| Author | Messages | |
sbradcpa
Posts:315
 | | 09/24/2008 2:30 PM |
| Stupid question, is the consultants recommendation setting up psts and
pop-ing to smarter mail? I'm not familiar enough with the product but if
so, that's very non enterprise-y isn't it?
The use of SSL ensures that I'm not able to sit there with my netmon or
wireshark and look at that password in clear text as well.
Brian Desmond wrote:
>
> *Makes sense … I’d go with SSL though either way. *
>
> * *
>
> *Thanks,*
>
> *Brian Desmond*
>
> *brian@briandesmond.com*
>
> * *
>
> *c - 312.731.3132*
>
> * *
>
> *From:* ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] *On Behalf Of *Steve Lewis
> *Sent:* Thursday, September 18, 2008 1:39 PM
> *To:* ActiveDir@mail.activedir.org
> *Subject:* RE: [ActiveDir] (Got it working) Even More confusion on
> migrating from Exchange to SmarterMail
>
> Hi Brian,
>
> I agree that there is a little ambiguity on doing it quickly and
> talking about risk at the same time. On his suggestion of 587 I find
> interesting. Comcast, AOL and a bunch of other ISP’s are starting to
> use port 587 to prevent someone from using their SMPT servers on port
> 25 for spamming (I cannot use 25 through Comcast’s email addresses. I
> have to use 587).
>
> I’m not too sure why 587 makes a difference but since the biggies are
> insisting on using it there is probably a good reason. Personally I
> use port 465 as the SSL/SMPT port at home through my own servers. That
> is working seamlessly for me but they would have to set up SSL on
> their email server to support this.
>
> Thanks,
>
> Steve Lewis - Systems Operation Consultant
>
> Utrecht Art Supplies
>
> 6 Corporate Dr
>
> Cranbury, New Jersey 08512
>
> T. 609-409-8001 X118
>
> F. 609-409-8002
>
> C. 732-670-4406
>
> slewis@utrecht.com <mailto:slewis@utrecht.com>
>
> http://www.utrecht.com
>
> ------------------------------------------------------------------------
>
> *From:* ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] *On Behalf Of *Brian Desmond
> *Sent:* Thursday, September 18, 2008 2:20 PM
> *To:* ActiveDir@mail.activedir.org
> *Subject:* RE: [ActiveDir] (Got it working) Even More confusion on
> migrating from Exchange to SmarterMail
>
> *Inline*
>
> * *
>
> *Thanks,*
>
> *Brian Desmond*
>
> *brian@briandesmond.com*
>
> * *
>
> *c - 312.731.3132*
>
> * *
>
> *From:* ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] *On Behalf Of *Steve Lewis
> *Sent:* Thursday, September 18, 2008 7:35 AM
> *To:* ActiveDir@mail.activedir.org
> *Subject:* RE: [ActiveDir] (Got it working) Even More confusion on
> migrating from Exchange to SmarterMail
>
> Hi All,
>
> Thank you all. This group has helped me quite a bit. Mail is going in
> and out of SmarterMail. I did just what you recommended.
>
> On Exchange/AD:
>
> 1. I had a smartermail@utrecht.com <mailto:smartermail@utrecht.com>
> in AD with an exchange mailbox.
> 2. Created a contact called SmarterMailContact@utrecht.com
> <mailto:SmarterMailContact@utrecht.com>
> 3. In this contacts Exchange General email properties I entered
> SMTP:smartermail@email.utrechtnj.com for the E-mail
> 4. Forwarded mail from smartermail@utrecht.com
> <mailto:smartermail@utrecht.com> to
> SmarterMailContact@utrecht.com
> <mailto:SmarterMailContact@utrecht.com>. For now I am delivering
> it to both the smartermail and the smartermailcontact inbox.
>
> In SmarterMail:
>
> 1. I added the domain email.utrechtnj.com as the domain for the
> SmarterMail software.
> 2. SmarterMail box’s IP is 208.178.106.236 and resolves to
> email.utrechtnj.com (Exchange is mail.utrecht.com and resolves
> to 208.178.106.243)
> 3. Created a SmarterMail user named smartermail.
>
> Viola, it works. A couple of caveats are right now people have to log
> into their accounts as smartermail@email.utrechtnj.com
> <mailto:smartermail@email.utrechtnj.com> but the mails come in and go
> out as smartermail@utrecht.com <mailto:smartermail@utrecht.com>. I
> believe that is fixable as well.
>
> */[Brian Desmond] You might be able to make email.utrecht.com a
> secondary domain or something in smartermail and then people can login
> as someone@utrecht.com <mailto:someone@utrecht.com>. I don’t know how
> the product works. /***
>
> Now I have another quandary and this might be more political than
> technical so I would like your advice. There was another consultant
> who worked at Utrecht in the past. Utrecht asked that I run everything
> I’ve been doing by him so I’ve been sharing what I’ve been doing.
> Today I received the following from him. Although I agree his way is a
> quick way to do it I feel as though he’s missing something that could
> hurt me in the long run. I’d like your input to what he had to say.
