Connecting Exchange Server to the Internet

Spyros Sakellariadis

April 1997

Spyros Sakellariadis, Ph.D., MCSE
Advanced Paradigms, Inc.
1725 Duke Street, Suite 200
Alexandria, VA 22314
Spyros@paradigms.com
http://www.paradigms.com

Introduction

Connecting Microsoft® Exchange Server to the Internet is a very quick and simple process. Exchange Server 4.0 supports the Simple Mail Transfer Protocol (SMTP) through the Internet Mail Connector, and Exchange Server 5.0 supports SMTP, POP3, HTTP, and Network News Transfer Protocol (NNTP) natively. This white paper covers the minimal steps you need to follow to configure this support. The format is equally minimal—no explanation or justification of any of the steps is included. For further information on any of these steps, you should consult the materials indicated in the last section.

Before You Begin

Make sure that the Exchange Server that you intend to connect to the Internet is running properly. Exchange clients with mailboxes on this server must be able to send mail to each other. Also make sure that the TCP/IP network protocol is installed on the server. If you are configuring Exchange Internet support on a server that is already connected to the Internet through your corporate local area network (LAN), you can skip to step 3 below. Otherwise, follow steps 1 and 2 to set up a very basic Internet connection:

1. Contact an Internet Service Provider (ISP). You can find their advertisements in the business section of your local newspaper or in the Yellow Pages under "Internet."  Tell them you want to set up a permanent connection to the Internet, that you will be running your own SMTP, HTTP, and NNTP servers, but that you want them to run Domain Name Service (DNS) for you. They will want to know what sort of hardware and software you are using on your LAN, whether you need a router and CSU/DSU, and what speed connection you need. Unless you know differently, tell them you want to buy the connection hardware from them, that you want a connection guaranteed at 56 Kbps, and a fixed Class "C" IP address. In addition, tell them that you want them to take care of all the logistics, including working with the local telephone company for the line, registering your domain name, and configuring your router. Pick a domain name for your email (such as company.com), and a name for your mail server (such as mail.company.com).

   If you believe you will have very heavy Internet traffic, you might want to get a higher speed connection, but that will cost significantly more. Most ISP's will recommend a higher speed link if you tell them you will be running a news server, but that is not really necessary if you will only be pulling down a few newsgroups. You can also run your own DNS, but that is outside the scope of this document.

   If you can’t cost-justify a full-time connection, you can tell the ISP that you will be dialing up on a periodic basis to download mail. In that case, you should set up Remote Access Service (RAS) on your Exchange server and create a phone book entry for their Point of Presence (POP). You should consider an ISDN connection, but a modem connection can also work for low-volume situations.

   For more details on these steps, see "Appendix A, Connecting with an Internet Service Provider," in reference (A) below.

2. Once the ISP has set up your account, the phone company has installed the line, and the ISP has delivered and installed any hardware you are buying from them, you may need to reconfigure the IP addresses on your LAN to match the Class "C" address obtained by the ISP. Do this before continuing.
   
   
3. You are now ready to begin configuring your Exchange Server. Do the following tests from a command prompt running on the Exchange Server. If you have a full-time connection to the ISP, you can proceed to this step immediately; if you have a dial-up connection, connect to the ISP over RAS before you try this step. At this point, test connectivity to the Internet by pinging a known host—for example, the Microsoft server at 131.107.1.240. The following shows a successful result:

   C:\users\default>ping 131.107.1.240
   Pinging 131.107.1.240 with 32 bytes of data:
   Reply from 131.107.1.240: bytes=32 time=341ms TTL=115
   Reply from 131.107.1.240: bytes=32 time=280ms TTL=115
   Reply from 131.107.1.240: bytes=32 time=281ms TTL=115
   Reply from 131.107.1.240: bytes=32 time=280ms TTL=115
   

4. If you got anything substantially different, such as "Destination Host Unreachable," or "Request Timed Out," you need to debug your TCP/IP configuration before going any further—check out the protocol installation and your router or RAS configuration. If you had the ISP configure your router, call their technical support line. If you successfully pinged the host by IP address, now try to ping a host by name, for example, dns1.microsoft.com. The following shows a successful result:

