Jump to content

Exhange Server 2016

Bruno_A

After some trouble, yesterday, with DNS configuration, I was finally able to get my active directory domain up and running. I named it "ecorp.local", as I really couldn't thinkg of anything else, and then set up Exchange 2016 on a Windows Server 2016 machine in the domain. I am able to send and receive emails when I'm on the network (don't have to be on the domain), as my network uses the two Domain Controllers as the DNS servers, however, I want to use my own domain name, that I am yet to purchase for this purpose. How exactely can I setup my own domain with an Exhange server on my network? I do have a domain that I use for testing and for DDNS (In fact, my router is actually set up with that domain as its DDNS), so, I could start doing this now. Is this just a matter of setting up DNS records on the DNS settings of the domain? Also, I have another domain, that I use with Office 365 for Business. This is a great cloud solution, as it comes with an online Exhange server set uo with my domain, One Drive, etc., however, would it be possible to use this domain both for Office 365 AND an on-premises Exhange server? If this is too much of a pain in the ass, I can quite happily buy another domain just for this purpose.

Quote me so I can reply back :) 

MY PC-> PSU: EVGA SuperNOVA T2 1000W 80 Plus Titanium MOTHERBOARD: ASUS X370 Crosshair VI Hero CPU: RYZEN 7 3700X RAM: G.Skill 32GB (4X8GB) DDR4 3200MHz C14 GPU: EVGA GTX 1080Ti FTW3 HYBRID STORAGE: Samsung 970 EVO 500GB NVMe SSD; 2TB WD Caviar Blue; Crucial MX500 500GB SSD CUSTOM LOOP: EK-Velocity Nickel + Plexi CPU block, EK-FC1080 GTX Ti Acetal + Nickel GPU Block w/ EK-FC1080 GTX Ti Backplate, EK-XRES 140 Revo D5 PWM, EK-CoolStream PE 240 w/ 2x Noctua NF-F12 Chromax fans, EK-ACF Fitting 10/13mm Nickel, Mayhems UV White tubing 13/10mm, 3x Noctua NF-S12A Chromax case fans

Link to comment
Share on other sites

Link to post
Share on other sites

You'll need to create an MX record on your public DNS. Never checked if you could use O365 to point to your on-premise Exchange server. It's probably doable, but again, you need public DNS records.

If you need help with your forum account, please use the Forum Support form !

Link to comment
Share on other sites

Link to post
Share on other sites

And you will still need a 3rd party email hosting for you  to be able to relay your outgoing mail through their SMTP, becasue mail straight from yours will just be denied forwarding.

F@H
Desktop: i9-13900K, ASUS Z790-E, 64GB DDR5-6000 CL36, RTX3080, 2TB MP600 Pro XT, 2TB SX8200Pro, 2x16TB Ironwolf RAID0, Corsair HX1200, Antec Vortex 360 AIO, Thermaltake Versa H25 TG, Samsung 4K curved 49" TV, 23" secondary, Mountain Everest Max

Mobile SFF rig: i9-9900K, Noctua NH-L9i, Asrock Z390 Phantom ITX-AC, 32GB, GTX1070, 2x1TB SX8200Pro RAID0, 2x5TB 2.5" HDD RAID0, Athena 500W Flex (Noctua fan), Custom 4.7l 3D printed case

 

Asus Zenbook UM325UA, Ryzen 7 5700u, 16GB, 1TB, OLED

 

GPD Win 2

Link to comment
Share on other sites

Link to post
Share on other sites

39 minutes ago, Kilrah said:

And you will still need a 3rd party email hosting for you  to be able to relay your outgoing mail through their SMTP, becasue mail straight from yours will just be denied forwarding.

Do you mean something like ProofPoint? We had this at my previous job. We had an on-premises Exchange 2013 server, and we had ProofPoint set up, so the emails would go through ProofPoint first, and this would make it so our emails weren’t classed as spam and it would also work as a filter. I believe this is how it worked. I was only briefly told about this, once.

Quote me so I can reply back :) 

MY PC-> PSU: EVGA SuperNOVA T2 1000W 80 Plus Titanium MOTHERBOARD: ASUS X370 Crosshair VI Hero CPU: RYZEN 7 3700X RAM: G.Skill 32GB (4X8GB) DDR4 3200MHz C14 GPU: EVGA GTX 1080Ti FTW3 HYBRID STORAGE: Samsung 970 EVO 500GB NVMe SSD; 2TB WD Caviar Blue; Crucial MX500 500GB SSD CUSTOM LOOP: EK-Velocity Nickel + Plexi CPU block, EK-FC1080 GTX Ti Acetal + Nickel GPU Block w/ EK-FC1080 GTX Ti Backplate, EK-XRES 140 Revo D5 PWM, EK-CoolStream PE 240 w/ 2x Noctua NF-F12 Chromax fans, EK-ACF Fitting 10/13mm Nickel, Mayhems UV White tubing 13/10mm, 3x Noctua NF-S12A Chromax case fans

Link to comment
Share on other sites

Link to post
Share on other sites

Yeah, sounds like that would work. 

