HOW TO: Configure the SMTP Connector to Link to Internet Domains in Exchange 2000

SUMMARY

For many organizations, internal and external e-mail connectivity is an essential business and communication tool. Exchange 2000 provides the facilities to connect your internal mail networks to external organizations on the Internet. This step-by-step article describes how to plan and create a Simple Mail Transfer Protocol (SMTP) connector to enable your Exchange 2000 computer to deliver messages to and receive messages from external Internet domains.

back to the top

Requirements

The following list outlines the recommended hardware, software, network infrastructure, and service packs that you need:

• Microsoft Windows 2000 Server with Service Pack 3 (SP3)
• Active Directory
• Exchange Server 2000 Service Pack 1 (SP1)
• A means of connecting to the Internet by using an Internet Service Provider (ISP)

This article assumes that you are familiar with the following topics:

• The Exchange 2000 Administrator console
• DNS issues
• The dial-up connection configuration

back to the top

How to Plan the Connection

To plan a connection to the Internet, consider the following factors:

• You must understand the implications of having either a permanent (or fast dial-on-demand) link or a dial-up link. You can use the Internet Mail Service in Microsoft Exchange Server 5.5 to configure a dial-up connection that is dialed on a regular basis. Exchange 2000 does not include this functionality. If you have a single computer that is running Exchange 2000, ensure that the dial-up link to your ISP is connected when the SMTP connector attempts to collect and deliver mail. If you have a WinSock Proxy client computer or a Secure Network Address Translation (Secure NAT) client, such as the client that is included with Microsoft Internet Security and Acceleration (ISA) Server, use the WinSock Proxy client or the Secure NAT client to make the dial-up connection connect automatically whenever the SMTP connector needs to collect mail.
• You must consider whether you are going to deliver messages either directly to the target domains or by using a smart host. Your decision depends on whether you have a dial-up connection or a permanent connection. If you use a dial-up connection, you can configure a smart host and send all of your messages to that server. If you do so, the smart host is responsible for delivery. If you try direct delivery on a dial-up connection and the target domain is unavailable, the mail is not delivered. However, if you deliver messages to a smart host, this server can retry the delivery while your dial-up link is not connected, which increases the chance that the message will be delivered and reduces dial-up costs.
• You must plan how you are going to handle large messages. If you use the SMTP connector, you can set up a separate delivery schedule for large messages, for example, messages that are larger than 2 megabytes (MB). If you have a dial-up connection or low bandwidth permanent connection such as a 64 kilobytes per second (KBS) Kilostream link, you may want to hold back larger messages and send them only every two hours, which allows smaller messages to be delivered immediately.
• You must consider how to prevent unsolicited commercial e-mail from being relayed.

back to the top

Firewall and Security Issues

To send and receive mail to and from external domains, you must allow a connection from your Exchange 2000 computer to the external domains over the SMTP port on "TCP:25." You must allow connections from all Internet addresses to the internal Internet Protocol (IP) address of your Exchange 2000 computer in both directions.

If you are using ISA Server as your firewall, you can use the preconfigured protocol definitions (which you can use with protocol rules) and create packet filters to allow inbound and outbound SMTP connections. You can terminate these connections in the perimeter network or the boundary subnet.

To reduce the security risk of intrusion, configure one or more SMTP front-end servers, and then place these servers in your perimeter network. SMTP front-end servers are computers that are running Exchange 2000 that do not hold ordinary user mailboxes. These front-end servers relay messages to and from the main Exchange 2000 computer, which provides an extra level of defense against intrusion.

NOTE: You can configure the SMTP service on Windows 2000 to act as an SMTP front-end server. However, this configuration is complex. It is easier to implement an Exchange 2000 SMTP front-end server.

back to the top

How to Configure the SMTP Virtual Server

Exchange 2000 uses virtual servers for SMTP and other common Internet messaging protocols. To configure an SMTP connector, either create a new SMTP virtual server or use the default virtual server. In most environments, you will use the default SMTP virtual server.

1. Click Start, point to Programs, point to Microsoft Exchange, and then click System Manager.
2. Double-click on the Servers icon in the left pane.
3. Click the server that you want to configure, and then expand Protocols.
4. If you plan to use a new SMTP virtual server:
   1. Right-click the SMTP protocol object, point to New, and then click SMTP Virtual Server.
   2. After the wizard starts, type a name for the SMTP virtual server, and then click Next.
      
      Microsoft recommends that you use a name that describes the function of this virtual server, such as "Client Access Virtual Server."
   3. Click the IP address to which this SMTP virtual server will bind, and then click Finish.
5. Right-click either the default SMTP virtual server or the virtual server that you just created, and then click Properties.
6. Click the Access tab, and then click Relay.
7. Confirm that Only the list below is selected and that the list is empty.
   
   Optionally, you can clear the Allow all computers which successfully authenticate to relay, regardless of the list above check box, and then click OK.
   
