|
|
|
|
|
|
How to Configure Microsoft Exchange to use
the Arrowmail
Smarthosts
Arrowmail has 3 separate smarthost mail-servers and, luckily, Exchange 2003, 2007
and 2010 know how to make use of multiple smarthosts for redundancy and
load-balancing.
This means that if one of our smarthosts is very busy, has failed or is
undergoing maintenance, your Exchange server can continue to send out emails,
uninterrupted.
In Exchange 2003, it's possible to configure a smarthost on the Default
SMTP Virtual Server but, if you do it this way, you can only set a
single
smarthost.
The preferred method, therefore, is to use an SMTP Connector
for your outgoing emails which does allow multiple
smarthosts to be specified.
For Exchange 2007/2010 there's only one way to configure a smarthost which is on the
Send Connector.
For simplicity, the instructions on this page assume that you only have one
Exchange server in your organisation.
If you have multiple Exchange servers, there are a few minor differences which
we'll be happy to advise you about.
|
|
How To Configure a Smarthost on Exchange 2003
Open Exchange System Manager and click on the +
next to Connectors to see if you are already using an SMTP
Connector.
SBS2003 comes with a pre-configured SMTP Connector as shown below:-
|
|
 |
|
If you need to create a new connector:-
Right-click on Connectors and select New - SMTP
Connector...
If a SMTP Connector already exists, right-click on it and choose
Properties
|
|
 |
|
If you only
have one
Exchange server, it's unlikely
you'll need more than one
SMTP Connector.
Multiple
SMTP Connectors are used to
send certain emails via different routes. |
|
The SMTP Connector - Properties page opens which has 8 tabs.
(There could be a 9th tab called Security if you've previously
enabled this tab by a registry change, but, in any case, there's nothing to
configure on this tab.)
We'll start on the General tab where there are 3 things to
configure:-
| Name |
Call it what you want, but "All Outgoing Email" is a good name.
|
| Smarthosts |
Select "Forward all mail through this connector to the following smart hosts"
and enter Arrowmail's 3 smarthosts, separated by semicolons.
The full
string to enter is:-
smarthost1.arrowmail.co.uk;smarthost2.arrowmail.co.uk;smarthost3.arrowmail.co.uk
"Copy and Paste" the above line into your
SMTP Connector
if you like.
|
Bridgehead
Server |
This is your Exchange server.
Click Add... and there will
only be one option. |
|
 |
If you're editing an existing SMTP
Connector it will already have a name which can't be changed here.
If you want to rename the connector,
close this page, right-click on the SMTP Connector and choose
Rename |
|
Go to the Address Space tab.
Click Add...
and select the default options which are:-
Type = SMTP
Email Domain =
*
Cost = 1
Connector scope = Entire Organisation
"Allow
messages to be relayed to these domains" is not
selected
|
|
 |
|
Go to the Advanced tab.
Click on Outbound Security...
Select Basic authentication (password is sent in clear text)
and then
Modify...
Enter your username and password for the Arrowmail Smarthosts.
If you would like all messages, sent from your server to our smarthosts, to be
encrypted then select TLS encryption:-
|
|
 |
|
The Arrowmail smarthosts require
authentication and support TLS encryption.
We will issue you with your own username and password
which will be the same for all 3 of our smarthosts. |
|
There's nothing to change on the other 5 tabs, but we've shown what they should
look like, anyway, so you can check that nothing's been changed.
The Connected Routing Groups tab:-
|
|
 |
|
The Delivery Restrictions tab:-
|
|
 |
|
The Content Restrictions tab:-
|
|
 |
|
The Delivery Options tab:-
|
|
 |
|
...and finally, the Details tab:-
|
|
 |
|
Click OK and close Exchange System Manager.
In order for the new settings to take effect, you need to restart the following
services:-
Microsoft Exchange Routing Engine and
Simple Mail Transport Protocol (SMTP).
Rebooting the server will also enable the new settings, if this is easier.
^ Top of Page ^
How To Configure a Smarthost on Exchange 2007 and Exchange 2010
If your Exchange Server 2007/2010 is currently able to send emails externally, a Send Connector
must already have been created and configured correctly
on the Hub Transport server.
Configuring Exchange 2007/2010 to use the Arrowmail Smarthosts, therefore, just
requires you to modify the settings on this
Send Connector.
For Exchange 2007/2010, Microsoft has split up into separate roles, the various jobs
that Exchange has to perform, with the implication that each role will be
handled by a different server.
The Hub Transport role is the one responsible for sending and receiving external emails.
In the real world of small to medium sized companies, a single
Exchange server is likely to be performing all the various roles.
|
|
|
Open Exchange Management Console
Click on the + next to Organization Configuration
Select Hub Transport and
select the Send Connectors tab:-
|
|
|
(If you can't see all the columns shown above, click View - Add/Remove
Columns...)
Right-click on the existing Send Connector, select
Properties
and go to the Network tab.
Select "Route mail through the following smart hosts:" and
click Add:-
|
|
 |
|
|
Specify the first smarthost as shown below:-
|
|
 |
|
Add all 3 of Arrowmail's smarthosts:-
|
|
 |
|
Click Change... to set the authentication options.
