set up exchange server

[lance-tek]

Here is my situation... I have all kinds of software at my disposal. I think I would like to set up a domain at home (I mean heck I have enough computers for it :-p). What I am really focused on is setting up exchange for my mail.

I have a domain and that is where the mail comes through. My desire is to have an exchange server that works the mail instead of the web host working the mail. The first thing is I am a DBA not an exchange Admin. So, I am working "in the dark" so to speak. Is anyone smart with exchange and mail that might be able to tell me if this is 100% doable and perhaps give me a few pointers on the configuration.

My software is limited to server 2008 and below (nothing in the past couple of years that I have licenses for). So, the clients are currently vista and below...

Thanks,

[YeOldeStonecat]

Hi!

Small Business Server? Or Exchange Standard?
Are you running a network at home now with active directory? If not, you'll need it, Exchange needs AD.
Do you have a business account with your ISP? Many ISPs block port 25 for home/dynamic accounts...others don't..and they wont' bother you as long as you stay off their radar (small amounts of e-mail, no heavy usage)

[Diver012]

I would get with who ever hosts your DNS records, and setup an SPF record for your mail domain..

Also, consider putting a security gateway in front of your network such as http://www.untangle.com Their Lite version is completely free and well worth the effort of getting it setup. I wouldnt run a network with out it. It will greatly reduce the amount of spam and virus you get into your exchange server as well as do intrusion prevention and web filtering/monitoring

[RoundEye]

I set up a domain when I worked on PC’s, to help me learn the software better. Me, my mom and dad, wife and son, after a while it became a drag coming home from work and being tech support again. If it’s just for you it’s no big deal but for me it was two families across two houses, after a while I gave up on the domain issue. It can turn into a major ordeal when there is a problem, especially if you’re the only one who understands how to fix it.

EDIT:

Stick to a workgroup if there is a few people involved, it’s a lot easier.

[koldchillah]

I've been using Windows Small Business Server (includes Exchange) at home for the past several years.

In regards to email.. Exchange is awesome, but I still prefer to formally host my mail elsewhere for a few reasons.

1.) decent hosting accounts are out there and they are almost all favorably priced for tech guys like many of us here at SG.

2.) My ISP is far more likely to go down than a good mail host. If I'm down at home, I don't want my mail to be down entirely.

3.) SMTP complications. Not only are there more restrictions on port 25 traffic by most residential providers, but your IP address (even if a business account) might be more susceptible to incidental scrutiny by the major mail providers which can lead to frustrating false-positive blacklisting etc..

You have to make sure your DNS setup is spot on. You need an SPF record setup and you will want to follow as many "best practices" as possible in order to keep your mail from being delayed, tagged, or returned by the big boy providers.

Even when it's working, you could wake up the next day and suddenly you can't send to yahoo recipients only, or gmail... or aol.. etc. etc. All the big boys have their own set of rules they play by and their aggressive countermeasures to battle spam often result in unfortunate annoyances to the small do-it-yourself mail servers. Most of the time the issues can be fixed, it's just annoying to deal with.

I prefer to have the ability to put in a ticket with my mail hosting provider and have them figure out the problem and fix it. If they don't, i start looking for another mail host.

My setup:

I simply use the SBS POP Connector to leech mail from my mail host down to the exchange server and then tell Exchange to use my mail host's server as an SMTP smarthost. In some cases you may have to use your ISP's mail server as a smarthost and even use a custom port in some cases.

I have the POP connector tweaked (in the registry) to pull down my mail every 5 minutes from my mail host. I believe I can still drop this interval down further in the registry I just haven't gotten around to it.

Since I have several other email accounts that I also like to keep track of, I set them up as normal POP accounts in Outlook except all the incoming messages are going into my exchange mailbox instead of a local PST file.

When I switch between my desktop and laptop my mail is all there. This goes for our iPhones as well, which can also connect to exchange. I can also keep an eye on my POP accounts when I don't have outlook open on my computer by adding them to the iPhones as well.

Our laptops are configured to connect to Exchange via RPC over HTTP so we are not tied down to the LAN in order to connect to exchange when we travel. I also have my hardware-based VPN setup to keep me connected to my LAN occassionally but I rarely use it and it's a whole other topic for another thread.

