If you are using the POP3 connector to receive mail, but you have some accounts (like a remote user) that are not collected by the SBS box you will find that it’s not possible to send mail to those accounts from inside the SBS domain.
As soon as you try to send mail to that account, Exchange will send you and NDR back saying “The email account does not exist at the organization this message was sent to. Check the email address, or contact the recipient directly to find out the correct address.”
This happens because by default Exchange is setup to be authoritative for the domain, any address that doesn’t exist on you server will appear as undeliverable. The best way to workaround this is to collect all mail on your SBS box and then make the remote user connect to the SBS box instead of your ISP (you could use OWA, RPC over HTTP or even POP3/IMAP).
Another workaround to this problem is to open Exchange System Manager-> right-click Virtual SMTP server-> Properties-> Messages tab-> Specify your ISP’s SMTP mail server on the field “Forward all mail with unresolved recipients to host”.
Note: If you are using SMTP to receive mail you should not do this (there is no need anyway)… you could cause a mail loop because of this.
Here is a Quick Tip-
Many smarthosts require that you authenticate before you can relay your mail to them. Unfortunately, the SBS dev team did not add an authentication window to the Configure Email and Internet Connection Wizard (CEICW). You have to do this manually, but do not worry… it is very easy:
Open Exchange System Manager, drill down to Connectors, right-click the SMTP connector and select properties. On the Properties screen click on the Advanced tab, go to Outbound Security and type the logon info of your ISP.
By the way, if you want to learn more about using Smarthosts vs. DNS for mail delivery you should read this article.
I realize that any mail server these days receives tons of spam and that SBSers use employ several methods to cope up with that, but I think that disabling NDRs is not a wise choice. For those who don’t know: NDR stands for Non Delivery Report and its simply that email that you get when the mail cannot reach its destination (or when it is delayed). Some people disable them because sometimes an SBS box can be sending 100’s of spam-related NDRs which takes server resources and bandwidth. Why not disable NDRs then? Let me explain…
There are 2 types of NDRs that concerns us:
- An external entity sends an email (either accidentally or on purpose) to a non-existent address in your email domain.
- Someone inside your LAN sends an email and Exchange cannot deliver it for some reason.
Evidently, one would like only to disable “type-1” NDRs (more specifically only for those who do it on purpose, i.e. spammers). However, if you disable NDRs in Exchange this will affect
all of them. This means that if you your boss or an external client sends an important email and mistypes the recipient’s address they will never get any notification for that. That’s not good (at least in my book).
So, what can you do? Use the Recipient Filtering instead (go to Exchange System Manager -> Global Settings -> Message Delivery-> Properties-> Recipient Filtering tab-> Enable “Filter recipients who are not in the Directory”). This way you server will only accept mail destined to valid addresses on your domain, you keep NDRs working and the boss is happy. Also, now it is the responsibility of the sender’s mail server to issue NDRs (so people outside your organization will know when they made a mistake).
The disadvantage of doing this is that someone could probe Exchange (some kind of dictionary attack) and get a list of valid email addresses. However, you can minimize this risk thanks to a recent software update for Exchange which adds a delay to anonymous connections. Check out Sean Daniel’s blog for the complete info.
Keep tuned! Since SPAM is such a hot topic… I’m planning to blog soon about other things you can do to help reduce it (and a new way to prevent people from forging your domain name to send spam). If you have a suggestion or want me to cover something in particular let me know.
Many people has asked in the past how to switch from using the POP3 connector for retreiving mail to use SMTP instead. Switching to SMTP has many advantages like:
-Mail is received in realtime (no 15-min delay)
-You have control over which servers can send mail to you (control spam)
-You have total control over your mail servers, accounts, etc.
Most people think that a static IP is required for using SMTP, but that is not correct. Although it is convinient to have a static IP, you can overcome this by using Dynamic DNS service. In fact, even if your ISP is blocking (incoming) port 25 you still could be able to circumvent this by subscribing to a redirector service. The only real requirement for using SMTP is that you own your domain. So, here is how to do it…
With a static IP-
- Ask whomever is hosting your DNS (probably your web hosting service) to create an “A” record (mail.yourdomain.com) that points out to your static IP address.
- Also ask them to create an MX record that points out to the hostname created on step #1 and to remove all other MX records.
- Rerun CEICW and make sure you set it up to receive mail using SMTP. You can test if your server is ready by running “telnet x.x.x.x 25” from a PC outside the local LAN (where x.x.x.x is the public IP of your SBS box) if its working you will see Exchange “answering”.
With a dynamic IP-
- Choose the Dynamic DNS provider of your choice (www.dyndns.org, www.tzo.com, www.no-ip.com) then create an account there (i.e.yourdomain.dyndns.org).
- Download their DDNS client (or a 3rd-party) and install it on the server (if you have a router that supports Dynamic DNS updates I would use it instead). Make sure the records get updated.
- Follow the same procedure on steps 2-3 in the previous section… but instead point the MX record to whatever you created on step #1 here (i.e. yourdomain.dyndns.org).
You might want to ask your ISP if they could host a backup mailserver for you (most would do this for free). If so, they can add their backup mailserver with a lower priority to your MX records.
One final note-> In case the people hosting your DNS are uncooperative my first suggestion would be to change to another provider. However, this is not necessary. You can get DNS hosting with the DDNS providers that I mentioned earlier. You could even get free DNS hosting with Zone Edit or by registering your domain with GoDaddy. In many cases these services are a better alternative since you will have total control over your DNS.