Type the username and password we've issued to you below:-
|
|
 |
|
We have
commercial digital
certificates
installed on our
smarthost servers,
but if your server
only has a
self-signed
certificate or no
certificate at all
then Basic
Authentication
over TLS
probably won't
work.
| |
Basic Authentication over
TLS means emails are encrypted between your server and ours, which is a good
idea except that Exchange 2007/2010 is fussy about the digital certificates used for
encryption.
If you find your Send Connector won't route emails to our smarthosts
then try clearing the Basic Authentication over
TLS checkbox.
There shouldn't be anything that needs changing on the other 3 tabs, but we've
shown below, what they should typically look like.
The General tab:-
|
|
 |
|
The
Fully Qualified Domain Name(FQDN)
should be the DNS name of the public IP address your server operates behind.
Our smarthosts don't care what FQDN you enter, but if you're sending email
directly, without using a smarthost, it's important to get this
entry to match your actual FQDN |
|
When you
need help
trouble-shooting smarthost connection problems, you can change the "Protocol
logging level:"
to Verbose. |
|
The Address Space tab:-
|
|
 |
|
The asterisk in
the Domain column indicates that all
emails
will be sent through this
Send Connector |
|
The Source Server tab:-
|
|
 |
|
Notice, in the
Role column,
that this server is performing all the Exchange 2007/2010
roles. |
|
When you've finished, the Send Connector
should look like this:-
|
|
| |
|
The changes you've made to the Send Connector will take effect
straight away without you having to reboot the server or restart any services.
What if you don't use Exchange as your in-house Mail-server?
Many mail-server programs, other than Exchange, can take advantage of multiple
smarthosts. However, if the one you're using use can only be configured for
one smarthost, you should set it to use:-
smarthost.arrowmail.co.uk
We will make sure that this DNS name is always pointing to a functional
mail-server.
If your mail-server isn't able to authenticate to our smarthosts then, as long
as you are using a fixed public IP address, we can allow anonymous access from
that specific IP address.
|
|
|
|
Now that you're paying for outgoing emails at something under 0.3p each, it's a
good idea to make sure your are not sending out ones you don't need to.
By default, Exchange will accept emails to non-existent users and then generate
an outgoing email to each sender, telling them, politely, that their email
couldn't be delivered as the user doesn't exist.
Today, spammers
often bombard an exchange server with large numbers of emails to addresses that
have been guessed - usually wrongly.
Not only is it a waste of your monthly email allowance to reply to these emails
but, the sender's address in the original email is likely to have been forged
and so your server's reply will go to someone innocent of sending spam, who will
now see you
as spamming them.
It's very simple to
enable "Recipient Filtering" so emails to non-existent users are rejected but,
for some reason, this configuration step is often missed out by people setting
up Exchange.
We had one customer where this type of email made up 80% of their total
out-going emails, and we don't like them coming through our servers, even though
we charge for them, as they mostly can't be delivered and, if they can, it risks
annoying the recipient.
If you are about to configure your Exchange server to use our Smarthosts then, do
everyone a favour by checking your Recipient Filtering settings.
Step-by-step instructions for configuring Recipient Filtering on Exchange 2003 and 2007
are here.
^ Top of Page ^
|
|
How to Create a Sender Policy Framework Record to Authorise
our Servers to send out your Company's Email
It's by no means essential, but if you use our smarthosts, it can help make email
delivery more reliable if you create a special DNS record with whoever is
handling the DNS for your domain name, which is usually your domain registrar.
This DNS record is to comply with the Sender Policy Framework (SPF) anti-spam
initiative and it identifies our servers as being
approved for sending emails from your domain.
It's a TXT record, which not all DNS servers or ISP control panels can handle,
but if they can this is the record you need to add:-
mycompany.co.uk. IN TXT "v=spf1
include:arrowmail.co.uk -all"
This is how it should appear in your DNS Zone File, including the inverted
commas, but with your domain name substituted for
mycompany.co.uk.
If you give us the logon details for your domain registrar's control panel we'll
set it up for you.
If your current DNS servers can't handle TXT records you
could move to DNS servers that can. This doesn't require you to change your
domain registrar.
www.nettica.com will host your domain's DNS
service, along with TXT records, on their servers forever for a one-off payment
of US$40.
You can check that your SPF record has been successfully setup by sending an
email to:-
check-auth@verifier.port25.com
Make sure that the From address you use is covered by the SPF record, no need to
put anything in the Subject Line or the body of the email.
You should receive a reply containing something like the extract below, which
also checks out any other anti-spam initiatives such as DomainKeys, DKIM, and
Sender-ID:-
|
|
 |
The SPF system has not yet been adopted widely enough to be a reliable method for
identifying spam but, when sending emails, it can tip the balance your favour,
especially with heavy-handed anti-spam systems.
^ Top of Page ^
|
|
If you prefer, you can, instead, email your comments to ail.co.uk?subject=Re:
Configure your Exchage server to use our Smarthosts"> support@arrowmail.co.uk="totop">
^ Top of Page ^
|
|
| |
Arrowmail is owned and operated by
Rhebus Limited, a UK-registered company, number 4079706.
We welcome any comments about this website, good or bad. Send them to
webmaster@arrowmail.co.uk
|
|