   C:\users\default>ping dns1.microsoft.com
   Pinging dns1.microsoft.com [131.107.1.240] with 32 bytes of data:
   Reply from 131.107.1.240: bytes=32 time=300ms TTL=115
   Reply from 131.107.1.240: bytes=32 time=281ms TTL=115
   Reply from 131.107.1.240: bytes=32 time=280ms TTL=115
   Reply from 131.107.1.240: bytes=32 time=881ms TTL=115
   

5. If you got a message such as "Bad IP address," you need to debug your TCP/IP configuration before going any further—check out the DNS settings to make sure that you have an entry for a valid DNS server. If you had your ISP run DNS for you, call their technical support line. If you successfully pinged the host by name, this means that TCP/IP on your server and the DNS are working, and you can continue. At this stage, TCP/IP is adequately set up to allow us to configure the Exchange Server to send outbound mail.
   
   
6. Find out the IP address and the TCP/IP host name of the Exchange Server. Suppose the server is mail.company.com at 206.247.73.110. Try to ping this by IP address. If you cannot, you did not find out the correct IP address for your server—check the TCP/IP properties in the Control Panel Network applet.
   
   
7. Ping your Exchange Server by name. This is critical—all the Internet protocols require that clients and other servers on the Internet can find your system by name. If this fails, contact whomever is running DNS and tell them to add an Address ("A") record for your server (mail.company.com) into the DNS. Again, this may be someone in your own company, if you are running your own DNS, or it may be someone at your ISP.
   
   
8. You need to advise other mail servers on the Internet to forward mail to your Exchange Server. Suppose you want to receive mail as user@company.com. Tell the DNS administrator to add a Mail Exchanger ("MX") record for your domain (company.com) to the DNS for this purpose if it is not already there.
   
   
9. Test the MX record using NSLOOKUP, a utility provided with Windows NT® 4.0. (If you are running NT 3.51, you will need to find a third-party vendor of this product.)  From a command prompt, load NSLOOKUP, type set type=MX and hit Enter. Now enter your company's e-mail domain name, such as company.com. A successful result would be one that returned the host name of your Exchange Server, mail.company.com, as in the following example:

   C:> NSLOOKUP
   Default server:  sec1.dns.psi.net
   Address: 39.8.92.2
   >set type=mx
   >company.com
   Server: sec1.dns.psi.net
   Address: 38.9.92.2
   Non-authoritative answer:
   Company.com      MX preference = 10, mail exchanger=mail.company.com
   

10. The default server should show the name and IP address of the DNS server that is set up in your TCP/IP configuration, mentioned in steps 5 and 6 above. Depending upon whether the DNS server you point to is the main DNS server for your company, you will get either an authoritative or a non-authoritative answer—this is irrelevant. If you get any line that shows that the MX preference for your company (company.com) is your Exchange Server (mail.company.com), you are fine. If you do not get some such line, you will not be able to receive inbound mail and need to have the DNS administrator correct this before continuing. If this is working, TCP/IP is adequately set up to allow us to configure the Exchange Server to receive inbound mail.

Installing, Configuring, and Testing the Internet Mail Service (SMTP)

In Exchange Server 5.0, the SMTP protocol support is installed by default when you install the server, and you configure the protocol the first time by running the Internet Mail Service installation wizard from the "New Other…" option in the File menu. If you are running Exchange Server 4.0, you need to run the Exchange Server installation program and select "Internet Mail Connector" as one of the options. In either case, the Internet Mail Connector (in Exchange Server 4.0) or the Internet Mail Service (in Exchange Server 5.0) installs as an object in the Connections container for the site. The step-by-step instructions follow—if you are using Exchange Server 4.0, jump to step 2; if you are using Exchange Server 5.0, follow step 1:

1. If you are using Exchange Server 5.0 and run the Internet Mail Service wizard to configure the service, answer all the questions with the default (proposed) answer to achieve a minimal working configuration of the Internet Mail Service. The first two screens of the wizard are informational, and you should click Next to reach the first of the questions. Note that there is a whole page of information on making sure that you understand the DNS issues mentioned above. The questions you will be asked (and answers) are as follows:

   Question	Answer
   Select the Microsoft Exchange server…	<name of your server>
   Use DNS to send mail	Use DNS (typical)
   Send mail to…	All Internet mail addresses (typical)
   Select the site address…	@site.company.com
   Specify the administrator mailbox	Create/use mailbox called Administrator
   Type the password to the service account	<password>

   
   

   When you have finished, the wizard will have configured SMTP support and started the Microsoft Exchange Server Internet Mail service (which you can verify in the Control Panel Services applet).

2. If you have a dial-up connection to the Internet, check the box that says "Allow Internet mail through a dial up connection" on the page where you are asked to select the Microsoft Exchange server. This will create a second page where you select the RAS phone book entry for the ISP and change the default for the Use DNS answer. If you choose the default to send all mail to the ISP's SMTP host for further delivery, rather than use DNS, the use of the connection time will probably be more efficient.
   
   
3. If you are using Exchange Server 4.0, make sure that you have installed at least Service Pack 2 or later. Run the setup program and choose the option to install the Internet Mail Connector. Once the install program has finished, load the Exchange Server Administrator program and double-click on the Internet Mail Connector in the Connections container for your site. You will need to do only two things here. First, specify an administrator for the connector on the General page—choose the Administrator or any user from the GAL. Second, go to the Address Space page, click on the New Internet button, then click OK to close the next dialog box without entering any data. You should see an entry in the Addresses window that shows SMTP with a cost of "1". Click OK to close this window, click OK on the information screen about DNS, and close the Administrator program. Now open the Control Panel services applet, set the Internet Mail service to start automatically, and start the service.
   
   
4. If you have a dial-up connection to the ISP, go to the Dial-up Connection tab in the Internet Mail Connector properties, and configure Exchange Server to dial the ISP and transfer mail. Pick the ISP’s RAS phone book entry under the Available Connections. Under the Dial options, you can schedule the IMC to call the ISP every few hours or at a predetermined time of the day. Initially, pick an interval such as every hour—you can go back and change this later. When the IMC uses RAS to dial up the ISP, it will establish a connection with the ISP’s SMTP host and wait for mail to be downloaded. Usually this will happen after the SMTP host senses the presence of the Exchange server, but it may take up to 15 minutes or so. If you want to have the ISP start downloading mail immediately to you, you should enter a command in the Retrieving Mail options box. The exact format of this command depends upon the ISP, and you should contact them for the correct syntax. Typically you can use either a finger command or a rsh command. The syntax of the finger command is:

   Finger your_domain@isp_smtp_host,
   

   Where your_domain is your domain name (for example, company.com), isp_smtp_host is the name of the SMTP host at the ISP (for example, mx4.smtp.psi.net). The syntax of the rsh command is typically similar to:

   Rsh -Iisp_domain –l logon “/user/lib/sendmail –q –Ryour_domain”,
   

   Where isp_domain is the name of the ISP’s domain (for example, psi.net), logon is a logon alias that has permission to create a shell at the ISP, and the balance is the command that the remote shell is spawning. An excellent location for documentation of these and other available commands is http://www.swinc.com/resource/exch_dq.htm. You should check with your ISP for the exact syntax of the command you would use in your installation.