F@H
Desktop: i9-13900K, ASUS Z790-E, 64GB DDR5-6000 CL36, RTX3080, 2TB MP600 Pro XT, 2TB SX8200Pro, 2x16TB Ironwolf RAID0, Corsair HX1200, Antec Vortex 360 AIO, Thermaltake Versa H25 TG, Samsung 4K curved 49" TV, 23" secondary, Mountain Everest Max

Mobile SFF rig: i9-9900K, Noctua NH-L9i, Asrock Z390 Phantom ITX-AC, 32GB, GTX1070, 2x1TB SX8200Pro RAID0, 2x5TB 2.5" HDD RAID0, Athena 500W Flex (Noctua fan), Custom 4.7l 3D printed case

 

Asus Zenbook UM325UA, Ryzen 7 5700u, 16GB, 1TB, OLED

 

GPD Win 2

Link to comment
Share on other sites

Link to post
Share on other sites

44 minutes ago, wkdpaul said:

You'll need to create an MX record on your public DNS. Never checked if you could use O365 to point to your on-premise Exchange server. It's probably doable, but again, you need public DNS records.

So, if I set an MX record to my public IP (or my DDNS, which points to the public IP), that’s all I need? Surely there has to be more configuration, right? If my local domain is ecorp.local, how does the exchange server starts using example.com (let’s say that’s the domain I purchased) for the email addresses? Do I need to configure anything in the router? Forward ports? I’m sorry, but I’ve got zero experience in this.

Quote me so I can reply back :) 

MY PC-> PSU: EVGA SuperNOVA T2 1000W 80 Plus Titanium MOTHERBOARD: ASUS X370 Crosshair VI Hero CPU: RYZEN 7 3700X RAM: G.Skill 32GB (4X8GB) DDR4 3200MHz C14 GPU: EVGA GTX 1080Ti FTW3 HYBRID STORAGE: Samsung 970 EVO 500GB NVMe SSD; 2TB WD Caviar Blue; Crucial MX500 500GB SSD CUSTOM LOOP: EK-Velocity Nickel + Plexi CPU block, EK-FC1080 GTX Ti Acetal + Nickel GPU Block w/ EK-FC1080 GTX Ti Backplate, EK-XRES 140 Revo D5 PWM, EK-CoolStream PE 240 w/ 2x Noctua NF-F12 Chromax fans, EK-ACF Fitting 10/13mm Nickel, Mayhems UV White tubing 13/10mm, 3x Noctua NF-S12A Chromax case fans

Link to comment
Share on other sites

Link to post
Share on other sites

2 hours ago, Bruno_A said:

So, if I set an MX record to my public IP (or my DDNS, which points to the public IP), that’s all I need? Surely there has to be more configuration, right? If my local domain is ecorp.local, how does the exchange server starts using example.com (let’s say that’s the domain I purchased) for the email addresses? Do I need to configure anything in the router? Forward ports? I’m sorry, but I’ve got zero experience in this.

Oh wow you're starting for far !!! ( Not to be mean, seeing as you already have 2 DC and an Exchange server, I thought you'd have already have setup most of that).

 

I don't have time to get into a deep dive Right now as it's Christmas Eve. I'll try to come back as soon as possible and give you some pointers and instructions,unless someone does before that!

If you need help with your forum account, please use the Forum Support form !

Link to comment
Share on other sites

Link to post
Share on other sites

7 minutes ago, wkdpaul said:

Oh wow you're starting for far !!! ( Not to be mean, seeing as you already have 2 DC and an Exchange server, I thought you'd have already have setup most of that).

 

I don't have time to get into a deep dive Right now as it's Christmas Eve. I'll try to come back as soon as possible and give you some pointers and instructions,unless someone does before that!

Enjoy your christmas, and thanks for the help, anyway! :)

Quote me so I can reply back :) 

MY PC-> PSU: EVGA SuperNOVA T2 1000W 80 Plus Titanium MOTHERBOARD: ASUS X370 Crosshair VI Hero CPU: RYZEN 7 3700X RAM: G.Skill 32GB (4X8GB) DDR4 3200MHz C14 GPU: EVGA GTX 1080Ti FTW3 HYBRID STORAGE: Samsung 970 EVO 500GB NVMe SSD; 2TB WD Caviar Blue; Crucial MX500 500GB SSD CUSTOM LOOP: EK-Velocity Nickel + Plexi CPU block, EK-FC1080 GTX Ti Acetal + Nickel GPU Block w/ EK-FC1080 GTX Ti Backplate, EK-XRES 140 Revo D5 PWM, EK-CoolStream PE 240 w/ 2x Noctua NF-F12 Chromax fans, EK-ACF Fitting 10/13mm Nickel, Mayhems UV White tubing 13/10mm, 3x Noctua NF-S12A Chromax case fans

Link to comment
Share on other sites

Link to post
Share on other sites

As said above, you need to create MX records for mail delivery. You also need to create SPF records for reputation. 

You also need to have a static IP address, unless you're setting up a send connector to a smarthost relay. 

 

As far as domain setups e.g name@domain.com, you need to configure your accepted/authoritative domains. You can do this via Exchange Shell or the EAC, plenty of instructions online how to do this. You can really create any domain you like (SMTP address), but they wont pass externally without MX/SPF records. 