[YeOldeStonecat]

I do not hava a single business client that has their Exchange server send out directly to the internet, they all do SMTP forwarding to their smart hosts SMTP server (such as us, or Postini, or Appriver, or MXLogic, etc)...or...SMTP forwards to their ISPs outgoing server.

This eliminates the worry about being put on a blacklist, or even worrying out SPF records and the other 1/2 of the equation...RevDNS entries. That is done with your ISP.

Another thing I do with my clients Exchange servers...similar to above, I don't have them receive e-mail directly from the internet either, they all run with a mail bastion host that washes the mail for spam and viruses, and then delivers it to their Exchange server. The big advantage here...their exchange server can have firewall rules to allow port 25 to be open only to the IP addresses of their mail bastion provider (postini, mxlogic, appriver, or with most of them..my companies services). Instead of having port 25 exposed to the ENTIRE WORLD...being poked and prodded all the time in someones attempt to hack into it. It just flat out eliminates that worry.

Another DNS topic related to mail servers, the "mx record". That's an entry you make which tells mail traffic heading towards your domain what IP address to go to...like, where you mail server is...(or mail bastion service).

[nightowl]

I just finished setting up my domain exchange server PM me if you want some tips/tricks

[lance-tek]

Currently I don't have an Active Directory running at home. It has been a project of mine for a while though. Since I am a DBA with limited knowledge in other areas I thought it would really help me. Running an exchange server I thought would be a great benefit to learn from and allow me to better control the spam I currently get in my mail. As well, my wife subscribes to so many lists that she get's so much mail it fills her mailbox limit (set by webhosting company). We have u-Verse at home (AT&T) and my hosting company is godaddy.

I plan to run everythign in a virtual environment at home spanned across a few physical hosts. I do have somewhat of a limit on resources but definately enough to pull this off with plenty to spare.

There will only be about 5 physical clients and the rest will be virtual machines. (VMWare is what I prefer but, the MS stuff is also there to use). So, I thought with this configuration, things would just work out and I could learn a lot along the way (and so could the family).

I am interested in any and all help I can get on this endeavor though. Like I said, I am a DBA (MSSQL primarily but I have also worked plenty with Oracle). So throw it all at me, in the forum, PM, or email.

Thanks to all,

-lance

[YeOldeStonecat]

Lets keep it in the forums..that way everyone can benefit from the thread.

You need active directory first (a domain) for Exchange to run on, it's not a stand alone product.

Generally make internal domains ending in .local instead of .com/.org, such as lancetek.local
And then for e-mail, say you wanted lancetek.com, you'd set that in the Exchange servers default recipient policy (as well as any other domain names you wanted to add to it..as Exchange can handle many different domains, even for the same users).

Does your home have a static IP from your ISP, or a dynamic one?

[lance-tek]

Currently the IP is a reserved dns entry. That's how U-Verse is set up. I think it's lease is renewed monthly. I know that for a small amount I can call the ISP and get a static IP if I find that this is causing issues though... (5 usable statics for 15/mo)

I have all of the software to start it all up with so, I will take your advice and start setting up the AD as a .local instead of .com ;-)

[YeOldeStonecat]

Depending on your approach, how you set it up, a static IP is the "proper" and most reliable setup. Importantly, if you want to send outgoing SMTP mail directly from your server and learn how SPF/RevDNS/PTR stuff works...you need a static IP. If you want to eliminate that part and have your Exchange server send outbound e-mail to your ISPs SMTP server, or another SMTP service...you don't have to worry about static as much. But a static IP helps the reliability if your inbound e-mail. You can sort of half-arse a dynamic DNS alias for your inbound e-mail..and it works "most of the time"...it's acceptable if you're just dorking around with Exchange at home. But it's not really proper.

To start off with Exchange, using Microsoft Small Business Server gets you up and running quickly. Setup is a breeze with the wizards, and you can still drill down manually and learn Exchange more.

[lance-tek]

exchange is not the highest priority (we still get our mail) though it sometimes is rather delayed (don't know why). But definately setting up the AD and the exchange server to work within the house would be great. Then once that has been taken care of moving to the fullest extent is the next step.

