Exchange Setup/Configuration Blogs?

Tackle

Hi Guys,

I'm working on setting up Exchange 2010 at home so I can host my own e-mail, and better my Exchange skills, (that are severely lacking).

Does anyone here have a blog for Exchange Setup and Configuration, primarily DNS stuff? To get specific I have a domain through GoDaddy and my ISP blocks port 25.

I have Exchange installed that was easy. I can get to the OWA page internally on my mail server and the DC and send e-mails to myself but nothing externally works, incoming or outgoing, can't even access mydomain.com/owa. I did set the send connector to use port 26 and have created a cert. I've setup an MX and A record on my DC that points to mail.mydomain.local, but I must have them wrong, or I need to confgure something in GoDaddy?

Any help would be much appreciated, I've Googled for 2 days straight on this and probably have done nothing more than make a mess.

Thanks!

cyberguypr

This article may help you out: Unify This: OCS R2 / Lync Server + Exchange 2010 lab setup (in a home office behind single dynamic IP)

Everyone

I haven't written those articles yet for my blog, but they are coming.

You're wasting your time. Your ISP is blocking it, changing the port number isn't going to make it work. The most you can do is get outbound working. You'll have to set the send connector to relay everything to your ISP's mail server.

Inbound will never work because you can't use the standard port.

If you want it to work, you'll have to switch over to a business class account that doesn't have all the port blocking.

Tackle

Everyone wrote: »

I haven't written those articles yet for my blog, but they are coming.

If you want it to work, you'll have to switch over to a business class account that doesn't have all the port blocking.

I'll keep an eye on your blog, seems to have some useful info.

There has to be a way to get around ISP blocked ports, I can't be the only person who has ran into an ISP blocking ports before and don't want to spend the extra $$ for Business Class. What about No-IP.com's "Reflector"? I haven't tried it, but it migh be an option.

it_consultant

Is your firewall configured to forward port 26 instead of port 25? Look at the firewall settings of the edge or hub transport settings as well as the port forwarding settings on your edge firewall - perhaps a wireless router or something.

Tackle

it_consultant wrote: »

Is your firewall configured to forward port 26 instead of port 25? Look at the firewall settings of the edge or hub transport settings as well as the port forwarding settings on your edge firewall - perhaps a wireless router or something.

Yep, I have forwarding setup 25 -> 26 (IP of my Mail Server). For testing I've turned off all Firewalls on the servers.

Everyone

LucasMN wrote: »

I'll keep an eye on your blog, seems to have some useful info.

There has to be a way to get around ISP blocked ports, I can't be the only person who has ran into an ISP blocking ports before and don't want to spend the extra $$ for Business Class. What about No-IP.com's "Reflector"? I haven't tried it, but it migh be an option.

Depends on how smart your ISPs filter is. If they are just doing a straight port number block, yes that could get around it. You'll have to set your MX records accordingly. As already mentioned, make sure your firewall settings are configured to match.

I believe No-IP.com's Reflector service costs money. You may get it and find out no matter what port you set your mail server to, your ISP can still block it. Even if they aren't blocking it, and it does work, your could get banned from you ISP if they find out, as it would violate their TOS.

I don't know about pricing for whatever ISPs you have available, but for me it was only $5/month more for business class service over the residential price, because they force you to use a leased modem.

it_consultant

Question is...what kind of bounce message are you getting when you try to send in?

Tackle

I do not receive a bouce when sending in from an external e-mail address. I'll check the spam filter, but I think it may be lost in never-never land.

When I try to send out from my mail server:
Delivery is delayed to these recipients or groups:
My Work E-mail Adress.com
Subject: test
This message hasn't been delivered yet. Delivery will continue to be attempted.
The server will keep trying to deliver this message for the next 1 days, 19 hours and 55 minutes. You'll be notified if the message can't be delivered by that time.


I'm going to guess the issue here is with DNS and the SMTP ports/send connectors.
I'll talk to a colleage who has a similar setup (Same ISP, Exchange 2k3) and see how he has it configured, maybe I'll get some clues as to what I need to do, I'll post my findings.

