Boswell's Q&A

Bringing It Home Again

Admin wants to bring Exchange e-mail services back into the company, but first wants to set up a test bed.

• By Bill Boswell
• 10/11/2004

Mr. Boswell: I have a couple of questions regarding Exchange Installation. Currently my company e-mail is outsourced. I want to set up an Exchange server to handle our mail. If I configure the server to receive Internet e-mail, will there be any problems/interference with mail delivery to either the test Exchange server or our outsource host due to the domain name being set up on two different locations/servers?

Also, what is the recommended type of server to use for Exchange, a domain controller or member server? I'm currently running Windows Server 2003 with Active Directory and integrated DNS.

Get Help from Bill Got a Windows or Exchange question or need troubleshooting help? Or maybe you want a better explanation than provided in the manuals? Describe your dilemma in an e-mail to Bill at mailto:[email protected]; the best questions get answered in this column. When you send your questions, please include your full first and last name, location, certifications (if any) with your message. (If you prefer to remain anonymous, specify this in your message but submit the requested information for verification purposes.)

Answer: Well, first of all, please call me Bill. I was an enlisted man in the U.S. Navy, so being called Mr. Boswell makes me flinch.

With that out of the way, I have good news and bad news. The good news is that Internet mail is routed to the e-mail server at your ISP using an MX (Mail eXchange) record in your public DNS zone. As long as you don't change this record, you won't get any interference between your test server and your actual e-mail.

The bad news is, setting up a test Exchange server in a test domain requires a little work if you want to be able to send and receive e-mail via the Internet.

For testing, you should register a new domain name that's signficantly different from your production domain name so that nobody will be confused. Registration only costs a few dollars and you can keep the domain name for future testing as long as you're willing to pay the renewal fee. Don't take a name that's already in use or you won't be able to route e-mail to yourself.

Once you have a test domain, you'll need to register your DNS server so that the top level DNS servers for the Internet contain the Name Server (NS) record for your new domain. The agency you use to get the domain name will have instructions for doing this registration. As an alternative, you can arrange for your ISP to host the test zone.

You can accomplish both objectives at once — getting a test domain name and setting up a DNS zone — by taking advantage of one of the dynamic DNS services available on the Internet. Just search Google for "dynamic DNS" and you'll get lots of hits. Choose one that's either free or very low cost. These services typically have a selection of domain names and you append your selected name onto their domain. For example, if their domain is d-dns.com, then you might be able to use mydomain.d-dns.com. Most dynamic DNS services can either dynamically point to your own DNS server or host the zone and give you tools to add resource records.

You're now ready to install a test Exchange server. Don't install the server into your production domain. Exchange uses Active Directory to store configuration information and it's something of a chore to remove that information once it's there. (Not impossible, just inconvenient.) For testing, set up a single server to act as a domain controller and Exchange server in the test domain. When selecting a name for the test Active Directory domain, use the domain name you registered with either a .pri or a .local extension. This avoids a namespace conflict between your public DNS zone and your private DNS zone.

Once the Exchange server is up and running in the test domain, configure your firewall to route port 25 traffic (SMTP) to the server. Then, in the Internet DNS zone, add an A (host) record that points at the public interface of your firewall and an MX record that contains the name you assigned to the A record. Don't forget to configure the firewall to allow outbound port 25 traffic from the Exchange server.

You should now be able to send e-mail to and from accounts in the test Exchange domain. For example, you can use OWA at the Exchange server (don't install Outlook on an Exchange server to avoid conflicts with MAPI32.DLL) to send an e-mail to your personal POP account then reply to the e-mail and make sure the reply arrives at the Exchange account.

Once you're comfortable managing mail flow through the Exchange server, you're ready to install an Exchange server in production. Use a Windows Server 2003 member server. You can run Exchange on a domain controller, but you get more operational flexibility by using a separate server. The installation requires modifying the Schema of Active Directory, so make sure you have a full System State backup of your domain controllers. (You should have at least two domain controllers in the production domain.)

With the production server up and running, configure your firewall to pass port 25 traffic to it. Then contact your ISP (or whoever hosts your DNS zone) and have them modify the MX record for your production domain to point at your firewall rather than the current POP server. Send a few test e-mails to verify your configuration and you're done. Of course, the configuration could be a lot more complicated, depending on whether or not you use additional SMTP domains in your organization, but that's the basic game plan.

Hope this helps!