Discussions

How to Host your own Mail Server running Exchange Server 2003 SP2

+
0 Votes
Locked

How to Host your own Mail Server running Exchange Server 2003 SP2

csheppard
I hope what I post will help people out. In doing this I ran into several problems, mainly DNS issues and the lack of knowledge. After I completed it, I decided I'm going to post what I did to eventually help someone out. Here you go:


Things I had:

1. One Exchange Server (Exchange Server 2003)
2. Two Public IP Addresses (Contact ISP)
3. Registered Domain Name (www.register.com)


Here's how I configured my Exchange Server

Three total NICS. Two of the NICS were configured with the public IP addresses provided by our Internet Service Provider (ISP). The third NIC was configured with a private IP address. ALL DNS were pointed to the main DNS Server. (DNS was NOT configured at this time, only the addresses were pointing to the main DNS server).

I'll get back to that.


On the Primary DNS Server:

(DNS configuration were already made)

*before you follow these instructions, create a reverse lookup zone (PTR Record). Point that IP Address to the PUBLIC Exchange IP Address. Doing this first will avoid you receiving an error when you create the following forward zones.*


1. Create a new domain by right clicking on the forward lookup zone and going to "New Domain"

2. Name it after your company without .com or any other extension.

3. Now create a new ZONE by right clicking and going to "New Zone"

4. Name it as the following: dns1.yourdomain.com

5. Create an MX Record. (Contact your ISP for the MX record name you'll have to use). For instance, my was named: mail.mydomain.com

6. Create an A(Host) Record. Point this record to the Exchange Server's PUBLIC IP Address.

7. Create a second zone (If you have TWO public IP Addresses)

8. Repeat the above steps.


Back to the Exchange Server

In DNS:

Create a secondary forward and reverse lookup zone. Add the main DNS server's IP addresses.


Inside of www.register.com

Change their default DNS server to your DNS server name. (dns1.yourdomain.com); (dns2.yourdomain.com).

Change MX Record (mail.yourdomain.com)

Change A Record (Point to Exchange server Public IP Addresses)


In Exchange System Manager:

1. Go to recipient policies

2. Change email extensions to user@yourdomain.com

3. Use SMTP and set as primary


Inside of Outlook:

1. Create the new user

2. For POP3 and SMTP settings use dns1.yourdomain.com and dns2.yourdomain.com

3. Test


Lastly, if you have access to your firewall, ALLOW port 110 (POP3).

ALLOW port 25 (SMTP). This should already be set by default.

And make configuration for your public IP Addresses.


I hope this helps out anyone out there. One thing I should mention is that this is my Front End Exchange Server. I am in the process of making my Back End Exchange Server. Your Front End Server is exposed to the world so you want to add as much security as you can. I have an Instrusion Detection Server sitting in front of it and also firewall settings in place. You may want to consider doing that.
  • +
    0 Votes
    timnjohnson

    For the last 4 weeks have been trying and trying and almost gave up until I saw your posting this morning. My case is similar to yours but I don't have a Public IP address.. have a registered domain but no Public IP. My ISP carrier is Comcast and I'm not sure how they handle Public IP. I don't have any Firewall except what came with Lynksys Router and no spam filter either. I've two dell PE2450 servers and I can setup both frontend and backend mail servers but I guess I need to check with my ISP regarding the Public IP addresses. I also have AD configured but based on your instructions I might have to reinstall AD. My DNS has a.com extension and based on your instruction that's a nono. My question is ..do I really need to have two Public IP addresses or One is ok? And what kind of intrusion detection do you have in place for your mail system?
    Can we exchange email addresses or contact info in case I get stack?
    You've really opened my eyes and now I feel like I can put your knowledge to work. Thanks again for takind the time and hope to hear from you soon.

    +
    0 Votes
    csheppard

    I now have two Exchange servers in my network. I'll get into that configuration in a little bit. I first configured my Front End Server (PE2950 like yours) which is also a DC. I configured two of my NICs. One with a private IP address so I can hit it internally, then I contacted my ISP, got a public IP address with subnet mask and default gateway. I created the new dns zone 'dns1.mydomain.com' and made that a secondary zone, not primary. I pointed that to my DNS server which is running AD. I created the necessary records needed for it. A record which is the host record and pointed it to 'dns1.mydomain.com' then created an MX record that points to the A record. (You can actually do this on the site where you registered your domain).