Spoiler

Desktop: Ryzen9 5950X | ASUS ROG Crosshair VIII Hero (Wifi) | EVGA RTX 3080Ti FTW3 | 32GB (2x16GB) Corsair Dominator Platinum RGB Pro 3600Mhz | EKWB EK-AIO 360D-RGB | EKWB EK-Vardar RGB Fans | 1TB Samsung 980 Pro, 4TB Samsung 980 Pro | Corsair 5000D Airflow | Corsair HX850 Platinum PSU | Asus ROG 42" OLED PG42UQ + LG 32" 32GK850G Monitor | Roccat Vulcan TKL Pro Keyboard | Logitech G Pro X Superlight  | MicroLab Solo 7C Speakers | Audio-Technica ATH-M50xBT2 LE Headphones | TC-Helicon GoXLR | Audio-Technica AT2035 | LTT Desk Mat | XBOX-X Controller | Windows 11 Pro

 

Spoiler

Server: Fractal Design Define R6 | Ryzen 3950x | ASRock X570 Taichi | EVGA GTX1070 FTW | 64GB (4x16GB) Corsair Vengeance LPX 3000Mhz | Corsair RM850v2 PSU | Fractal S36 Triple AIO | 12 x 8TB HGST Ultrastar He10 (WD Whitelabel) | 500GB Aorus Gen4 NVMe | 2 x 2TB Samsung 970 Evo Plus NVMe | LSI 9211-8i HBA

 

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, Jarsky said:

As said above, you need to create MX records for mail delivery. You also need to create SPF records for reputation. 

You also need to have a static IP address, unless you're setting up a send connector to a smarthost relay. 

I was actually just working on this. I setup an MX record on my public domain at Namecheap that points to mail.mydomain.com, which is a dynamic A host that points to my external IP. I then set the domain as an accepted domain in Exchange 2016, setup a mail rule and setup an internet send connector. I am able to send emails from the internet to mail@mydomain.com, however, I cannot send emails from mail@mydomain.com to the internet. Am I missing something?

Quote me so I can reply back :) 

MY PC-> PSU: EVGA SuperNOVA T2 1000W 80 Plus Titanium MOTHERBOARD: ASUS X370 Crosshair VI Hero CPU: RYZEN 7 3700X RAM: G.Skill 32GB (4X8GB) DDR4 3200MHz C14 GPU: EVGA GTX 1080Ti FTW3 HYBRID STORAGE: Samsung 970 EVO 500GB NVMe SSD; 2TB WD Caviar Blue; Crucial MX500 500GB SSD CUSTOM LOOP: EK-Velocity Nickel + Plexi CPU block, EK-FC1080 GTX Ti Acetal + Nickel GPU Block w/ EK-FC1080 GTX Ti Backplate, EK-XRES 140 Revo D5 PWM, EK-CoolStream PE 240 w/ 2x Noctua NF-F12 Chromax fans, EK-ACF Fitting 10/13mm Nickel, Mayhems UV White tubing 13/10mm, 3x Noctua NF-S12A Chromax case fans

Link to comment
Share on other sites

Link to post
Share on other sites

3 minutes ago, Bruno_A said:

I was actually just working on this. I setup an MX record on my public domain at Namecheap that points to mail.mydomain.com, which is a dynamic A host that points to my external IP. I then set the domain as an accepted domain in Exchange 2016, setup a mail rule and setup an internet send connector. I am able to send emails from the internet to mail@mydomain.com, however, I cannot send emails from mail@mydomain.com to the internet. Am I missing something?

It sounds like you need to configure your POP/IMAP SMTP settings

This should help: https://docs.microsoft.com/en-us/exchange/clients/pop3-and-imap4/configure-authenticated-smtp?view=exchserver-2019

 

Keep in mind that port 25 is blocked on most ISP's by default so you should use the SSL ports, its best practice anyway for external. 

Port 25 might still be enabled for internal for relaying legacy applications, but external should always be SSL. 

Spoiler

Desktop: Ryzen9 5950X | ASUS ROG Crosshair VIII Hero (Wifi) | EVGA RTX 3080Ti FTW3 | 32GB (2x16GB) Corsair Dominator Platinum RGB Pro 3600Mhz | EKWB EK-AIO 360D-RGB | EKWB EK-Vardar RGB Fans | 1TB Samsung 980 Pro, 4TB Samsung 980 Pro | Corsair 5000D Airflow | Corsair HX850 Platinum PSU | Asus ROG 42" OLED PG42UQ + LG 32" 32GK850G Monitor | Roccat Vulcan TKL Pro Keyboard | Logitech G Pro X Superlight  | MicroLab Solo 7C Speakers | Audio-Technica ATH-M50xBT2 LE Headphones | TC-Helicon GoXLR | Audio-Technica AT2035 | LTT Desk Mat | XBOX-X Controller | Windows 11 Pro

 

Spoiler

Server: Fractal Design Define R6 | Ryzen 3950x | ASRock X570 Taichi | EVGA GTX1070 FTW | 64GB (4x16GB) Corsair Vengeance LPX 3000Mhz | Corsair RM850v2 PSU | Fractal S36 Triple AIO | 12 x 8TB HGST Ultrastar He10 (WD Whitelabel) | 500GB Aorus Gen4 NVMe | 2 x 2TB Samsung 970 Evo Plus NVMe | LSI 9211-8i HBA

 

Link to comment
Share on other sites

Link to post
Share on other sites

6 minutes ago, Jarsky said:

It sounds like you need to configure your POP/IMAP SMTP settings

This should help: https://docs.microsoft.com/en-us/exchange/clients/pop3-and-imap4/configure-authenticated-smtp?view=exchserver-2019

 

Keep in mind that port 25 is blocked on most ISP's by default so you should use the SSL ports, its best practice anyway for external. 

