Reduce SPAM and increase security with SMTP Submission over Port 587

Exchange server 2007 provides higher security and less SPAM potential by elimination authenticated mail over SMTP port 25.    This leaves us without the ability to relay mail from other SMTP servers without the following tips.

Here are some setup tips on setting up SMTP relay over port 587 securely.

After setting up your network with a back-end Exchange 2007 Hub Transport/Client Access/Mailbox server and an isolated Exchange 2007 Edge Transport server in a DMZ or separate internal network, try setting up an IMAP connection to the Exchange Client Access server.  Since all incoming mail traffic is supposed to flow through the Edge Transport server, you set up that as the endpoint for your outgoing SMTP server in your mail client like Microsoft Outlook or Mozilla Thunderbird, but no matter what you do, it just won’t work without authentication.  The Edge Transport server is not (or at least it’s not supposed to be) a member of the domain, and therefore cannot authenticate the user.

One way to fix this is to set your firewall(s) to pass SMTP Submission traffic to the back-end Client Access server (CAS).    Mail will  be sent first to the back end Exchange Client Access server for authentication, and then be forwarded on to the front end server for external delivery.

Also, don’t forget to to check off the TLS or SSL security option and change the outgoing SMTP port number to 587 for SMTP Submission, rather than port 25 for standard SMTP traffic.  And now, you should be sending mail securely.

Advertisements

Migrating a Blackberry from one hosted server to another

At Corneredge we support all PDA’s to ensure full sync with all customer email services.  Blackberry’s are great for this, and typically very easy to setup.

I recently had to set up a Blackberry on a BES server on a new network we were supporting.  Despite repeated efforts, the Blackberry consistently made contact with the BES Server, and then failed on the IT Policy.

The issue was this: even if your bringing a blackberry from a domain (domain.com) in Site A into a same-named domain (domain.com) in Site B, you must break the connection that the Blackberry’s PIN has over the Blackberry network.  Until then, the Enterprise Activation will not work.  This type of situation would come up when you change your MX record, for example.

You basically have two options here:

1. Contact the old BES host in the old site and ask them to remove the PIN; or
2. Go to the Blackberry Device / Options /Advanced / Service Book, and blow away the value “”Desktop [CMIME]”.

Once that happens, the Blackberry brings you through the mail setup routine as if it were brand new out of the box, and will sync fine with your BES server in the new environment.