From downloading and forwarding POP mail to migrating hosted POP3 mail accounts, you're sure to learn something new from this assortment of expert advice.
What is the best way to prevent spam, forged e-mails and scam e-mails from entering our Outlook 2000 inbox? Our company outsources its e-mail and we access/send e-mails using POP3 and SMTP. Any suggestions on antispam client software would help.
On a cold winter night with the wind blowing strong and the sleet raining down the best way to stay warm is to bundle up into multiple layers of clothing for warmth and protection. I like to think of e-mail security in the same way. To weather the elements in the world of unsolicited e-mail consider the following:
Thermal underwear: The laptop/desktop is where protection should begin. You have asked for a suggestion for antispam software. I would recommend that you consider a product that can perform both antivirus and antispam (see links at end). But whatever spam software you do decide to go with, make sure that you also implement antivirus as well.
Sweatshirt and pants: Mail server solutions should be implemented at a minimum. Chances are that your mail services provider has integrated an antivirus solution. A number of providers also offer antispam protection for an additional cost. You might want to see if your provider does.
Jacket, hat and boots: Gateway services and appliances. One of the most effective ways to reduce the chance that you will get a virus or spam is to prevent it from entering you mail system in the first place. The gateway is also a great place to filter for forged (spoofed) e-mail. Again, in your case, this would be something that you would want your provider to have implemented as a value add for you.
I would recommend that all three layers I have discussed be fully implemented to best prevent spam, forged e-mails and scams from entering your inboxes. It sounds like two of the three might be out of your hands. Since I'm not particularly partial to any desktop solutions, I have decided to simply include the list of security providers that Microsoft has partnered with for Outlook, as you are most likely to get the best level of integration from a partner's solution.
If you want to look at an antispam specific solution, Slipstick.com has a great list.
I just set up my first Exchange server. I am trying to automatically forward an Exchange e-mail account to a POP3 account. I am using Exchange 2003. I've only been able to find information for how to do this on an Exchange 5.5 server.
Here are the steps you need to take:
- In Exchange System Manager, double-click Global Settings -> Internet Message Formats.
- Right-click Properties -> Advanced and uncheck the "Allow automatic forward" checkbox.
- In Outlook, configure a new rule to forward all e-mail to the POP3 SMTP address. OR, in Active Directory Users and Computers, add an 'Alternate Recipient' to the mailbox in question.
Can I get Exchange 2003 Standard Edition to forward all unknown recipient e-mails to a POP3 server? If so, could you please explain how?
You'll want to have a good read through the following Microsoft Knowledge Base article to do this: How to configure Exchange to forward messages to a foreign messaging system that shares the same SMTP domain name space.
We have an Exchange 2003 server with SP1. I read your expert response Relay prevention on the Exchange server.
I would like to know:
- How can we stop relaying on an Exchange 2003 server? Only Active Directory users should be able
to send and receive mail -- i.e., POP3 clients. I need step-by-step settings, if possible.
- How can we enable outgoing SMTP authentication on the Exchange 2003 server? Whenever a domain user is sending an e-mail, he should be prompted for a password.
In answer to your first question, there is nothing that you need to do on an Exchange Server 2003 to stop spammers from relaying. Exchange Server 2003 is a closed relay. The response you referenced was pointing out that in order to support POP and IMAP clients, relaying must be allowed. Then anyone that can authenticate against the domain/forest can send mail using SMTP. Relaying has taken on a very negative connotation because of SPAM but people forget that relaying is what SMTP was built to do.
Now, regarding your second question, you bring up a very good point. All users must authenticate when sending e-mail. And retrieving e-mail for that matter. Again, there is good news for you here. Integrated Windows Authentication (NTLM V2 or KERB) is utilized by default in Exchange. So your POP/IMAP users may not be prompted for a username and password, as Exchange can derive the user's credentials from the user's security context. So, just because they are not prompted doesn't mean they are not being authenticated.
If the user's mail client doesn't support NTLM or KERB, then it is most likely going to try to use Basic authentication (clear text). This is also supported by default on the SMTP virtual server for Exchange Server 2003. In this case, the user will be prompted unless the client is manually configured to store the username and password for future use. In which case, again, you will not be prompted for a username and password.
We currently have our e-mail hosted through Adhost. One of my tasks is to deploy Exchange 2003. This was already attempted by the former network administrator and it was disastrous. I guess the migration from the POP3 mail accounts on Adhost to the Exchange server caused several problems. Users were receiving duplicate e-mails, and at times they weren't receiving their e-mail at all.