Port 25 might still be enabled for internal for relaying legacy applications, but external should always be SSL. 

So, I should set exchange to use either 465 or 587, instead of 25?

Quote me so I can reply back :) 

MY PC-> PSU: EVGA SuperNOVA T2 1000W 80 Plus Titanium MOTHERBOARD: ASUS X370 Crosshair VI Hero CPU: RYZEN 7 3700X RAM: G.Skill 32GB (4X8GB) DDR4 3200MHz C14 GPU: EVGA GTX 1080Ti FTW3 HYBRID STORAGE: Samsung 970 EVO 500GB NVMe SSD; 2TB WD Caviar Blue; Crucial MX500 500GB SSD CUSTOM LOOP: EK-Velocity Nickel + Plexi CPU block, EK-FC1080 GTX Ti Acetal + Nickel GPU Block w/ EK-FC1080 GTX Ti Backplate, EK-XRES 140 Revo D5 PWM, EK-CoolStream PE 240 w/ 2x Noctua NF-F12 Chromax fans, EK-ACF Fitting 10/13mm Nickel, Mayhems UV White tubing 13/10mm, 3x Noctua NF-S12A Chromax case fans

Link to comment
Share on other sites

Link to post
Share on other sites

@Jarsky

Also, it appears that I need an SSL certificate. Does this have to be purchased?

Quote me so I can reply back :) 

MY PC-> PSU: EVGA SuperNOVA T2 1000W 80 Plus Titanium MOTHERBOARD: ASUS X370 Crosshair VI Hero CPU: RYZEN 7 3700X RAM: G.Skill 32GB (4X8GB) DDR4 3200MHz C14 GPU: EVGA GTX 1080Ti FTW3 HYBRID STORAGE: Samsung 970 EVO 500GB NVMe SSD; 2TB WD Caviar Blue; Crucial MX500 500GB SSD CUSTOM LOOP: EK-Velocity Nickel + Plexi CPU block, EK-FC1080 GTX Ti Acetal + Nickel GPU Block w/ EK-FC1080 GTX Ti Backplate, EK-XRES 140 Revo D5 PWM, EK-CoolStream PE 240 w/ 2x Noctua NF-F12 Chromax fans, EK-ACF Fitting 10/13mm Nickel, Mayhems UV White tubing 13/10mm, 3x Noctua NF-S12A Chromax case fans

Link to comment
Share on other sites

Link to post
Share on other sites

55 minutes ago, Bruno_A said:

So, I should set exchange to use either 465 or 587, instead of 25?

Your receive connectors should be on 587 for TLS.

Perhaps to simplify, start with Port 25 just to test it with internal sending to your Exchange Server, but you might have trouble with sending to your Exchange server outside of your local network, which you'll need to switch to 587 TLS with the appropriate certificates. 

 

Some certificates you can create self signed certs or you can issue them via a PKI server like ADCS, and these will either need to be manually added to computers/devices or pushed out via GPO or something to add them as trusted root certificates, For external certificates (commercial CA) you might need such as OWA you can use LetsEncrypt for free certificates. 

Heres more details on certificates: https://docs.microsoft.com/en-us/exchange/architecture/client-access/certificates?view=exchserver-2019#certificate-requirements-for-exchange-services

 

For the send connector just make sure under accepted domains you also set your domain as authoritive.

Create a send connector

Choose Type: Internet > Next

Specify "MX record assicated with recipient domain" > Next

Address space: Add > Type: SMTP; FQDN: * (wildcard symbol) ; Cost: 1 > Save > Next

Select a server: Add your source server (I assume you only have 1) > OK > Finish

 

That should get mail flow working

Spoiler

Desktop: Ryzen9 5950X | ASUS ROG Crosshair VIII Hero (Wifi) | EVGA RTX 3080Ti FTW3 | 32GB (2x16GB) Corsair Dominator Platinum RGB Pro 3600Mhz | EKWB EK-AIO 360D-RGB | EKWB EK-Vardar RGB Fans | 1TB Samsung 980 Pro, 4TB Samsung 980 Pro | Corsair 5000D Airflow | Corsair HX850 Platinum PSU | Asus ROG 42" OLED PG42UQ + LG 32" 32GK850G Monitor | Roccat Vulcan TKL Pro Keyboard | Logitech G Pro X Superlight  | MicroLab Solo 7C Speakers | Audio-Technica ATH-M50xBT2 LE Headphones | TC-Helicon GoXLR | Audio-Technica AT2035 | LTT Desk Mat | XBOX-X Controller | Windows 11 Pro

 

Spoiler

Server: Fractal Design Define R6 | Ryzen 3950x | ASRock X570 Taichi | EVGA GTX1070 FTW | 64GB (4x16GB) Corsair Vengeance LPX 3000Mhz | Corsair RM850v2 PSU | Fractal S36 Triple AIO | 12 x 8TB HGST Ultrastar He10 (WD Whitelabel) | 500GB Aorus Gen4 NVMe | 2 x 2TB Samsung 970 Evo Plus NVMe | LSI 9211-8i HBA

 

Link to comment
Share on other sites

Link to post
Share on other sites

26 minutes ago, Jarsky said:

Your receive connectors should be on 587 for TLS.

