Become a Columnist Microsoft Exchange Site Microsoft Support SiteMSDN Exchange Site

   

Subscribe to OutlookExchange
What's New
Columnist
Anderson Patricio
Ann Mc Donough
Bob Spurzem
Brian Veal
Catherine Creary
Cherry Beado
Colin Janssen
Collins Timothy Mutesaria
Drew Nicholson
Fred Volking
Glen Scales
Goran Husman
Guy Thomas
Henrik Walther
Jason Sherry
Jayme Bowers
John Young
Joyce Tang
Justin Braun
Konstantin Zheludev
Kristina Waters
Kuang Zhang
Mahmoud Magdy
Martin Tuip
Michael Dong
Michele Deo
Mitch Tulloch
Nicolas Blank
Pavel Nagaev
Ragnar Harper
Ricardo Silva
Richard Wakeman
Russ Iuliano
Santhosh Hanumanthappa
Steve Bryant
Steve Craig
Todd Walker
Tracey J. Rosenblath
Development
More Resources
Software
Other Links
 
 
Configuring Exchange & Outlook for ISP port 25 blocking Columnist's Index
Page 1

Spam has caused many companies to rethink their email policies and to change the way email is handled. Earthlink, Inc. is known for their reliable service and for their active spam, pop-up blocking, and antivirus programs. One extra step Earthlink and many other ISPs for that matter, are taking is to block port 25 (SMTP) traffic from their users. This approach is effective in keeping spam from originating from their services, however, it limits small office/home office Exchange server installs. This problem can be overcome in Exchange 2000, 2003 and Outlook as well. Let us take a look at what we can do to get this problem solved.

First and foremost, I would like to commend Earthlink and other ISPs alike for taking a pro-active step in stopping spammers. Unfortunately this step also adds more configuration work to our job as administrators. Spammers are getting more resourceful. The conventional ways of sending unsolicited bulk email like finding an open relay or setting up fake accounts are now getting harder to do because of actions like these that ISPs are taking. From a work load standpoint, the extra configuration we must implement in order to make this work, will in the end, cause us less work blocking spam at a later date.

The theory behind this type of blocking is simple. ISPs will allow users to send mail only through their servers. The only port 25 traffic that is allowed as outgoing by any machine on a users account is to the ISP’s mail server. By doing this, they can monitor their users traffic and if they are flagged as spammers, then the ISP can stop their mail flow and take the appropriate measures to discontinue their spamming practices. Since incoming port 25 traffic is not critical for spammers, this traffic is not blocked; therefore incoming mail is received fine. Now that we have the theory behind this blocking, let us see how we can overcome these barriers.

First we must configure our Exchange server to send all outgoing mail to the ISP’s mail server. As we all know, a fresh install of Exchange offers SMTP connectivity as soon as it is started up. Where the problem lies is when Exchange tries to send mail via SMTP over port 25. The ISP blocks this traffic, therefore the mail does not flow. The first step we need to take is to setup a connector in Exchange so we can send our outgoing messages through the ISP’s server(see Figure 1). Under the Exchange System Manager right click on connectors and select new SMTP connector. Under the name, let’s add a friendly name, for example “Send Mail To Earthlink.” Now let us select “Forward all mail through this connector to the following smart hosts,” and in the textbox under, enter the ISPs SMTP server. This can be the FQDN of the server or its IP address, however, when using the IP address remember to enclose it in [] brackets. Now under Local Bridgeheads select add and then select your SMTP virtual server. Now lets move to the Advanced tab and select “Send HELO instead of EHLO.” From there lets move to the Address Space tab and choose add. Now select SMTP, click Ok, enter Email Domain as * and cost 1 then click Ok. Make sure “Allow messages to be relayed to these domains” is not selected or the server could be used as an open relay. With these steps complete, we can select Apply and then Ok. We now have our SMTP connector successfully setup. Now that we have our connector setup complete, let us try sending some test messages to an outside server. I used a hotmail account for testing mine, and it seemed to work well.

Figure 1

Now that we have our Exchange setup taking the appropriate measures to send mail through our ISPs SMTP servers, we must setup our clients and routers to facilitate these changes. The problem now is sending mail via external clients. Since outgoing port 25 traffic is blocked we must configure our Outlook clients and routers to allow for this. If you are using a client that is on the same local network as your Exchange server, then simply add the IP address of your server to the outgoing and incoming mail. Additionally if you are using an ISP that does not block port 25 traffic from an external location, then simply send mail via the default port settings. For example, using Earthlink to host your Exchange server, but use NetZero as your dial-up ISP in the field. However, if you are sending and receiving mail externally via a ISP that blocks port 25, then the setup is a bit different.
Our first task is to configure Outlook to send mail on port 26 instead of port 25, which is the default. To do this we need to go to the Tools menu, select accounts then find your mail account. Select properties and go to the Advanced tab. Under the Advanced tab we will find “Outgoing Mail (SMTP):” and in the text box we will enter 26. Now click apply and click OK. We have now successfully setup our Outlook client.

Since our Outlook client is now set up properly, we can configure our server to work with our new settings. There are two possible ways of configuring this, so lets take a look at each.


Our first option is to configure the default SMTP virtual server to accept port 26 traffic. To do this we open our Exchange System Manager and select our Default SMTP virtual server. Open the properties and under the IP Address section click Advanced. Now click Add and under TPC Port enter 26 (see Figure 2). Remember to leave your TPC Port 25 also, as we still want routing SMTP server to be able to access our server. Now in your router and firewall (if applicable) punch a hole for port 26 and 25 traffic and map it to your Exchange server. Finally we need to send a few test messages to ensure proper mail flow.

Figure 2

Our second option, and my favorite, is to configure the router to forward incoming port 26 traffic to port 25. Many Small Office/Home Office routers like Linksys, and even Windows XP built in firewall, offer the option to forward incoming traffic to a different port. We can go into our router and firewall configuration pages and make the appropriate changes. Make a new entry for port 26 traffic, set the internal port for 25 and map it to your Exchange server. Additionally, we need to include port 25 traffic so external SMTP servers can connect to our server as well. Now send some test messages and make sure mail is flowing correctly.

With these small and simple configuration changes in Exchange 2000, 2003 and Outlook, we can successfully obtain network connectivity while keeping with in the bounds of our ISP. Furthermore we can help our ISPs rid the internet of annoying spam.


Configuring Exchange & Outlook for ISP port 25 blocking Columnist's Index
Page1

Disclaimer: Your use of the information contained in these pages is at your sole risk. All information on these pages is provided "as is", without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by Stephen Bryant or Pro Exchange. OutlookExchange.Com, Stephen Bryant and Pro Exchange shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages.

Copyright Stephen Bryant 2008