   NOTE: If you have mail clients that are using a different protocol (for example, Post Office Protocol v.3 [POP3]) that use SMTP to deliver mail, Microsoft recommends that you create a separate SMTP virtual server for that purpose.
8. Click the Messages tab, and then reduce the number of recipients for the message from the default setting of 64,000 if appropriate.
9. Click the Delivery tab, and then click Advanced.
10. Click Configure to configure external DNS servers for this virtual server.
    
    You must configure external DNS servers for this virtual server if you are running separate internal DNS servers for your Local Area Network (LAN). If you add one or more external Internet DNS servers, you enable your SMTP virtual servers to resolve and deliver to external domains. To add an external DNS server, click Add, type the IP address of the external DNS servers, and then click OK. Add a second DNS server for redundancy, and then click OK three times.

back to the top

How to Add and Configure the SMTP Connector

After you configure the SMTP virtual server, add and configure the SMTP connector:

1. Click Start, point to Programs, point to Microsoft Exchange, and then click System Manager.
2. Expand the organizational tree in the left pane until you find the Connectors container.
   
   NOTE: The Connectors container may be in a different location, depending if the routing and administration groups are displayed at the organizational level.
3. Right-click the Connectors container, point to New, and then click SMTP Connector.
4. Type a name for the connector in the Name box.
   
   Microsoft recommends that you use a descriptive name, such as "Internet SMTP connector" to distinguish this connector from other SMTP connectors that you may be using, for example, to connect to other Exchange Server routing groups.
5. If you are using a dial-up connection or you want to use the ISP's smart host to deliver your messages, click Forward all mail through this connector to the following smart hosts, and then type the fully qualified domain name (FQDN) of the smart host, for example, mail.your_domain.com.
   
   NOTE: This setting overrides the smart host setting for a smart host on the SMTP virtual server.
6. Under Local Bridgeheads, click Add, click the virtual server that you configured in the "How to Configure the SMTP Virtual Server" section, and then click OK.
   
   You can add multiple SMTP virtual servers for load balancing and redundancy purposes.
7. Click the Content Restrictions tab and confirm the message types that you can use by using this SMTP connector.
   
   If you clear the System Messages option under Allowed Types, delivery and non-delivery reports (NDRs) are not sent through this connector. To configure a message size limit, click Only messages less than (KB) under Allowed sizes, and then type a size in kilobytes (KB).
8. Click the Delivery Options tab to configure times for normal and oversize mail delivery.
   
   These settings depend on whether you want to have different time settings for messages over a particular size. Click either Specify when messages are sent through this connector or Queue mail for remote triggered delivery. It is unlikely that you will click Queue mail for remote triggered delivery unless another server is dialing in to pick up its messages.
9. Either click the time that you want you want the messages delivered in the Connection time box or click Customize.
10. If you click Customize, either click a day in the left column, and then click a time on the top row or click and hold the mouse button as you sweep across the time slots to configure the update interval.
    
    NOTE: To configure the schedule to be displayed in hour slots or in 15-minute slots, click the appropriate option under Detail View.
11. To send large messages at different times:
    1. Click Use different delivery times for oversize messages, and then type a value for oversize messages.
       
       Do not type a value that is larger than the value that you typed in the Allowed Sizes box on the Content Restrictions tab.
    2. Click a time in the Connection box or click Customize to enter the times manually (refer to step 10).
12. If you receive mail directly from other domains, you do not have to configure any settings on the Advanced tab.
    
    However, if you are collecting your mail from a store and a forward facility that is operated by your ISP (this facility is common with dial-up connections), Microsoft recommends that you contact your ISP to find out how to de-queue the stored mail to your mail server. Some servers de-queue automatically as soon as they detect an incoming connection from your domain and some servers accept extended TURN or TURN commands. Other servers use customized FINGER or DEQUEUE commands. If you are using a server that uses FINGER or DEQUEUE commands, you must run a script to connect to tell your ISP's mail server to start downloading messages.
13. Click the Address Space tab, click Add, click SMTP, and then click OK.
14. In the Internet Address Space Properties dialog box, confirm that you entered a wildcard character (*) so that messages to all domains are routed through this connector.
    
    If you have only one SMTP connector, you can leave the cost value at 1. However, cost values represent the actual cost of using the SMTP connector. If you have an SMTP connector that is running across a dial-up link and one that is running on a permanent link, give the permanent link connector a cost value of 1 and the dial-up link a cost value of 50.
15. Click OK to accept the e-mail domain and cost value settings.
16. If your SMTP connector sends and receives mail from external domains, ignore the Connected Routing Groups tab.
17. Click the Delivery Restrictions tab, and then add any addresses from which you either want to or do not want to receive mail.
    
    Note that you can use this tab only to add entries that are already defined within Active Directory. Therefore, if you want to stop messages from arriving from an external recipient, you must define that person and their e-mail address as a contact in Active Directory. However, it is unlikely that you will want to set a restriction of this nature unless you are running this SMTP connector across an expensive link.
18. After you finish configuring the SMTP connector, click OK to accept the changes.

back to the top

How to Add DNS Records

After you configure the SMTP virtual server and the SMTP connector, you can send outgoing mail. However, incoming and return messages are not able to be delivered to you until you (or your ISP) configure DNS.