Perhaps to simplify, start with Port 25 just to test it with internal sending to your Exchange Server, but you might have trouble with sending to your Exchange server outside of your local network, which you'll need to switch to 587 TLS with the appropriate certificates. 

 

Some certificates you can create self signed certs or you can issue them via a PKI server like ADCS, and these will either need to be manually added to computers/devices or pushed out via GPO or something to add them as trusted root certificates, For external certificates (commercial CA) you might need such as OWA you can use LetsEncrypt for free certificates. 

Heres more details on certificates: https://docs.microsoft.com/en-us/exchange/architecture/client-access/certificates?view=exchserver-2019#certificate-requirements-for-exchange-services

 

For the send connector just make sure under accepted domains you also set your domain as authoritive.

Create a send connector

Choose Type: Internet > Next

Specify "MX record assicated with recipient domain" > Next

Address space: Add > Type: SMTP; FQDN: * (wildcard symbol) ; Cost: 1 > Save > Next

Select a server: Add your source server (I assume you only have 1) > OK > Finish

 

That should get mail flow working

I can send emails from outside the network to the Exchange Server, however, I cannot send an email from the Exchange Server to my iCloud email, for example, and I have already set up the Send Connector. The issue is with the outgoing. If it is using port 25, and if port 25 is blocked, then I don't expect it to work. Now, I'm a real noob, so, let me see if I understand this: As I cannot use port 25, I need to use 587, but with certificates that I can assign with ADCS?

Quote me so I can reply back :) 

MY PC-> PSU: EVGA SuperNOVA T2 1000W 80 Plus Titanium MOTHERBOARD: ASUS X370 Crosshair VI Hero CPU: RYZEN 7 3700X RAM: G.Skill 32GB (4X8GB) DDR4 3200MHz C14 GPU: EVGA GTX 1080Ti FTW3 HYBRID STORAGE: Samsung 970 EVO 500GB NVMe SSD; 2TB WD Caviar Blue; Crucial MX500 500GB SSD CUSTOM LOOP: EK-Velocity Nickel + Plexi CPU block, EK-FC1080 GTX Ti Acetal + Nickel GPU Block w/ EK-FC1080 GTX Ti Backplate, EK-XRES 140 Revo D5 PWM, EK-CoolStream PE 240 w/ 2x Noctua NF-F12 Chromax fans, EK-ACF Fitting 10/13mm Nickel, Mayhems UV White tubing 13/10mm, 3x Noctua NF-S12A Chromax case fans

Link to comment
Share on other sites

Link to post
Share on other sites

4 minutes ago, Bruno_A said:

I can send emails from outside the network to the Exchange Server, however, I cannot send an email from the Exchange Server to my iCloud email, for example, and I have already set up the Send Connector. The issue is with the outgoing. If it is using port 25, and if port 25 is blocked, then I don't expect it to work. Now, I'm a real noob, so, let me see if I understand this: As I cannot use port 25, I need to use 587, but with certificates that I can assign with ADCS?

If your sending emails to external isn't working then thats your Send Connector. By default it uses port 25 so if your ISP is blocking that such as on a consumer connection, then that very well might be your problem. 

 

Most ISP's do offer an SMTP relay service, so you could check with them. If they do offer it then you can change the Send Connector from MX record to Smart Host and specify the SMTP relay details they give you. Your ISP might also have the option of unblocking the port. You can also go down the route of changing it via powershell to port 465 or 587 with TLS. 

 

If you want to do TLS, These should help you, particularly Certificate Procedures. 

Its been a long time since I setup a new Exchange server environment (not since Exchange 2003) so can't really help much on the creation of the certificates. 

You can just do self signed certificates for SMTP, but you'd need an external e.g LetsEncrypt for the domain for OWA/ECP eg https://mail.mydomain.com

https://docs.microsoft.com/en-us/Exchange/architecture/client-access/certificates?view=exchserver-2019

https://docs.microsoft.com/en-us/Exchange/architecture/client-access/certificate-procedures?view=exchserver-2019

 

Maybe someone whos setup/configured an Exchange 2013/2016 can chime in to help with this :)

 

 

 

 

Spoiler

Desktop: Ryzen9 5950X | ASUS ROG Crosshair VIII Hero (Wifi) | EVGA RTX 3080Ti FTW3 | 32GB (2x16GB) Corsair Dominator Platinum RGB Pro 3600Mhz | EKWB EK-AIO 360D-RGB | EKWB EK-Vardar RGB Fans | 1TB Samsung 980 Pro, 4TB Samsung 980 Pro | Corsair 5000D Airflow | Corsair HX850 Platinum PSU | Asus ROG 42" OLED PG42UQ + LG 32" 32GK850G Monitor | Roccat Vulcan TKL Pro Keyboard | Logitech G Pro X Superlight  | MicroLab Solo 7C Speakers | Audio-Technica ATH-M50xBT2 LE Headphones | TC-Helicon GoXLR | Audio-Technica AT2035 | LTT Desk Mat | XBOX-X Controller | Windows 11 Pro

 

Spoiler

Server: Fractal Design Define R6 | Ryzen 3950x | ASRock X570 Taichi | EVGA GTX1070 FTW | 64GB (4x16GB) Corsair Vengeance LPX 3000Mhz | Corsair RM850v2 PSU | Fractal S36 Triple AIO | 12 x 8TB HGST Ultrastar He10 (WD Whitelabel) | 500GB Aorus Gen4 NVMe | 2 x 2TB Samsung 970 Evo Plus NVMe | LSI 9211-8i HBA

 

Link to comment
Share on other sites

Link to post
Share on other sites

21 minutes ago, Jarsky said:

If your sending emails to external isn't working then thats your Send Connector. By default it uses port 25 so if your ISP is blocking that such as on a consumer connection, then that very well might be your problem. 