>
> Here is his note to me and again, thanks for all your help. I couldn’t
> have done it without your input.
>
> */Hi Steve:/*
>
> */ /*
>
> */You’re overcomplicating a simple process:/*
>
> */ /*
>
> */Follow these steps to cut your mail over:/*
>
> */ /*
>
> */1) /**/Set up the Utrecht.com domain in Smartermail/*
>
> */2) /**/Set up the required domain aliases (utrechtart.com, etc)/*
>
> */3) /**/Set up the Active Directory plugin on Smartermail./*
>
> */4) /**/Test Smartermail. From your Outlook add an account that
> pops/sends through smartermail. Use this account to send mail to
> another user on the smartermail system (an active directory user)
> Login to the web interface to insure that they got the mail or just
> check the spool directory./*
>
> */5) /**/Set up an additional account for Smartermail on every desktop
> that will continue to use Outlook after you’ve migrated to
> Smartermail. Check the box that says that “my mail server requires
> auth for outgoing mail, and use the altport 587 (you’ll need to set
> this up globally in SMartermail under protocols)/*
>
> */[Brian Desmond] Not sure the point of using the “altport” but if it
> works that’s fine/*
>
> */6) /**/Add rules to the firewall to allow POP-110/AltSMTP-587 to the
> Smartermail server./*
>
> */7) /**/(best to perform this step after hours) Change the firewall
> rules on the Sonicwall that govern SMTP (send email) pointing them to
> the Smartermail server instead of the Exchange server/**//*
>
> */8) /**/From an account outside the network send/receive a few emails
> (they will go to the Smartermail server)/*
>
> */9) /**/Go home and get some sleep and move on to the next project.
> This should be a half-day project./*
>
> */[Brian Desmond] I’d not consider moving your email platform a half
> day project even for a small shop. /*
>
> */ /*
>
> */Don’t try to send mail to two places/*
>
> */Don’t change your external DNS MX records/*
>
> */Don’t try to add more NAT policies to the firewall/*
>
> */Don’t try to forward mail from the Exchange server to the
> Smartermail server (you’ll just confuse yourself and others)/*
>
> */[Brian Desmond] If you just want to flash cut to smartermail the
> consultant’s way will work. If you want to stagger it, my way will
> work. Pick a route – they’re two different routes. I’d say the
> consultant is very risk averse with his “you’ll confuse yourself and
> others” statement, but, at the same time he is looking to rush it
> “this should be a half day project”. Kind of an odd combination./*
>
> */ /*
>
> */As a sidenote, I’d get SSL setup for your POP/SMTP so people aren’t
> sending their AD passwords in the clear. /***
>
> Steve Lewis - Systems Operation Consultant
>
> Utrecht Art Supplies
>
> 6 Corporate Dr
>
> Cranbury, New Jersey 08512
>
> T. 609-409-8001 X118
>
> F. 609-409-8002
>
> C. 732-670-4406
>
> slewis@utrecht.com <mailto:slewis@utrecht.com>
>
> http://www.utrecht.com
>
> ------------------------------------------------------------------------
>
> *From:* ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] *On Behalf Of *Brian Desmond
> *Sent:* Tuesday, September 16, 2008 10:01 PM
> *To:* ActiveDir@mail.activedir.org
> *Subject:* RE: [ActiveDir] Even More confusion on migrating from
> Exchange to SmarterMail
>
> *Yeah he would need to shadow every recipient in Exchange with my
> example.*
>
> * *
>
> *Thanks,*
>
> *Brian Desmond*
>
> *brian@briandesmond.com*
>
> * *
>
> *c - 312.731.3132*
>
> * *
>
> *From:* ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] *On Behalf Of *Tony Murray
> *Sent:* Tuesday, September 16, 2008 8:46 PM
> *To:* ActiveDir@mail.activedir.org
> *Subject:* RE: [ActiveDir] Even More confusion on migrating from
> Exchange to SmarterMail
>
> Hi Brian
>
> Just a point regarding your statement about not needing to do anything
> with recipient policies. I don’t have a test environment available,
> but I’m pretty sure this would result in NDRs for anything sent from
> within the Exchange environment to any @utrecht.com
> <mailto:user@utrecht.com> address that did not already exist within
> the Exchange environment. This is fine if the mail environment remains
> static during the mailbox migration, but not if additional
> @utrecht.com addresses needed to be created directly on SmarterMail
> (i.e.outside of the Exchange environment). The checkbox for “This
> Exchange Organization is responsible for all mail delivery to this
> address” must be cleared for the @utrecht.com recipient policy.
> Without this, Exchange will think it “owns” the @utrecht.com address
> space and will only route to internal addresses matching that address
> space. Anything else will generate an NDR.
>
> Tony
>
> *From:* ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] *On Behalf Of *Brian Desmond
> *Sent:* Wednesday, 17 September 2008 9:24 a.m.