   If you followed steps 1–8 above, TCP/IP is set up and tested. Now we need to test the Exchange Server configuration. The simplest way to test this is to send a piece of mail from a user to someone on the Internet, and ask for a reply. This, however, is particularly uninformative if it does not work. The best thing to do is to test the service using Telnet first. To do this, load a command prompt and type "Telnet". From the File menu of the Telnet window select New, and enter the host name of your Exchange server (for example, mail.company.com), and enter 25 as the TCP/IP port. Click Connect, and you should get a connection to the Exchange Server. If the process in steps 9 or 10 above worked, you should see a line at the top of the screen similar to the following:

   220 mail.company.com Microsoft Exchange Internet Mail Service 5.0.1457.7 ready
   

   A response starting with the number 220 means that the server is running an SMTP service, in this case the Exchange Server Internet Mail service, and is waiting to receive mail. If you are familiar with SMTP messaging, you can extend the test by typing in the commands to send a message manually to the administrator; however, this is not really necessary, as we know now that the service is in fact running. Type Quit to close the session, and exit Telnet. If you do not get a response similar to the line above, you need to make sure that you followed the instructions in step 9 or 10 correctly, and that the Microsoft Exchange Server Internet Mail Service is started in the Control Panel.

Configuring and Testing the POP3 Support

Exchange Server 5.0 includes support for the POP3 protocol, allowing you to use a standard POP3 client to retrieve mail from the server. To configure this at the Server, follow the following steps:

1. Bring up the Exchange Server Administrator program, go to the Protocols container for your site, and double-click on the POP3 protocol object. Check the checkbox that reads "Enable protocol." Go to the Authentication tab and make sure that all four checkboxes are selected. Close the POP3 properties window. This enables individuals with mailboxes on the server to access them using the POP3 protocol and read their mail. You can use any POP3 client such as the Exchange client with the Internet Mail Service added, Eudora, or Pegasus.
   
   
2. To enable your users with POP3 access to send mail to Internet users you may need to add an entry in the Internet Mail service. Open up the Internet Mail Service window and select the Routing tab. You should see "Reroute Incoming SMTP Mail" selected and you should have an entry in the routing window showing your own e-mail domain as <inbound>. If you do, you do not need to do anything. If you do not have this entry, click Add, type in your domain name, and select "Should be accepted as Inbound."  Click OK to close the various windows. Click OK to close the information screen about DNS.
   
   
3. To test the POP3 support, you can use your POP3 client, of course. To test it manually, again open up a Telnet window, enter the name of your Exchange Server, but specify 110 for the TCP/IP port. You should see a line similar to the following:

   +OK Microsoft Exchange POP3 server version 5.0.1457.10 ready
   

   If you see this, it means that the Exchange Server is listening on port 110, and is ready to receive POP3 commands to download mail. Note that POP3 clients use SMTP to send mail, which is why the routing tab for POP3 mail is part of the Internet Mail Service object. Type Quit to close the Telnet session.

Configuring and Testing the Browser Support (HTTP)

Exchange Server 5.0 includes support for the HTTP protocol and allows users of browsers to read and send mail. This is particularly useful when you need to access your mail from a location where you cannot install or configure e-mail clients. To configure HTTP support at the server, follow the following steps:

1. To access Exchange Server through a Web browser, you need to install Internet Information Server (IIS) 3.0 and the Active Server Pages. You can get these from the Windows NT Service Pack 3 CD-ROM or download them from the Microsoft ftp site at ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/. They must be installed before you install the Microsoft Exchange Server Web Services.
   
   
2. On the computer where you have installed IIS, run the User Manager. Under Policies...User Rights, grant the group Everyone the rights to Log On Locally.
   
   
3. Bring up the Exchange Server Administrator program, go to the Protocols container for your site, and double-click on the HTTP protocol object. Check the "Enable protocol" checkbox. This enables individuals with mailboxes on the server to access them with a standard browser using the HTTP protocol and read and send e-mail. You can use either Microsoft Internet Explorer 3.0 or Netscape Navigator 3.0 or higher.
   
   
4. To test the HTTP support, load your browser and enter the name of your Exchange Server followed by "/exchange" in the address field. You should see a screen with an Exchange Server logo in the left, and a logon box on the right. If you do not, the HTTP protocol was not set up correctly. If you do see the logon field, enter your e-mail name (for example, Administrator) and click on the words "click here." You will now see a dialog box that asks you to verify your identity. Enter your domain and account in the Username field (for example, MyDomain\Administrator) and your password in the Password field. This will bring up a form from which you can read your mail and send mail to anyone.