 

Most ISP's do offer an SMTP relay service, so you could check with them. If they do offer it then you can change the Send Connector from MX record to Smart Host and specify the SMTP relay details they give you. Your ISP might also have the option of unblocking the port. You can also go down the route of changing it via powershell to port 465 or 587 with TLS. 

 

If you want to do TLS, These should help you, particularly Certificate Procedures. 

Its been a long time since I setup a new Exchange server environment (not since Exchange 2003) so can't really help much on the creation of the certificates. 

You can just do self signed certificates for SMTP, but you'd need an external e.g LetsEncrypt for the domain for OWA/ECP eg https://mail.mydomain.com

https://docs.microsoft.com/en-us/Exchange/architecture/client-access/certificates?view=exchserver-2019

https://docs.microsoft.com/en-us/Exchange/architecture/client-access/certificate-procedures?view=exchserver-2019

 

Maybe someone whos setup/configured an Exchange 2013/2016 can chime in to help with this :)

 

 

 

 

I did a quick read on how to setup self-assigned certificates for SMTP, and it appears that Exchange already comes with a default certificate for SMTP. I used the command "Set-SendConnector -Identity "internet" -Port 465" to change the port to 465, and I am still unable to send email to the outside :( I will have a look at setting up Let's Encrypt for the OWA, however.

Quote me so I can reply back :) 

MY PC-> PSU: EVGA SuperNOVA T2 1000W 80 Plus Titanium MOTHERBOARD: ASUS X370 Crosshair VI Hero CPU: RYZEN 7 3700X RAM: G.Skill 32GB (4X8GB) DDR4 3200MHz C14 GPU: EVGA GTX 1080Ti FTW3 HYBRID STORAGE: Samsung 970 EVO 500GB NVMe SSD; 2TB WD Caviar Blue; Crucial MX500 500GB SSD CUSTOM LOOP: EK-Velocity Nickel + Plexi CPU block, EK-FC1080 GTX Ti Acetal + Nickel GPU Block w/ EK-FC1080 GTX Ti Backplate, EK-XRES 140 Revo D5 PWM, EK-CoolStream PE 240 w/ 2x Noctua NF-F12 Chromax fans, EK-ACF Fitting 10/13mm Nickel, Mayhems UV White tubing 13/10mm, 3x Noctua NF-S12A Chromax case fans

Link to comment
Share on other sites

Link to post
Share on other sites

7 minutes ago, Bruno_A said:

I did a quick read on how to setup self-assigned certificates for SMTP, and it appears that Exchange already comes with a default certificate for SMTP. I used the command "Set-SendConnector -Identity "internet" -Port 465" to change the port to 465, and I am still unable to send email to the outside :( I will have a look at setting up Let's Encrypt for the OWA, however.

 

Try port 587 as I believe thats the proper SSL port to be using. 

Also in EAC check under Servers > certificates and make sure you have a Microsoft Exchange Server Auth Certificate assigned to SMTP, and you should have a certificate assigned to most services IMAP,POP,IIS,SMTP (this one is typically a corporate CA but test with a self-signed). 

 

On the connectors settings also enable Protocol Logging, so you can look at the protocol logs and see what the actual error is. 

 

 

Spoiler

Desktop: Ryzen9 5950X | ASUS ROG Crosshair VIII Hero (Wifi) | EVGA RTX 3080Ti FTW3 | 32GB (2x16GB) Corsair Dominator Platinum RGB Pro 3600Mhz | EKWB EK-AIO 360D-RGB | EKWB EK-Vardar RGB Fans | 1TB Samsung 980 Pro, 4TB Samsung 980 Pro | Corsair 5000D Airflow | Corsair HX850 Platinum PSU | Asus ROG 42" OLED PG42UQ + LG 32" 32GK850G Monitor | Roccat Vulcan TKL Pro Keyboard | Logitech G Pro X Superlight  | MicroLab Solo 7C Speakers | Audio-Technica ATH-M50xBT2 LE Headphones | TC-Helicon GoXLR | Audio-Technica AT2035 | LTT Desk Mat | XBOX-X Controller | Windows 11 Pro

 

Spoiler

Server: Fractal Design Define R6 | Ryzen 3950x | ASRock X570 Taichi | EVGA GTX1070 FTW | 64GB (4x16GB) Corsair Vengeance LPX 3000Mhz | Corsair RM850v2 PSU | Fractal S36 Triple AIO | 12 x 8TB HGST Ultrastar He10 (WD Whitelabel) | 500GB Aorus Gen4 NVMe | 2 x 2TB Samsung 970 Evo Plus NVMe | LSI 9211-8i HBA

 

Link to comment
Share on other sites

Link to post
Share on other sites

21 minutes ago, Jarsky said:

 

Try port 587 as I believe thats the proper SSL port to be using. 