    Then, at the site where the domain is registered, I transferred the domain off of the sites DNS server onto mine. Also, I registered my server through that site. All those options should be available on the site. I use register.com

    On my firewall I did a One to One NAT and allowed POP3 to hit that specific IP of my server.

    Then I tested it by pinging the server from an outside source. I pinged the Public IP then pinged its name to make sure everything was working. I also did an nslookup > set type=all to make sure everything was in order which it was.


    Then I brought up my Backend Server. I had to go back to the Front End server and through the System Manager, assign the Front End as an actual Front End server. (Theres a check box you click for that). Mine configured a routing group by default that allowed mail to hit the FE first and relay it to the BE second.

    I created all the users on the BE and on the FE, I configured OWA with SSL. Tested that and it worked perfectly.


    I hope this helps you also, if you have any questions let me know and I'll be more than happy to help you out.


    Later on I'll make a new post of how I configured the VPN and FTP server.

    +
    0 Votes
    csheppard

    You don't have to reinstall AD. Just create a new DNS forward and reverse zone. Your domain is NOT registered (The one you currently have) so no one will be able to hit it from the public. You don't need two public IP addresses, just one. I have a block of public IP addreses and use the second just in case. It's not even up and running currently, I'm only using the one.


    The intrusion detection I use is actually not only an Intrusion Detection but also a Honeypot. It puts up a fake website that allows hackers to hit it on purpose. It makes it seem like its an important server, when in reality, it isn't. All their information gets reported back to me and I report it to their ISP. Its called KFSensor. Cost me $599.00. I have two firewall's in place on top of that. Both hardware firewall's.


    you can contact me at csheppard@coxcustommedia.com

    +
    0 Votes
    michaeljayuda

    Hi.. it's nice to know you..
    Could you give me a step-by-step guide how to build our own mail server at home. thanks in advance

    michael

    +
    0 Votes
    mjrmendoza

    Hello Thanks for this great step by step. I'm in the process of configuring exchange 2007 to host our own email. Here's my situation...I have an AD (mycompany.local) and I did register a domain at network solutions (mycompany.com). The company that provided me with the public IP is not really an ISP so if i want to use "mail.mycompany.com" how should I do that. Can this be created in network solutions site? Also when you say main DNS servers is this referring to the local DNS server that I have which is on the same machine as my domain controller (mycompany.local). Do I need to edit network solutions' dns entry or should i leave it so that they will be hosing our DNS and domain name? Thanks in advance. - manny

    +
    0 Votes
    vijinravindran

    If i complete the above steps, can i connect via the internet to my mail server without a VPN to my office network? I have a leased line and 1 static IP I have planned to give for my mail server. i was planning on doing NATing on the router and enabling direct access to mail with the public IP. is this possible? Right now we pull our mails from an ISP mail server into our mail server.

    +
    0 Votes
    gopal791

    i want to host my own exchange server ,i ahve one server with 1 bublic ip and 1 private ip and i configured activedirectory and dns on that server , i want to install exchange server on that server , i register a domain mydomain.com , can u plz send me the step by step guide to so that i can easyly configure the exchange server i am new plz help me , my email address is
    gopal791@gmail.com

    thanks in advance .

    +
    0 Votes
    Postonoh

    How does this effect you website when they are hosting it as well.

  • +
    0 Votes
    timnjohnson

    For the last 4 weeks have been trying and trying and almost gave up until I saw your posting this morning. My case is similar to yours but I don't have a Public IP address.. have a registered domain but no Public IP. My ISP carrier is Comcast and I'm not sure how they handle Public IP. I don't have any Firewall except what came with Lynksys Router and no spam filter either. I've two dell PE2450 servers and I can setup both frontend and backend mail servers but I guess I need to check with my ISP regarding the Public IP addresses. I also have AD configured but based on your instructions I might have to reinstall AD. My DNS has a.com extension and based on your instruction that's a nono. My question is ..do I really need to have two Public IP addresses or One is ok? And what kind of intrusion detection do you have in place for your mail system?
    Can we exchange email addresses or contact info in case I get stack?
    You've really opened my eyes and now I feel like I can put your knowledge to work. Thanks again for takind the time and hope to hear from you soon.