I really don't think I want to use SBS because it is all embedded. I think I can learn a lot more if I work with the raw products. But perhaps I can start with SBS and then "upgrade" at a later time? Or is this just double working the concept? (DBA not sys admin or network admin remember )

-lance

[lance-tek]

I currently have 3 servers (well 4 if you count my baseline image). I have one configured as a DC and "on the domain". I have another which is my "netServices" server (DHCP, DNS, WINS) and it is all ready to go BUT it isn't able to find the DC...

I may be too "advanced" for what I should be doing I guess... I didn't plan to run DHCP on the DC so I build it's own server for that. But, the DHCP server can't join the domain (or even ping the DC :confused .

The third sever (for exchange) can ping the netServices server (and vice versa) but it can not ping the DC either...

I have ensured that the firewalls are all turned off but that is all I know to do... The DC can ping everything but nothing can ping it? Nothing seems to be able to join it either...

Any ideas?

Thanks,

-lance

[YeOldeStonecat]

Active Directory starts with DNS. You start building your internal domain (active directory) by building your DC first. The process of making it a domain controller is called "dcpromo", and part of that process is installing the DNS service on that server...on top of which the rest of active directory gets deeply integrated with.

Once your DC is up and running, you can join everything else...other servers, and workstation....going through the process of having them "join a domain"....moving away from workgroup mode. In order to this properly, they MUST use the IP address of your DC as their DNS server. Nothing else. So they cannot use the LAN IP of your router or the IP of your ISP servers or anything else. If your DC has an IP of 192.168.10.11, your other servers and workstations need to use that for their DNS. Either quickly set that manually in their TCP/IP properties, or reconfigure your DHCP scope. I generally run all the infrastructure services on the DC..meaning DNS, WINS (if needed), DHCP...but you can run them on other servers if you want.

I set the DNS forwarding....ah, lemme show you a link....
http://www.speedguide.net/read_articles.php?id=1660

[lance-tek]

a link to this thread?

Anyway, if I understand you correctly I have to use the DC as the DNS server initially and once the DNS server is joined to the domain I can then repoint everything to it as the actual DNS server. Right?

Thanks,

[YeOldeStonecat]

Link in above reply.
Step 1..you build your DC...lets say you use 192.168.10.11 for its IP address, in its TCP/IP properties, you set it to look at itself for DNS...192.168.10.11, you can leave the 2ndary DNS server empty. You go and do the dcpromo stuff. Now it's a domain controller, assuming all went well, DNS zones populate, etc. Now...you build additional servers..and once up and running, you manually set their IP addresses, lets say your exch server..you make it 192.168.10.12, but you would set its DNS server to be 192.168.10.11 (leaving the 2nd one blank). And your 3rd server, say you set it at 192.168.13, you'd set it's DNS server also to 192.168.10.11.
And your DHCP service...say it will hand out workstation IP addresses at 192.168.10.100, 101, 102, etc....you'd set it to hand out 192.168.10.11 for the DNS server that clients will use.

Now if you want additional DCs on the network..you can install the DNS service locally on them, and you can set that server, as well as the DC, to look at each other in their TCP/IP properties DNS section...your first DC still look at itself for the primary DNS, but you can enter the IP of your second DC for the 2ndary DNS server. And visa versa on your 2nd DC...as you run DCPROMP on that. Afterwards you check the DNS replication to ensure they're talking to each other. You can get flexible in this area, depending on circumstances like slow WAN links and such.

[lance-tek]

Well, I got past the issue (I did make the DC the DHCP server). I was able to add the other two servers to the domain. So, now it is just a matter of setting everything up... and the learning begins (or continues considering the difficulties I have had thus far)...

-lance

[lance-tek]

and I had cloned the machines so... I had to run sysprep in order to actually be on teh domain (same SID on all 3 servers due to cloning)...

[Far-N-Wide]

anyone have a walk through website for setting this stuff up in in a home business? This is an interesting read so far.

[YeOldeStonecat]

anyone have a walk through website for setting this stuff up in in a home business? This is an interesting read so far.

Most of this is a little too much for "quick guides"....the quick guides can show you a few of the very basic necessities, but there's usually a whole heck of a lot more going on that happens that you want to be comfortable with or have some working knowledge of.