Installing, Configuring, and Testing the News Service Support (NNTP)

In Exchange Server 5.0, the NNTP support is installed by default when you install the server. It enables users to view your public folders using the NNTP from any NNTP client and you can arrange push or pull news feeds from USENET news servers. You need to configure the protocol to enable either of these.

1. To allow access to selected Exchange Public Folders via NNTP, open up the Exchange Server Administrator program and open up the NNTP object in the Protocols container for your site. Select both "Enable protocol" and "Enable client access" and click OK. If you want to allow anonymous access to the public folders, go to the Anonymous tab and select "Allow Anonymous Access."
   
   
2. To pull a newsfeed from a USENET server on the Internet, use the newsfeed wizard from the "New Other…" option in the File menu. It is a good idea to create a basic pull feed from a known source, such as the Microsoft public news server first, to make sure you know how to answer all the questions. When you have successfully done this once, you can create other news feeds with any news server you wish. To configure such a feed from the Microsoft server, invoke the wizard. The first screen of the wizard is informational—click Next to reach the first of the questions. The questions you will be asked (and answers) are as follows:

   Question	Answer
   Server to install on	<name of your server>
   Type of newsfeed to create	Inbound and outbound (typical)
   Inbound newsfeed type	Pull incoming messages
   Select appropriate connection type	Connect using my LAN
   Connect every	15 minutes
   Provider's USENET site name	Msnews.microsoft.com
   Host name or IP address	Msnews.microsoft.com
   Additional inbound host computers	<leave blank>
   Log on to remote servers as	<leave blank>
   Internet news administrator	Administrator
   To configure Inbound news feed	Download the active file from my provider now

   
   
3. When you have finished, the wizard will have configured NNTP support and started the Microsoft Exchange Server Internet News Service (which you can verify in the Control Panel Services applet). If your setup hangs after you have clicked "Download the active file from my provider now", you probably have a router problem. If you do have a problem, go back and select "I will configure my newsfeed later" at this point. You will have set up the protocol support and can go to the msnews.microsoft.com newsfeed object in your site's Connections container later to download the active file.
   
   
4. To test the NNTP client access, you can use any NNTP client. To test it manually, again open up a Telnet window, enter the name of your Exchange Server, but use 119 for the TCP/IP port. You should see a line similar to the following:

   200 Microsoft Exchange Internet News Service Version 5.0.1457.10 (posting allowed)
   

   If you see this, it means that the Exchange Server is listening on port 119 and is ready to receive NNTP commands to download mail. If you have any newsgroups, you can enter the command "List Active" to see their names. Type Quit to close the Telnet session.

   To test the newsfeed support, load the msnews.microsoft.com newsfeed object in your site's Connections container and click on the Inbound tab. It should say "Setting up the Active File" for a few seconds, then show you a list of the newsgroups available on the Microsoft news server. You can select a few of these to download and click OK. In about a half hour you should see the various newsgroups and messages in your Exchange Server Public Folders.

Where To Go Next

If the instructions above are inadequate for your needs, the first place to go is the Microsoft documentation for Exchange Server. Second, check out the TechNet CD (subscribe at http://www.microsoft.com/technet/). Finally, the following articles and book by the author should prove helpful:

Configuring the Exchange Server Internet Mail Connector (Duke Press, 1997. On the Web at http://www.dukepress.com/dukepress/NT.cfm?main_id=2.)

"Configuring and Administering DNS," Windows NT Magazine, August 1996.

"Integrating and Administering DNS," Windows NT Magazine, September 1996.

"POP3 Support in Exchange Server," Windows NT Magazine, March 1997.

"The Exchange Server Internet News Service," Windows NT Magazine, June 1997.

About the Author

Spyros Sakellariadis is Vice President, Information Technologies, of Advanced Paradigms, Inc., a Wang subsidiary. He is involved in large-scale Exchange Server and WWW implementations, and oversees the R&D and MIS functions at API. He has recently published a book on Exchange Server and is a frequent contributor to Windows NT Magazine.