Also in EAC check under Servers > certificates and make sure you have a Microsoft Exchange Server Auth Certificate assigned to SMTP, and you should have a certificate assigned to most services IMAP,POP,IIS,SMTP (this one is typically a corporate CA but test with a self-signed). 

 

On the connectors settings also enable Protocol Logging, so you can look at the protocol logs and see what the actual error is. 

 

 

These are the only certificates installed:

image.thumb.png.0af508706730379e0e48687c56eadd41.png

 

Seems like I'm missing a few.

Quote me so I can reply back :) 

MY PC-> PSU: EVGA SuperNOVA T2 1000W 80 Plus Titanium MOTHERBOARD: ASUS X370 Crosshair VI Hero CPU: RYZEN 7 3700X RAM: G.Skill 32GB (4X8GB) DDR4 3200MHz C14 GPU: EVGA GTX 1080Ti FTW3 HYBRID STORAGE: Samsung 970 EVO 500GB NVMe SSD; 2TB WD Caviar Blue; Crucial MX500 500GB SSD CUSTOM LOOP: EK-Velocity Nickel + Plexi CPU block, EK-FC1080 GTX Ti Acetal + Nickel GPU Block w/ EK-FC1080 GTX Ti Backplate, EK-XRES 140 Revo D5 PWM, EK-CoolStream PE 240 w/ 2x Noctua NF-F12 Chromax fans, EK-ACF Fitting 10/13mm Nickel, Mayhems UV White tubing 13/10mm, 3x Noctua NF-S12A Chromax case fans

Link to comment
Share on other sites

Link to post
Share on other sites

@Jarsky

Also, I tried sending a message to a few different emails I own, and one of them came back with this error:

 

Spoiler
www3.l.google.com rejected your message to the following email addresses:
(my email here)
Your message couldn't be delivered and there was no valid enhanced status code being issued by the remote mail system to determine the exact cause, status: '550 SMTP AUTH is required for message submission on port 587'.

 
www3.l.google.com gave this error:
SMTP AUTH is required for message submission on port 587 

 

Quote me so I can reply back :) 

MY PC-> PSU: EVGA SuperNOVA T2 1000W 80 Plus Titanium MOTHERBOARD: ASUS X370 Crosshair VI Hero CPU: RYZEN 7 3700X RAM: G.Skill 32GB (4X8GB) DDR4 3200MHz C14 GPU: EVGA GTX 1080Ti FTW3 HYBRID STORAGE: Samsung 970 EVO 500GB NVMe SSD; 2TB WD Caviar Blue; Crucial MX500 500GB SSD CUSTOM LOOP: EK-Velocity Nickel + Plexi CPU block, EK-FC1080 GTX Ti Acetal + Nickel GPU Block w/ EK-FC1080 GTX Ti Backplate, EK-XRES 140 Revo D5 PWM, EK-CoolStream PE 240 w/ 2x Noctua NF-F12 Chromax fans, EK-ACF Fitting 10/13mm Nickel, Mayhems UV White tubing 13/10mm, 3x Noctua NF-S12A Chromax case fans

Link to comment
Share on other sites

Link to post
Share on other sites

That's why we mentioned you will likely need to use some service to relay your outgoing e-mails. Can be any other email address you have with a provider where you have valid creds for their SMTP, and you set up your server to just relay outgoing mail through theirs.

Almost noone allows relaying mail without authentication or from non-recognised domains nowadays, worked 12 or so years ago when I also set up my own mail hosting but unfortunately spammers figured out they could do that too so it was all tightened down a couple of years later.

F@H
Desktop: i9-13900K, ASUS Z790-E, 64GB DDR5-6000 CL36, RTX3080, 2TB MP600 Pro XT, 2TB SX8200Pro, 2x16TB Ironwolf RAID0, Corsair HX1200, Antec Vortex 360 AIO, Thermaltake Versa H25 TG, Samsung 4K curved 49" TV, 23" secondary, Mountain Everest Max

Mobile SFF rig: i9-9900K, Noctua NH-L9i, Asrock Z390 Phantom ITX-AC, 32GB, GTX1070, 2x1TB SX8200Pro RAID0, 2x5TB 2.5" HDD RAID0, Athena 500W Flex (Noctua fan), Custom 4.7l 3D printed case

 

Asus Zenbook UM325UA, Ryzen 7 5700u, 16GB, 1TB, OLED

 

GPD Win 2

Link to comment
Share on other sites

Link to post
Share on other sites

3 hours ago, Bruno_A said:

@Jarsky

Also, I tried sending a message to a few different emails I own, and one of them came back with this error:

 

  Hide contents
www3.l.google.com rejected your message to the following email addresses:
(my email here)
Your message couldn't be delivered and there was no valid enhanced status code being issued by the remote mail system to determine the exact cause, status: '550 SMTP AUTH is required for message submission on port 587'.

 
www3.l.google.com gave this error:
SMTP AUTH is required for message submission on port 587 

 

 

Does it give you the same error sending from OWA as well? 

Have you looked at the protocol logs?