    +
    0 Votes
    csheppard

    I now have two Exchange servers in my network. I'll get into that configuration in a little bit. I first configured my Front End Server (PE2950 like yours) which is also a DC. I configured two of my NICs. One with a private IP address so I can hit it internally, then I contacted my ISP, got a public IP address with subnet mask and default gateway. I created the new dns zone 'dns1.mydomain.com' and made that a secondary zone, not primary. I pointed that to my DNS server which is running AD. I created the necessary records needed for it. A record which is the host record and pointed it to 'dns1.mydomain.com' then created an MX record that points to the A record. (You can actually do this on the site where you registered your domain).

    Then, at the site where the domain is registered, I transferred the domain off of the sites DNS server onto mine. Also, I registered my server through that site. All those options should be available on the site. I use register.com

    On my firewall I did a One to One NAT and allowed POP3 to hit that specific IP of my server.

    Then I tested it by pinging the server from an outside source. I pinged the Public IP then pinged its name to make sure everything was working. I also did an nslookup > set type=all to make sure everything was in order which it was.


    Then I brought up my Backend Server. I had to go back to the Front End server and through the System Manager, assign the Front End as an actual Front End server. (Theres a check box you click for that). Mine configured a routing group by default that allowed mail to hit the FE first and relay it to the BE second.

    I created all the users on the BE and on the FE, I configured OWA with SSL. Tested that and it worked perfectly.


    I hope this helps you also, if you have any questions let me know and I'll be more than happy to help you out.


    Later on I'll make a new post of how I configured the VPN and FTP server.

    +
    0 Votes
    csheppard

    You don't have to reinstall AD. Just create a new DNS forward and reverse zone. Your domain is NOT registered (The one you currently have) so no one will be able to hit it from the public. You don't need two public IP addresses, just one. I have a block of public IP addreses and use the second just in case. It's not even up and running currently, I'm only using the one.


    The intrusion detection I use is actually not only an Intrusion Detection but also a Honeypot. It puts up a fake website that allows hackers to hit it on purpose. It makes it seem like its an important server, when in reality, it isn't. All their information gets reported back to me and I report it to their ISP. Its called KFSensor. Cost me $599.00. I have two firewall's in place on top of that. Both hardware firewall's.


    you can contact me at csheppard@coxcustommedia.com

    +
    0 Votes
    michaeljayuda

    Hi.. it's nice to know you..
    Could you give me a step-by-step guide how to build our own mail server at home. thanks in advance

    michael

    +
    0 Votes
    mjrmendoza

    Hello Thanks for this great step by step. I'm in the process of configuring exchange 2007 to host our own email. Here's my situation...I have an AD (mycompany.local) and I did register a domain at network solutions (mycompany.com). The company that provided me with the public IP is not really an ISP so if i want to use "mail.mycompany.com" how should I do that. Can this be created in network solutions site? Also when you say main DNS servers is this referring to the local DNS server that I have which is on the same machine as my domain controller (mycompany.local). Do I need to edit network solutions' dns entry or should i leave it so that they will be hosing our DNS and domain name? Thanks in advance. - manny

    +
    0 Votes
    vijinravindran

    If i complete the above steps, can i connect via the internet to my mail server without a VPN to my office network? I have a leased line and 1 static IP I have planned to give for my mail server. i was planning on doing NATing on the router and enabling direct access to mail with the public IP. is this possible? Right now we pull our mails from an ISP mail server into our mail server.

    +
    0 Votes
    gopal791

    i want to host my own exchange server ,i ahve one server with 1 bublic ip and 1 private ip and i configured activedirectory and dns on that server , i want to install exchange server on that server , i register a domain mydomain.com , can u plz send me the step by step guide to so that i can easyly configure the exchange server i am new plz help me , my email address is
    gopal791@gmail.com

    thanks in advance .

    +
    0 Votes
    Postonoh

    How does this effect you website when they are hosting it as well.