Post Installation configuration of Exchange Server 2016
Table of Content
Setting up SPF record:
First, we will setup up the SPF record, which authenticates who is sending the email and prevents spoofing. This is necessary else many service providers like Gmail will block email. We can generate an SPF record from MXToolbox – https://mxtoolbox.com/SPFRecordGenerator.aspx. In this case, it will be like this
Type: TXT
Host/Name: tech-servepro.com
Value: v=spf1 a:tech-servepro.com ip4:45.124.48.29 -all
Here “a” represent the A record for tech-servepro.com, and if matches is a PASS.
Ip4 represents the IP address of the sending server, and if matches is a PASS.
-ALL represent always has to match.
Once the SPF is finalized, it is added to the DNS record.
Setting up Send Connector:
Next, we will set up send connectors so that we can send emails. Inside the internal network, the URL to ECP (Exchange Admin Center) should be like this – https://<SerevrName>/ecp ie. https://exchange/ecp and can use the domain administrator account to log in.
Send Connector settings can be found under mail flow and follow the set-up wizard. While choosing the network setting, we will choose the “MX record associated with recipient domain”. If we choose these settings all the emails will be sent directly from the Exchange Server. In add domain, we will put a * since we have only one domain in this case and choose the server from where we want to send the email.
In some cases, if the SMTP port is blocked or we don’t want to send an email directly from our server we can choose a smart host. Some companies like noip.com provide such services. In such a situation all the emails are sent to the smart host from where it’s routed to the destination.
In the next step, we will test out sending emails and it should work. All other settings are default. Inside the network, the URL to owa should be like this – https://<SerevrName>/owa
Troubleshooting Tips for Send Connector:
If the email is lying in the outbox after sending and you see a message – “your message will be sent, but we’re not quite ready. Check back in a couple of minutes“, then check the DNS lookup settings under server in ECP.
By Default Exchange server with the Mailbox server role uses port 25 to send out and receive email. We can check it with Exchange Management Shell, more information on port here.
Get-SendConnector | fl port
Setting up Receive Connector:
Before we start receiving emails, we have to configure some DNS settings for our Public IP.
We will set up A record that will point to the public IP of the Exchange Server. In this case, we are using Cloudflare as our DNS management and it will look something like this. As you see here, I’m using email.tech-servepro.com as the hostname for Public DNS which is different from the internal hostname of the server which is exchange.tech-servepro.com. They don’t need to be identical.
Next, we will set up the MX record. Where the Mail Server is the hostname we created in A record. MX Record is necessary as it will direct all incoming emails to our mail server. We can have multiple MX records based on the number of mail servers and the priority is set to 0 which is the highest priority as we are having a single mail server.
To receive an email we have to open port 25 which will expose our server to the internet. If we don’t want to do that we can take some 3rd party service like MXGuardDog https://mxguarddog.com/ which will receive email on your behalf and forward the email to your server on some different non-standard port.
We don’t need to configure any receive connector because there is already a default frontend receive connector that we will use.
This completes the basic setup and we should be able to send and receive emails.
In addition, we will have to open port 25 on the firewall to receive an email, and forward all incoming connections to the exchange server. For Cisco it will look something like this:
object network ExchangeServer
host x.x.x.x
nat (inside,outside) static interface service tcp 25 25
access-list INBOUND extended permit tcp any object ExchangeServer eq 25
access-group INBOUND in interface outside
Troubleshooting Tips for Receive Connector:
Troubleshooting Tips: If you are not receiving email you can check whether port 25 is open or not from a website like portchecker.
You can also check whether you can telnet of port 25 from a computer in a different network – telnet email.tech-servepro.com 25.
You can also use Microsoft Remote Connectivity Analyzer to troubleshoot connectivity issues.
All Images:
- KB170089