I have experience with Microsoft Exchange, but I have no experience with POP3. I am not sure what the process is for seamlessly migrating from Adhost to Exchange Server.
The first step is establishing a secure and dependable target environment with Exchange 2003. Since you can prepare your environment before any end users are on the system, take the extra time to ensure backups are working properly and the system is functioning as expected. This gives you a huge advantage over people who must upgrade or migrate with the source environment running.
Once you have a suitable target environment, create mailbox-enabled Active Directory users for everyone in your company. Take your account and make sure that you can log in correctly, and see the Global Address List. Next, send an outbound mail message to a test account you have on an external mail system.
Once you know logging on to the newly created accounts is possible, you then should speak with Adhost about moving your MX record. The MX record for your domain determines where inbound mail for @yourdomain.com flows to.
Set up a weekend that Adhost will switch your MX records from its gateway to your Exchange server.
Once the MX record is switched, you should plan on everybody using the new system when they come in on Monday morning. The POP mail can be stored locally in a PST -- just make sure Microsoft Exchange services are configured for end users to use the new mail server versus the POP client.
Remember, the end users will love you. POP vs. a full mail client will be an exciting switch that will enhance their overall messaging experience.
I have an Exchange 2003 server. My POP3 users cannot send mail outside the server; I get a relaying denied. I have everything set that I can think of, but nothing helps.
It sounds to me like someone has locked down relaying and made a mistake in configuring this in Exchange 2003. You need to read Knowledge Base article 821746: How to prevent unsolicited commercial e-mail in Exchange 2003.
Pay particular attention to the settings for IP Address Restriction and Configure Authentication. If you have IP address restrictions in place, per the article, you'll need to make sure they match up with the machines that are having trouble sending. If you have authentication configured, you'll need to make sure the sending clients are actually authenticating.
Barring these two suggestions, I recommend using the telnet command to test sending a message via POP and see what error message the server is sending back to you. While this article isn't specifically about Exchange 2003, the steps for telnet described in it can be used to test an Exchange 2003 server: Knowledge Base article 885685: How to troubleshoot the POP3 Connector in Windows Small Business Server 2003.
I have Exchange Server 2003 SP1. The OS is Windows 2003 with its latest update. The server has four stores for four e-mail domains. The clients are connected as POP3/SMTP accounts, not Exchange ones. The problem is that, with some users, the e-mail stops at receiving the first message in Microsoft Outlook 2003 SP3 (all clients have that). The e-mail just stops at receiving message 1 of XX. The problem is happening with small and big e-mails. If the user uses Outlook Web Access, he/she can see all e-mails without any problem. Another problem that happens is that some of users are receiving duplicates of the e-mails whenever they click the Send/Receive button.
This could be a number of issues. One could be a routing or firewall configuration issue, and, depending on how the client routes to the given Exchange server, one path may have port 25 blocked. A retry may choose an alternate route and succeed.
Another reason might be networking issues. Any number of issues could be present, including out-of-spec cables, too many hubs, duplex issues, (e.g., the client computers are not reliably negotiating the same duplex mode as your IP switch). To troubleshoot, check the System and Application Event logs for network interface related messages. Also, open a command prompt on one of the machines, run a "netstat –s" and note the number of retransmitted packets. Run your Send/Receive and re-issue the "netstat –s"; if there is a significant delta, suspect your network configuration.
Another diagnostic approach is to log the conversation for a while on the POP3 virtual server. To enable logging, reference the Microsoft Knowledge Base article 299778. Please take heed of the warnings for exhausting system resources and enable logging for a controlled period of time. This also requires restarting the inetinfo.exe service after resetting the logging through the registry changes (or an Exchange server reboot).
How can I prevent Exchange 2003 from relaying? Or is relaying prevented by default?
Exchange Server 2003 and even Exchange 2000 Server have relaying turned off in a manner of speaking. Each Exchange 2000/2003 server has a SMTP Virtual Server that can be viewed/configured in the Exchange System Manager. The relay restrictions are set on the Access property tab of the Default SMTP Virtual Server. The default is to not allow anyone to relay. However, there is an exception to this rule. The "Allow all computers which successfully authenticate to relay, regardless of the list above" checkbox is enabled. This is on by default to allow POP3 and IMAP4 clients with valid computer accounts in the domain/forest to send mail to your Exchange servers. This also reduces administrative overhead when an e-mail based application server is added to the domain/forest.