Turgon

LucasMN wrote: »

Hi Guys,

I'm working on setting up Exchange 2010 at home so I can host my own e-mail, and better my Exchange skills, (that are severely lacking).

Does anyone here have a blog for Exchange Setup and Configuration, primarily DNS stuff? To get specific I have a domain through GoDaddy and my ISP blocks port 25.

I have Exchange installed that was easy. I can get to the OWA page internally on my mail server and the DC and send e-mails to myself but nothing externally works, incoming or outgoing, can't even access mydomain.com/owa. I did set the send connector to use port 26 and have created a cert. I've setup an MX and A record on my DC that points to mail.mydomain.local, but I must have them wrong, or I need to confgure something in GoDaddy?

Any help would be much appreciated, I've Googled for 2 days straight on this and probably have done nothing more than make a mess.

Thanks!

Things have been locked down in ISP land for a while now which is a shame, as you are denied the opportunity to lab from home and learn how to do things properly. Running a mailserver in a company separates the men from the boys and teaches you a great deal. There was a reason why the MCSE's in NT 4.0 avoided Exchange 5.5 as an elective. Increasingly single company mail provision is outsourced, but in the cloud we do need engineers who know what they are doing

it_consultant

LucasMN wrote: »

I do not receive a bouce when sending in from an external e-mail address. I'll check the spam filter, but I think it may be lost in never-never land.

When I try to send out from my mail server:
Delivery is delayed to these recipients or groups:
My Work E-mail Adress.com
Subject: test
This message hasn't been delivered yet. Delivery will continue to be attempted.
The server will keep trying to deliver this message for the next 1 days, 19 hours and 55 minutes. You'll be notified if the message can't be delivered by that time.


I'm going to guess the issue here is with DNS and the SMTP ports/send connectors.
I'll talk to a colleage who has a similar setup (Same ISP, Exchange 2k3) and see how he has it configured, maybe I'll get some clues as to what I need to do, I'll post my findings.

Yeah, it sounds like an intelligent filter if you are not getting any kind of bounce message. I have snaked around countless ISP blocks but this one might take the cake. What happens for say, Comcast, is that the network addresses used for their residential services are listed in SORBS to never allow - the connection error you get when you try to send tells you that according to SORBS, emails from your network address have to go through Comcast servers. I get this when I get a client that has an SBS service but went cheap and got a home cable modem for internet access. This is probably why your outbound emails are being delayed. Look at your queue viewer, buried in there is a reason for the dropped connection. You COULD smart host to an IIS, exchange, or sendmail server that you control on another network and relay your outbound email through it. This requires fairly advanced knowledge and is probably exactly why you are setting up a lab.

In bound, if sent over a different port, should still work - I think you have an inbound configuration error as I have never seen an ISP use sophisticated enough equipment to detect SMTP (using a packet inspection technology) on a non-standard port and I have NEVER seen them able to block a TLS connection between servers over a non-standard port.

Tackle

Thanks for the reply it_consultant. My ISP is Charter, a very big Monopoly here, they bought out the only other ISP.

I won't have time to get to it today, but I think I have a pretty good idea of what I need to do now.

Seems I need an SMTP agent/service of some sort.
In simple terms this is what needs to happen if I'm understanding correctly:

Mail going out on port 26 -> SMTP Service which can send mail out on port 25 -> Should be received by external account.

Mail sent from external account on port 25 -> SMTP Service which can send mail in on port 26 -> Should reach my mail server.

Providing the MX records are correct, I think this will work. Now to find a cheap service. No-IP.com Reflector is $40 a year for "Basic".

P.S. Turns out my colleage uses the web server here at work for his SMTP port redirection to and from his home mail server and it works fine.