One site that has some good guides..
http://www.petri.co.il/
There is a link on the lower left for setting up a 2003 domain controller, perhaps there's some for Exchange setup.

[nightowl]

the main points are to make sure is:

-domain and DNS is working correctly on the LAN (usually fine if started the process from scratch)

-make sure IIS and service packs are installed before installing exchange

- make sure the appropriate TCP/IP ports are forwarded on the firewall/router

- make sure dns/MX recorded are configured are configured on the internet WAN side of the domain.

- test to see if you can send to gmail/yahoo/msn accounts properly. I had to setup a SMTP connector (google this!) in exchange and forward all SMTP traffic through my internet service provider due to ISP spam filtering.

----------------------------------------

For hardware setup there are three ways to set your domain/exchange:

1. setup you domain and exchange on the same box. You will need a powerful box depending on the amount of exchange/domain users/IP traffic
**note** if you chose this method you will have to disable all the exchange services before you reboot the box or it will take the server 15-20 minutes for the server to restart!

2. setup your domain on a physical box then make your exchange a virtual machine using VMware or virtual box (its free!). you will need at least 2 gigs of ram and a fast hard drive (7200RPM and on a separate hard drive from the host).

3. have a separate box for the domain and exchange server. (best way!)

I am personally using method 2 with the following specs:

P4 3.6ghz intel processor
ASUS motherboard (cant remember which one)
2 gigs of DDR 400 RAM
80 gig hard drive (for the OS)
SIS SATA RAID 5 controller card
500 gig 7200 SATA Seagate X 3 in raid 5 configuration. (for my exchange VM and pictures storage)
500 gig 7200 RPM SATA Seagate for my TV shows
500 gig 7200 RPM WD external (for backup)
AGP NVIDIA 4600 video card

[nightowl]

BTW shouldn't this thread be in the software section by now!....lazy admins!!

[YeOldeStonecat]

1. setup you domain and exchange on the same box. You will need a powerful box depending on the amount of exchange/domain users/IP traffic
**note** if you chose this method you will have to disable all the exchange services before you reboot the box or it will take the server 15-20 minutes for the server to restart!

Properly installing Exchange..so that the infostore database is on its own separate spindle aside from the Exchange program files and %system%, plus properly setting up antivirus exclusions...and this should not be the case. I've seen people say "Exchange takes 15-20 or more minutes to reboot"...yet none of my Exchange serverS do that...they're a quite standard 5 minute bounce. I remember back in the Exchange 5.5 days it would take a long time, but since E2K and up....it's fast.

[CableDude]

Neat.

[lance-tek]

Most of this is a little too much for "quick guides"....the quick guides can show you a few of the very basic necessities, but there's usually a whole heck of a lot more going on that happens that you want to be comfortable with or have some working knowledge of.

One site that has some good guides..
http://www.petri.co.il/
There is a link on the lower left for setting up a 2003 domain controller, perhaps there's some for Exchange setup.

A guy in my office just told me about this site tonight too he nearly swears by it... it's a good one to me so far...

-lance

[lance-tek]

I now have everything set up!!!

I have 3x win2k3 standard servers

1) DC - nothing else
2) NetServices - DHCP, WINS, DNS
3) Exchange - nothing else

Now I am still configuring the exchange accounts etc but so far, so good...


-lance

[24giovanni]

Neat.

Man of very few words.

[koldchillah]

I now have everything set up!!!

I have 3x win2k3 standard servers

1) DC - nothing else
2) NetServices - DHCP, WINS, DNS
3) Exchange - nothing else

Now I am still configuring the exchange accounts etc but so far, so good...


-lance

DNS should be running on the DC, not on a member server. It is too tightly integrated with Active Directory. All LAN clients joined to the domain should have the DC set as the primary DNS server. Your DHCP server should be setup to hand out the DC's IP for DNS as well.

DHCP and WINS are very simple network services that do not cause much overhead and do not introduce much complexity on the DC. Why not run them on the DC as well? Thats one less server to have running (consuming electricity, creating noise/heat). *shrugs Unless of course you are running these servers virtually, then I suppose it wouldn't matter much either way.

[CableDude]

Man of very few words.