If you do not have IMAP4 or POP3 clients or you do not mind the additional overhead of manually adding entries for e-mail based applications servers, then you can go into each of your default SMTP virtual servers (one per Exchange server) and disable this checkbox.
Is there a place in Exchange 2000 to change everyone's e-mail to plain text, instead of changing each user in Outlook?
The closest you can get for Outlook (MAPI) clients is something called an SMTP Policy that allows you to configure message encoding and message formats for the entire organization. You can find it in the Exchange System Manager (ESM) by expanding the Global Settings container and selecting Internet Message Formats. The Policies will be displayed in the details pane on the right.
In fact, a default policy is preconfigured to allow both plain text and HTML content. You will need to modify the Default SMTP Policy to accomplish what you are trying to do. On the Message Format tab of the default policy, configure MIME to Provide message body as plain text. The problem is that this will only affect "Internet" mail. That is mail sent to or received from the Internet (a.k.a. domains outside the scope of your organization).
IMAP4 and POP3 clients can be configured to use plain text only from an Exchange server for all e-mail, but a MAPI client cannot. You might want to investigate ways in which you can automate the modification of each users profile as an alternative.
I have Exchange 5.5 and we have set up POP3 and IMAP accounts across our network. How can I get the Global Address Book to my users using a POP3 account?
Use the Microsoft Exchange 5.5 Administrator program and the Directory Export command to export the Global Address List. From there, use Outlook's Import/Export option to import the .csv file into Outlook.
You will need to keep the contents refreshed for your users and explain to them the import process. For more information, see KB article 149447, How to Perform a Directory Export of the GAL, and KB article 155414, Bulk Import/Export FAQ.
How do I configure my Exchange Server 2000 to import POP3 e-mails without using any third-party software?
The Exchange Migration Wizard might do what you want if your POP3 server also supports IMAP4 (the Wizard also has an LDAP Importer if that is required). There are various POP3 Exchange Gateways such as Mail Redirect from www.Helexis.com, which will pull from the POP3 server and submit to Exchange (not free, but very close). If you don't have too many users, you could use Outlook's import capability to get those POP3 e-mails over (I once had to do this for 50 users). Finally, if you are into scripting, you might want to check out this migrating approach. If you decide to do this, the M-Drive is intentionally hidden in Exchange 2003 and you should re-hide it after you have migrated.
Is it possible to use Exchange server 2003 just for caching e-mail and centralized contacts? My company has 20 people. We used our Web hosting company e-mail servers (POP3 and SMTP) and not a static IP address for the company. If this is possible, can you explain how?
recommend you look at Small Business Server, which includes Exchange Server 2003. There is a POP connector that you can configure to pull down mail for your users, and this doesn't require you to have a fixed IP address.
You should also configure the "reply-to" addresses on all the mailboxes within Exchange to point to the SMTP addresses that correspond to your users' POP accounts. Once this is set up, Exchange will be able to send outbound Internet mail even without a static IP (it'll just need a reliable DNS server to point to -- resumably the one configured by your ISP) and anyone replying to these messages will send those to your users' POP accounts. Once all that's configured then you can absolutely use Exchange Server 2003 for messaging and collaboration – specifically storage of mail and centralized contacts as you suggest -- within your company. Don't forget to get some good backup software that is Exchange-aware to make regular backups of your server.
I have an Exchange 2003 server and I migrated mailboxes from Exchange 2000 to it. All is working great except for some accounts that need to use POP3. These accounts do not use Outlook Express to send or receive, but use specialized software. An example is a product called WebTrends that we use to monitor our devices and contact us if something goes down. This worked great with Exchange 2000 but since migrating to 2003 it has stopped working. I know in Outlook Express we can check it to say the server requires authentication, but that is not an option for these specialized software packages. How can I safely set up our Exchange 2003 server so that it can send e-mails using these specialized packages?
Here is what you need to do. First of all, determine the IP address of the machine that will be generating the WebTrends e-mail notifications. Once you have this, then launch Exchange System Manager and navigate down through the Organization node, the servers node, select the Exchange 2003 server you want to relay the WebTrends messages, and expand the protocols node for that server. Now right-click the SMTP Virtual Server located in the SMTP node and select Properties. Switch to the Access tab and click on Relay. Look for the "Only the list below" option, which should already be on by default. The list is probably empty, unless you have already added entries here. Now click on Add and enter the IP address of the WebTrends machine. Now click OK several times and you should be all set.
This was first published in February 2006