Spoiler

Desktop: Ryzen9 5950X | ASUS ROG Crosshair VIII Hero (Wifi) | EVGA RTX 3080Ti FTW3 | 32GB (2x16GB) Corsair Dominator Platinum RGB Pro 3600Mhz | EKWB EK-AIO 360D-RGB | EKWB EK-Vardar RGB Fans | 1TB Samsung 980 Pro, 4TB Samsung 980 Pro | Corsair 5000D Airflow | Corsair HX850 Platinum PSU | Asus ROG 42" OLED PG42UQ + LG 32" 32GK850G Monitor | Roccat Vulcan TKL Pro Keyboard | Logitech G Pro X Superlight  | MicroLab Solo 7C Speakers | Audio-Technica ATH-M50xBT2 LE Headphones | TC-Helicon GoXLR | Audio-Technica AT2035 | LTT Desk Mat | XBOX-X Controller | Windows 11 Pro

 

Spoiler

Server: Fractal Design Define R6 | Ryzen 3950x | ASRock X570 Taichi | EVGA GTX1070 FTW | 64GB (4x16GB) Corsair Vengeance LPX 3000Mhz | Corsair RM850v2 PSU | Fractal S36 Triple AIO | 12 x 8TB HGST Ultrastar He10 (WD Whitelabel) | 500GB Aorus Gen4 NVMe | 2 x 2TB Samsung 970 Evo Plus NVMe | LSI 9211-8i HBA

 

Link to comment
Share on other sites

Link to post
Share on other sites

4 hours ago, Jarsky said:

 

Does it give you the same error sending from OWA as well? 

Have you looked at the protocol logs?

This was from OWA.

Quote me so I can reply back :) 

MY PC-> PSU: EVGA SuperNOVA T2 1000W 80 Plus Titanium MOTHERBOARD: ASUS X370 Crosshair VI Hero CPU: RYZEN 7 3700X RAM: G.Skill 32GB (4X8GB) DDR4 3200MHz C14 GPU: EVGA GTX 1080Ti FTW3 HYBRID STORAGE: Samsung 970 EVO 500GB NVMe SSD; 2TB WD Caviar Blue; Crucial MX500 500GB SSD CUSTOM LOOP: EK-Velocity Nickel + Plexi CPU block, EK-FC1080 GTX Ti Acetal + Nickel GPU Block w/ EK-FC1080 GTX Ti Backplate, EK-XRES 140 Revo D5 PWM, EK-CoolStream PE 240 w/ 2x Noctua NF-F12 Chromax fans, EK-ACF Fitting 10/13mm Nickel, Mayhems UV White tubing 13/10mm, 3x Noctua NF-S12A Chromax case fans

Link to comment
Share on other sites

Link to post
Share on other sites

4 hours ago, Kilrah said:

That's why we mentioned you will likely need to use some service to relay your outgoing e-mails. Can be any other email address you have with a provider where you have valid creds for their SMTP, and you set up your server to just relay outgoing mail through theirs.

Almost noone allows relaying mail without authentication or from non-recognised domains nowadays, worked 12 or so years ago when I also set up my own mail hosting but unfortunately spammers figured out they could do that too so it was all tightened down a couple of years later.

Ohhh, so, I’d be able to use a free outlook email, for example, to relay the emails?

Quote me so I can reply back :) 

MY PC-> PSU: EVGA SuperNOVA T2 1000W 80 Plus Titanium MOTHERBOARD: ASUS X370 Crosshair VI Hero CPU: RYZEN 7 3700X RAM: G.Skill 32GB (4X8GB) DDR4 3200MHz C14 GPU: EVGA GTX 1080Ti FTW3 HYBRID STORAGE: Samsung 970 EVO 500GB NVMe SSD; 2TB WD Caviar Blue; Crucial MX500 500GB SSD CUSTOM LOOP: EK-Velocity Nickel + Plexi CPU block, EK-FC1080 GTX Ti Acetal + Nickel GPU Block w/ EK-FC1080 GTX Ti Backplate, EK-XRES 140 Revo D5 PWM, EK-CoolStream PE 240 w/ 2x Noctua NF-F12 Chromax fans, EK-ACF Fitting 10/13mm Nickel, Mayhems UV White tubing 13/10mm, 3x Noctua NF-S12A Chromax case fans

Link to comment
Share on other sites

Link to post
Share on other sites

4 hours ago, Jarsky said:

 

Does it give you the same error sending from OWA as well? 

Have you looked at the protocol logs?

Also, where are the logs located?

Quote me so I can reply back :) 

MY PC-> PSU: EVGA SuperNOVA T2 1000W 80 Plus Titanium MOTHERBOARD: ASUS X370 Crosshair VI Hero CPU: RYZEN 7 3700X RAM: G.Skill 32GB (4X8GB) DDR4 3200MHz C14 GPU: EVGA GTX 1080Ti FTW3 HYBRID STORAGE: Samsung 970 EVO 500GB NVMe SSD; 2TB WD Caviar Blue; Crucial MX500 500GB SSD CUSTOM LOOP: EK-Velocity Nickel + Plexi CPU block, EK-FC1080 GTX Ti Acetal + Nickel GPU Block w/ EK-FC1080 GTX Ti Backplate, EK-XRES 140 Revo D5 PWM, EK-CoolStream PE 240 w/ 2x Noctua NF-F12 Chromax fans, EK-ACF Fitting 10/13mm Nickel, Mayhems UV White tubing 13/10mm, 3x Noctua NF-S12A Chromax case fans

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×