Legacy Email Relay in SBS 2008 with Exchange 2007
Posted in Geekery, Work on February 5th, 2011As can be expected, Microsoft made a lot of changes in the SBS 2008 / Exchange 2007 combination, and while it has been out for several years now, I have yet to find any articles or HOWTO’s that specifically address the problems of getting ancient, legacy code to reliably send email alerts with the new systems.
With Exchange 2003, it was simple and mostly just built-in, all you had to do was add the IP address of things like your scanners and other fairly dumb systems (or even advanced ones, like Backup Exec and APC Powerchute) to allow them to relay email alerts through Exchange.
Well, in Exchange 2007, they made things a little more difficult and force you to create new Receive Connectors with specific restrictions to allow these systems. It has been well documented before, so I’ll just include a link: http://msexchangeteam.com/archive/2006/12/28/432013.aspx
I will point out one thing, however: my experience (and a blog posting I cannot find again today) says that to make this actually work, the remote network range for this connector must be 0.0.0.0-255.255.255.255, and not limited to the single machine or short range of IP addresses. I tested this extensively, and always came up with the same result: narrow IP range = no workee. This means that you must create rules on your firewall to strictly limit incoming SMTP traffic to make sure you don’t set up an open relay on the Internet. You should already be doing this anyhow, considering how cheap Postini spam filtering is.
There’s also one other small problem: SBS 2008 only allows you a single NIC, and therefore a single IP address for the server, which means that you’ll have to assign this new relay connector to a non-standard port (like 26) to make it work. (The trick of adding a second alternative IP address to the NIC will not work – it disappears after a reboot.) Here’s a series of pics with my setup:
Now to use this, you’ll obviously have to configure your legacy systems to point to the specific port as well as the IP address. Usually, this is done by tacking a :26 (or whatever port you chose) on the end of the IP address or server name. (192.168.x.x:26 or servername.domainname.local:26).
Sometimes, however, those legacy systems will be so entirely stupid that you can’t point them at a non-standard port. This is where stuff gets damned annoying.
If you are lucky enough to have another server on the network, you can install SMTP on that server, and tell it to use Exchange (at the special port you made) as a Smart Host, and then you can point your legacy systems at this SMTP server and allow it to do the relaying for you. For example, my client has another Server 2008 machine handy, so I added the SMTP Feature and created a new SMTP Virtual Server called Relay 1 and set it to allow anonymous connections.
Instead of 15 pictures, I’m going to give you a hundred words of settings description:
General Tab:
Select your IP address, nothing unusual here.
Access Tab:
-Authentication button – select Anonymous access only.
-Connection Control button – select “All except the list below”
-Relay Restrictions button – Select “Only the list below” and give it your network range. This one should accept the restriction of single entries, unlike the Exchange 2007 connector. I also checked the box for “Allow all computers which authenticate…” just for grins.
Messages Tab:
-Set your favorite limits here, as well as the location of the Badmail directory.
Delivery Tab
-Set more limits and timeouts here. I usually expire messages at 2 hours.
LDAP Routing and Security tabs:
-Probably no changes needed here.
Lastly, go into the Services management area and set SMTP to Automatic Start.
Hopefully, I’ve just saved at least one other person from having to figure all this out the hard way. May the Force be with you.
Hollerings