Setup mail relay in Exchange 2003/2007/2010

Setup mail relay in Exchange 2003/2007/2010

At some point in your IT lives you will find yourself in the position to configure mail relay, for a device or a server in your local network. Here’s how it’s done :

Exchange 2003 :

Exchange Console -> Administrative Groups -> first administrative group -> Servers -> Servername -> Protocols -> SMTP -> Right click Properties on the Default SMTP Virtual Server -> Access tab – Relay. Click Add and insert the IP address of the device you that want to relay through your Exchange.

relay 2003

Exchange 2007/2010:

Not easy to guess if you don’t know – It is done through the use of a Receive Connector.

Go to Exchange Management Console – > Hub Transport -> Receive Connectors. Right Click and choose New Receive Connector.

Choose an appropriate name for it. For intended use choose Custom.

For Local Network Settings, leave it as it is. on Specify the FQDN type in your Fully Qualified Domain Name of your server. Example . Exchangeserver.contoso.local

On the Remote Network Settings, delete the entry 0.0.0.0-255.255.255.255 and add on your own. Input the IP address of the device that you want to relay through the Exchange server.

Click New. This will create the Connector but our job is not yet done. Right click the Connector and go to Properties. On the Authentication tab choose Externally Secured. On the permissions tab leave blank.

Open Exchange Shell. Type the following command:

The only change in the command you need to make is to put the real Connector’s name in the brackets.

Get-ReceiveConnector -Identity “Connector’s Name” | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “ms-Exch-SMTP-Accept-Any-Recipient”

Depending on specifics around the relay you may need to specify Exchange Users as Permissions group.

Exchange 2003 Anti-Spam Tools

The main tools to fight spam is by having the proper configuration on the Exchange server, clean computers/server ( from malware ) and additional software that could be 3rd party.

 

Exchange 2003

 

The tools to fight spam are located in System  Manager -> Message Delivery -> Properties.

 

Sender Filtering – Filter messages with blank sender is ticked – mandatory. If you want a specific email to be blocked you can tick “Drop connection if address matches filter” and Add the desired email address.

sender filtering

Connection Filtering – Here you can add a Block List Service. Common one and free to use is Zen Spamhaus. Here is the configuration rule for using Zen – http://www.spamhaus.org/zen : The status codes hidden from the pictures are 127.0.0.7 and .8

Connection-Filtering

 

Recipient Filtering – You can block Exchange email addresses from receiving any emails. Also “Filter recipients who are not in the Directory” is important to be ticked, as this is filter mail sent to fictional users from your organization.

 

Intelligent Message Filtering – This is a filtering based on SCL ( Spam Confidence Level ). When turned on, every email coming to the Exchange Server will receive a SCL number based on examination of the Subject, Body , attachments and etc. Here you can specify how the IMF will react based on the SCL number. The lower the number the higher the restrictions. If you receive spam you could lower the number, if you have messages blocked that are good, you can increase it. You can also specify what the IMF should do if the threshold is met, like Reject, Accept, Archive or Take no Action. Below is the Store Junk E-mail Configuration where you specify the threshold for emails going to the Junk folder for users.

IMF

 

Sender ID Filtering – Sender ID is an e-mail industry initiative invented by Microsoft and a few other industry leaders. The purpose of Sender ID is to help counter Email spoofing, which is the number one deceptive practice used by spammers. Sender ID works by verifying every e-mail message indeed originates from the Internet domain from which it was sent. This is accomplished by checking the address of the server sending the mail against a registered list of servers that the domain owner has authorized to send e-mail. If Sender ID is used with its default option “Accept”, the email will be stamped and sent to the Intelligent Message Filtering and having a stamp from the Sender ID will reflect on the SCL generated by the IMF. If you want to go for it use this feature, fully read this article

Sender-ID

There is a hotfix if you have your exchange stop responding after enabling Sender ID –

http://support.microsoft.com/?kbid=905214

IMPORTANT ! None of the above features will work unless turned on from the SMTP Virtual Server. Here is how:

smtp-virtual-server

smtp-virtual-server-properties

Restoring Single Mailbox in Exchange 2003

Recovering a single mailbox using windows backup is possible. In Exchange 2003 you can recover the whole mailbox, where in 2007 and 2010 you can recover even individual folders within the mailbox.

In Exchange 2003 the correct way to restore a single mailbox is by:

1) Creating a Recovery Storage Group

2) Restoring from backup and to the Recovery Storage Group

3) Use ExMerge to export data from the recovery store to the production store. Below is the video guide of how to restore a mailbox, even with ExMerge problems. In this particular case ExMerge did not want to export/import from the stores due to permission bug. Error opening message store (MSEMS). Verify that the Microsoft Exchange Information Store service is running and that you have the correct permissions to log on. (0x8004011d). I resolve this by creating a new user just for the operation. Microsoft have published an article regarding this too which might be helpful sometimes: 1 and 2.

Here is a video of the process. Restoring a single mailbox in Exchange 2003 with NT Backup and ExMerge, no third-party software, and even encountered problems with ExMerge during the extraction process.