> *To:* ActiveDir@mail.activedir.org
> *Subject:* RE: [ActiveDir] Even More confusion on migrating from
> Exchange to SmarterMail
>
> *Steve, defining the additional internal domain is the easy way to do
> this.*
>
> * *
>
> *Create a domain called smartermail.utrecht.com in your internal DNS
> and an MX record pointing to your smartermail server.*
>
> * *
>
> *Create users on smartermail whose SMTP address is user@utrecht.com
> <mailto:user@utrecht.com>. Give them a secondary (or whatever they
> call it) address of user@smartermail.utrecht.com
> <mailto:user@smartermail.utrecht.com>.*
>
> * *
>
> *In exchange create a contact for each user. Mail enable the user with
> user@smartermail.utrecht.com <mailto:user@smartermail.utrecht.com>.
> Hide the contacts from the GAL.*
>
> * *
>
> *When you’re ready to forward a user’s mail, open their account in AD,
> goto Exchange Advanced, Delivery Options, and forward the mail to the
> contact. *
>
> * *
>
> *When all of your users are being forwarded to smartermail, you can
> change your Utrecht.com MX record to point to smartermail, and
> shutdown exchange.*
>
> * *
>
> *You don’t need to do anything with recipient policies, SMTP
> connectors, etc this way. *
>
> * *
>
> *Thanks,*
>
> *Brian Desmond*
>
> *brian@briandesmond.com*
>
> * *
>
> *c - 312.731.3132*
>
> * *
>
> *From:* ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] *On Behalf Of *Steve Lewis
> *Sent:* Tuesday, September 16, 2008 2:55 PM
> *To:* ActiveDir@mail.activedir.org
> *Subject:* [ActiveDir] Even More confusion on migrating from Exchange
> to SmarterMail
>
> Hi all,
>
> Thanks for all you help. I’m starting to understand this and I believe
> I’m getting closer to understanding what I need to do.
>
> I looked at the articles for “Sharing SMTP Address Spaces” on
> support.microsoft.com. They go into a lot of options but I can’t seem
> to find out if there is a non-exchange solution to this. In order to
> get a handle on what I need to do I want to be able to ultimately
> forget about Exchange and just use AD.
>
> I believe that it was Michael who recommended that I create contact
> records on the Exchange server that will forward the email to the
> SmarterMail server. That should work and I believe I have it working.
> I created an email account for Exchange named smartermail@utrecht.com
> <mailto:smartermail@utrecht.com>. I also created a contact called
> johnqpublic@utrecht.com <mailto:johnqpublic@utrecht.com>. When the
> email came in for smartermail AD/Exchange tried to forward it to the
> new account. However I did create a new domain that tells the contact
> to go there so ultimately the email bounced. This way however, I
> believe is a waste of time. Utrecht is going to bring down the
> Exchange server once mail is moved over.
>
> The idea of continuing to use the AD accounts, then change the
> mailbox-enabled users to mail-enabled users, instead of contacts
> sounds just like what I want to do but there is so much knowledge my
> brain has absorbed that it’s getting jumbled on how to implement this.
>
> The idea of un-checking the box in the recipient policy that says
> Exchange is authoritative for the domains in that recipient policy
> seems like it should work as well but there like above there is so
> much I have to understand that I am unsure how to create an SMTP
> connector for the domain and specify that the mail should be forwarded
> to SmarterMail and would this way still have a tie into Exchange?
>
> I finally have an idea as to what is going where at this moment in
> Utrecht’s IP structure and their email system.
>
> People send an email to xyz@utrecht.com <mailto:xyz@utrecht.com>. The
> MX records point the email to the MailProtector servers.
>
> The Mailprotector servers scrub the email and then send the email to
> ntserver2.utrechtnj.com. (note that it is utrechtnj.com and not
> utrecht.com). This is set in DNS where they host the webserver (yes,
> Utrecht uses an outside vendor for their server. Not my call J).
> ntserver2.utrechtnj.com resolves to 208.178.106.243. This is a slave
> DNS and the Exchange 2000 server.
>
> ntserver1.utrechtnj.com resolves to 208.178.106.235. This is our
> master AD server
>
> email.utrechtnj.com resolves to 208.178.106.236 and is the physical
> SmarterMail server. This IP is available on the web right now.
>
> As one of you mentioned, many factors will determine the right path
> for me and there is no single “right” for this. I believe that the
> right path is to keep everything the same at MailProtector (it ain’t
> broke so don’t fix it). I believe also that we can still have the
> email come into ntserver2.utrechtnj.com the way it was and then let AD
> decide where to send this based upon the email address. Am I way off
> base on this?
>
> This way the only thing I should have to do is to slowly change where
> a user in Active Directory sends that email.
>
> Does that make sense to you? Am I barking up the wrong tree? Please
> excuse my lack of knowledge in AD and Exchange but I was thrown to the
> wolves to fix this and I intend to do it right the first time (yeah
> right eh?)
>
> Thanks in advance,
>
> Steve Lewis - Systems Operation Consultant
>
> Utrecht Art Supplies
>
> 6 Corporate Dr
>
> Cranbury, New Jersey 08512
>
> T. 609-409-8001 X118
>
> F. 609-409-8002
>
> C. 732-670-4406
>
> slewis@utrecht.com <mailto:slewis@utrecht.com>
>
> http://www.utrecht.com
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
|
|