, or Pegasus. www.tartoos.com
-
To enable your users with POP3 access to send mail to Internet users you
may need to add an entry in the Internet Mail service. Open up the
Internet Mail Service window and select the Routing tab. You should see
"Reroute Incoming SMTP Mail" selected and you should have an entry in
the routing window showing your own e-mail domain as <inbound>. If you
do, you do not need to do anything. If you do not have this entry, click
Add, type in your domain name, and select "Should be accepted as
Inbound." Click OK to close the various windows. Click OK to close the
information screen about DNS. www.tartoos.com
-
To test the POP3 support, you can use your POP3 client, of course. To
test it manually, again open up a Telnet window, enter the name of your
Exchange Server, but specify 110 for the TCP/IP port. You should see a
line similar to the following:
+OK Microsoft Exchange POP3 server version 5.0.1457.10 readywww.tartoos.com
Configuring and Testing the Browser Support (HTTP)
Exchange Server 5.0 includes support for the HTTP protocol and allows
users of browsers to read and send mail. This is particularly useful when
you need to access your mail from a location where you cannot install or
configure e-mail clients. To configure HTTP support at the server, follow
the following steps:
www.tartoos.com
-
To access Exchange Server through a Web browser,
you need to install Internet Information Server (IIS) 3.0 and the Active
Server Pages. You can get these from the Windows NT Service Pack 3
CD-ROM or download them from the Microsoft ftp site at
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/.
They must be installed before you install the Microsoft Exchange Server
Web Services.
-
On the computer where you have installed IIS, run the User Manager.
Under Policies...User Rights, grant the group Everyone the rights to Log
On Locally.
-
Bring up the Exchange Server Administrator program, go to the Protocols
container for your site, and double-click on the HTTP protocol object.
Check the "Enable protocol" checkbox. This enables individuals with
mailboxes on the server to access them with a standard browser using the
HTTP protocol and read and send e-mail. You can use either Microsoft
Internet Explorer 3.0 or Netscape Navigator 3.0 or higher. www.tartoos.com
-
To test the HTTP support, load your browser and enter the name of your
Exchange Server followed by "/exchange" in the address field. You should
see a screen with an Exchange Server logo in the left, and a logon box
on the right. If you do not, the HTTP protocol was not set up correctly.
If you do see the logon field, enter your e-mail name (for example,
Administrator) and click on the words "click here." You will now see a
dialog box that asks you to verify your identity. Enter your domain and
account in the Username field (for example,
MyDomain\Administrator) and your password in the Password field.
This will bring up a form from which you can read your mail and send
mail to anyone.
www.tartoos.com
Installing, Configuring, and Testing the News Service Support (NNTP)
In Exchange Server 5.0, the NNTP support is installed by default when you
install the server. It enables users to view your public folders using the
NNTP from any NNTP client and you can arrange push or pull news feeds from
USENET news servers. You need to configure the protocol to enable either
of these.
www.tartoos.com
-
To allow access to selected Exchange Public Folders via NNTP, open up
the Exchange Server Administrator program and open up the NNTP object in
the Protocols container for your site. Select both "Enable protocol" and
"Enable client access" and click OK. If you want to allow anonymous
access to the public folders, go to the Anonymous tab and select "Allow
Anonymous Access."
-
To pull a newsfeed from a USENET server on the Internet, use the
newsfeed wizard from the "New Other…" option in the File menu. It is a
good idea to create a basic pull feed from a known source, such as the
Microsoft public news server first, to make sure you know how to answer
all the questions. When you have successfully done this once, you can
create other news feeds with any news server you wish. To configure such
a feed from the Microsoft server, invoke the wizard. The first screen of
the wizard is informational—click Next to reach the first of the
questions. The questions you will be asked (and answers) are as follows:
|
Question
|
Answer
|
|
Server to install on
|
<name of your server>
|
|
Type of newsfeed to create
|
Inbound and outbound (typical)
|
|
Inbound newsfeed type
|
Pull incoming messages
|
|
Select appropriate connection type
|
Connect using my LAN
|
|
Connect every
|
15 minutes
|
|
Provider's USENET site name
|
Msnews.microsoft.com
|
|
Host name or IP address
|
Msnews.microsoft.com
|
|
Additional inbound host computers
|
<leave blank>
|
|
Log on to remote servers as
|
<leave blank>
|
|
Internet news administrator
|
Administrator
|
|
To configure Inbound news feed
|
Download the active file from my provider now
|
-
When you have finished, the wizard will have configured NNTP support and
started the Microsoft Exchange Server Internet News Service (which you
can verify in the Control Panel Services applet). If your setup hangs
after you have clicked "Download the active file from my provider now",
you probably have a router problem. If you do have a problem, go back
and select "I will configure my newsfeed later" at this point. You will
have set up the protocol support and can go to the msnews.microsoft.com
newsfeed object in your site's Connections container later to download
the active file. www.tartoos.com
-
To test the NNTP client access, you can use any NNTP client. To test it
manually, again open up a Telnet window, enter the name of your Exchange
Server, but use 119 for the TCP/IP port. You should see a line similar
to the following:
200 Microsoft Exchange Internet News Service Version 5.0.1457.10
(posting allowed) www.tartoos.com
|