• If your ISP is managing your DNS and you have a dial-up connection, the ISP must create a Mail Exchanger (MX) record that points to their smart host. This record uses the following format:

     MX	<your_domain>.com	smart host1.<isp_domain>.com	 10
     MX	<your_domain>.com 	smart host2.<isp_domain>.com	 10
  						

  The preference value is 10, which can be used for preferential delivery or load balancing (as in this scenario). The ISP also have A (Address) records for smart host1 and smart host2.

• If your ISP is managing your DNS records and you have a permanent link, the ISP adds the following record:

    MX	<your_domain>.com 	exchange.<your_domain>.com	10
    MX	<your_domain>.com 	smart host1.<isp_domain>.com	20
    MX	<your_domain>.com 	smart host2.<isp_domain>.com	20
    A	exchange.<your_domain>.com	131.107.2.200
  						

  If your link is down, your messages are delivered to the ISP's smart hosts and you can pick up your messages from the smart host. Also note that the A record must be explicitly entered.

• If you are managing your own DNS records, add the following record:

    MX	<your_domain>.com 	exchange.<your_domain>.com	10
    A	exchange.<your_domain>.com	131.107.2.200
  						

  However, you may enter an MX record for a smart host as well.

• If you have one or more SMTP front-end protocol servers, your DNS records look similar to the following record:

    MX	<your_domain>.com 	smtp1.<your_domain>.com	10
    MX	<your_domain>.com 	smtp2.<your_domain>.com	10
    A	smtp1.<your_domain>.com	131.107.2.201
    A	smtp2.<your_domain>.com	131.107.2.202
  						

  NOTE: If you are running your own DNS, your zone is mirrored on a secondary DNS server, possibly at another company location or with your ISP.
  
  NOTE: It typically takes 24 hours for Internet DNS records to roll over.

back to the top

How to Confirm That You Configured the SMTP Connector Correctly

To confirm that the SMTP connector works, try to send and receive mail from external Internet domains. If you find that messages are not being delivered and are building up in the queues, enable logging to help you troubleshoot the issue.

back to the top

How to Enable Protocol Logging

1. Click Start, point to Programs, point to Microsoft Exchange, and then click System Manager.
2. Double-click the Servers icon in the left pane.
3. Click the server that you want to configure, and then click Protocols.
4. Right-click default SMTP virtual server, and then click Properties.
5. Select the Enable Logging check box, click W3C Extended Log File Format, and then click Properties.
6. Type a value in the New Log Time Period box (Microsoft recommends that you use daily, the default setting), and then either change or accept the path in the Log file directory box.
7. Click the Extended Properties tab, configure the appropriate settings, click OK, and then click OK.

back to the top

How to Enable Diagnostic Logging

You can use the Diagnostic Logging functionality to determine the root of a transport issue.

1. Start Exchange System Manager, and then navigate to the server object.
2. Right-click the server, and then click Properties.
3. Click the Diagnostics Logging tab.
4. Under Categories, click MSExchangeTransport.
5. Under Logging Level, click SMTP Protocol, and then click Maximum.
   
   Diagnostics logging events are written to the Applications log in Microsoft Event Viewer.NOTE: The diagnostic logging level setting of Maximum is only suitable to use when you are troubleshooting SMTP connectivity issues. Disable or reduce the logging level to Minimum for typical operations.

back to the top

How to Check DNS Records

Use the Nslookup utility to confirm that you configured the DNS records correctly:

1. Type nslookup at a command prompt, and then press ENTER.
2. Type ls -t mx your_domain.com, and then press ENTER.
   
   You should receive the following output:

      > ls -t MX <your_domain>.com
      [testserver1.<your_domain>.com]
      <your_domain>.com.    MX     10   testserver1.<your_domain>.com
   					

You can also check for A records to ensure that there is an address record for the Exchange 2000 computer.

NOTE: You must have a correctly configured reverse lookup zone for the subnet for the Nslookup utility to work.

back to the top

How to Use Telnet

If you are linked to the Internet by using a connection that is outside your firewall, confirm that you can start a Telnet session and connect to port 25:

1. Click Start, click Run, type telnet, and then press ENTER.
2. At the Telnet command prompt, type open exchange.your_domain.com 25.
3. You receive a message that states "Connecting to exchange.your_domain.com," and then the following output is displayed:

      220 exchange.<your_domain>.com Microsoft ESMTP MAIL Service, Version:
      5.0.2195.2966 ready at Thu, 4 Oct 2001 21:15:16 +0100
   						

   This output demonstrates that you can connect to your SMTP virtual server from the Internet.

back to the top

Troubleshooting

Contact your ISP to ensure that they configured the MX and A records for your Exchange 2000 computer correctly. You may have difficulty persuading the ISP to support ETRN for mail collection. Make sure that your current ISP supports connections from Exchange 2000.

back to the top