Tackle

Turgon wrote: »

Things have been locked down in ISP land for a while now which is a shame, as you are denied the opportunity to lab from home and learn how to do things properly. Running a mailserver in a company separates the men from the boys and teaches you a great deal. There was a reason why the MCSE's in NT 4.0 avoided Exchange 5.5 as an elective. Increasingly single company mail provision is outsourced, but in the cloud we do need engineers who know what they are doing

Technically I "Manage" the Exchange server at my work...which doesn't consist of a whole lot, the guy who set it up still works here and there are less than 60 employees. It's Exch 2003, and that's why I've been wanting to do some R&D at home. Get familiar with how things work, eventually I'll do a test upgrade. Same reason I setup my own Domain, SharePoint site and Openfiler SAN...just to get exposure, not for any real purpose besides that.

Learning is never a bad thing...even if what I'm learning will be outsourced or obsolete in a few years.

Turgon

LucasMN wrote: »

Technically I "Manage" the Exchange server at my work...which doesn't consist of a whole lot, the guy who set it up still works here and there are less than 60 employees. It's Exch 2003, and that's why I've been wanting to do some R&D at home. Get familiar with how things work, eventually I'll do a test upgrade. Same reason I setup my own Domain, SharePoint site and Openfiler SAN...just to get exposure, not for any real purpose besides that.

Learning is never a bad thing...even if what I'm learning will be outsourced or obsolete in a few years.

I think its good you are trying to learn at home. Im sorry the ISP experience is making it difficult for you.

it_consultant

LucasMN wrote: »

Thanks for the reply it_consultant. My ISP is Charter, a very big Monopoly here, they bought out the only other ISP.

I won't have time to get to it today, but I think I have a pretty good idea of what I need to do now.

Seems I need an SMTP agent/service of some sort.
In simple terms this is what needs to happen if I'm understanding correctly:

Mail going out on port 26 -> SMTP Service which can send mail out on port 25 -> Should be received by external account.

Mail sent from external account on port 25 -> SMTP Service which can send mail in on port 26 -> Should reach my mail server.

Providing the MX records are correct, I think this will work. Now to find a cheap service. No-IP.com Reflector is $40 a year for "Basic".

P.S. Turns out my colleage uses the web server here at work for his SMTP port redirection to and from his home mail server and it works fine.

I forgot to mention that if you don't use a redirecter than the sending host has to know to send on port 26 - meaning you will have to configure another email server somewhere to send on port 26 in order to generate inbound mail that won't get snagged by the ISP.

powerfool

If you sign up for a spam filtering service, like Postini, you could have it forward your inbound mail to you non-standard TCP port.

Tackle

Following up here...

I did figure out a way to get around the ISP blocking port 25, both incoming and outgoing.
I created an account at DNSexit.com. They have 2 services which I purchased (Total $40/year)
-For outgoing mail I used their Mail Relay service. All that was needed was to create a SMTP Connector pointing to their server.
-I used their Mail Redirection Service for incoming mail. Use their mail server for my domain's primary mx record and it forwards the e-mails out port 26 to me(which the ISP does not block)
Used port forwarding on my router to forward 26 -> 25 and Bingo, mail is working incoming and outgoing.
Also had to forward port 443 to my mail server to get OWA working. I thought it was weird Charter allowed 443, but never the less, it's working now.

This is exciting!

Everyone

Cool.

I was going to say as far as Outgoing goes, you probably could have got it working using whatever Charter's mail server is as a relay. For example, on Comcast, I have to relay mail through smtp.comcast.net for outgoing. I have to do this even though I now have Business Class service because Comcast has their IP ranges voluntarily blocked on several spam lists. Their smtp.comcast.net server isn't blocked though.

You don't see port 80 and 443 blocked on too many ISPs, causes more issues than it's worth. Look at your SLA though. Usually they have something that says if they catch you running a web server, they can terminate your service. So while it may not be blocked, you still may want to consider using another port. Easier to do for OWA since you can just put in https://yourdomain.com:1234 to get to it.

Tackle

I'm sure the SLA does. I'll change that port tonight. Thanks for the tip.