Wednesday, November 14, 2007

Use Small Business Server to full advantage

In the last few weeks I've received several calls asking for assistance with Small Business Server. In each case I have been amazed to discover that the businesses were running SBS either without Exchange Server enabled or with it crippled in some way. Microsoft has done a good job of selling SBS and it is an awesome deal, but apparently the VARs who have been selling and installing it have not done as good a job. Why? Do they not know how to use or configure all the features or is it because they can't convince the SMB to put them in place?

I'm referring specifically to the idea of hosting your own email server. It's not hard to do and I can't figure out why anyone wouldn't want to take advantage of it. The benefits are many. You have total control over your email. You never have to wonder if something got blocked in the spam blocker of your ISP. You can use Outlook Web Access to reach your email from anywhere. You can take advantage of all the benefits of a common shared or Global Address List (GAL). You can use ActiveSync to push your email out to mobile devices.

There are three basic requirements to hosting your email server safely and effectively. First get a great spam filter for Exchange Server. I always recommend Commtouch but you can also go with GFI Mail Security. I have also installed and used Freedom9 Freeguard at some clients. Commtouch is an outside service, GFI Mail Security runs on the Exchange Server and the Freeguard firewall does spam filtering or marking - you can either drop it completly or send it to the mailboxes (my preference) marked as spam and run rules to send it to a spam folder.

The second requirement is to have your ISP change your MX record so all email destined for your domain is sent directly to your Exchange Server. Now do you see why you MUST have a good spam filter in place first? Did you know that 95% of unfiltered email is spam? That can be quite a shock if you have been relying on your ISP to filter your spam for you. My home ISP uses Barracuda and it still struggles even though I've been training it for years. It will send things though that I know I've told it not to and stop things that I have previously cleared.

The third requirement in hosting your own email server is to set up a reverse DNS record with your ISP. This is especially important if you plan to send a lot of emails out through your Exchange Server like a weekly email newsletter to a large mailing list. Without the reverse DNS lookup configured properly with the word mail in their somewhere you will soon end up on the RBL (Real-time Black List) of the spam databases like Spamhaus, Spamcop and Spamcannibal. There are at least 100 spam databases out there. You do NOT want to get listed on any one of them because it a pain to get removed. You can check if you're listed on DNS Stuff.

What do you think? Has my experience been unique or do most SBS users host their own SMTP email on their Exchange Server?

1 comment:

spamcannibal said...

One more thing that usually gets forgotten when setting up these small mail systems is to make sure that they do not send NDR's to non-local hosts in violation of RFC-2476.

Hosts configured this way ARE USED BY SPAMMERS to deliver their payload to the bogus FROM address in the spam. Hosts configured this way can also be use in denial of service attacks agains other mail systems and they are routinely blacklisted.