GFI
English Deutsch Français Italiano Nederlands Español
Table of ContentsPreviousNextIndex

Installing GFI MailEssentials on a separate machine

If you install GFI MailEssentials on a separate machine which is not your gateway SMTP server, you must ensure that you configure the Perimeter SMTP server option in the Anti Spam properties of your GFI MailEssentials after you finish the installation. The perimeter SMTP server is the gateway SMTP server which receives your emails directly from the internet and you will have to specify the IP address of your perimeter SMTP server in GFI MailEssentials, especially if you are going to use the SPF filter feature. For more information on how to setup your gateway SMTP server, please refer to the `Defining your Perimeter (Gateway) SMTP Server' section of the Configuring Anti Spam chapter in this manual. Effectively GFI MailEssentials will act as a mail relay server between the perimeter (gateway) SMTP server and the recipients' inboxes.

System requirements
  • Windows 2000/2003 - Pro, Server or Advanced Server or Windows XP Professional.

NOTE: If you use Windows 2000 Pro or XP, you will only be able to accept up to 10 inbound SMTP connections simultaneously, so its better to use Windows 2000/2003 server)

  • IIS5 SMTP service installed and running as an SMTP relay to your mail server. This means that the MX record of your domain must be pointing to the machine on which you will install GFI MailEssentials. For more information about configuring IIS5: http://support.microsoft.com/support/kb/articles/Q293/8/00.ASP.
  • Microsoft Exchange server 2000, 2003, 4, 5 or 5.5, Lotus Notes 4.5 and up, or an SMTP/POP3 mail server.
  • IMPORTANT: Disable Anti Virus software from scanning the GFI MailEssentials & IIS directories! AV products are known to both interfere with normal operation as well as slow down any software which requires file access. In fact Microsoft does not recommend running file based anti virus software on the Exchange Server. For more information: http://kbase.gfi.com/showarticle.asp?id=KBID001824.
  • Make sure that backup software is not backing up any of the GFI MailEssentials directories at any point.
  • For list server only: The list server feature requires the installation of Microsoft Message Queuing Services. This is a scalable event processing system service developed by Microsoft. It is included with every Windows 2000/2003 and XP version, although not always installed by default. For more information how to install it, please see the chapter `Configuring the list server'. If you do not plan to use the list server feature, you do not need to install Microsoft MSMQ.
Installing & configuring IIS SMTP service

GFI MailEssentials uses the Windows IIS SMTP service as its SMTP Server. Because GFI MailEssentials works with this SMTP service, you need to configure this service as a mail relay server first.

About the Windows IIS SMTP service

The Windows SMTP service is part of IIS, which is part of Windows 2000/2003. It is used as the message transfer agent of Microsoft Exchange Server, and has been designed to handle large amounts of mail traffic. The Windows IIS 5 SMTP service is included in every Windows distribution, including Windows professional.

NOTE: If you have a cluster please check this kbase article prior to installation: http://kbase.gfi.com/showarticle.asp?id=KBID001639

To install & configure the IIS SMTP service as a mail relay server:

Step 1: Verify the Installation of the SMTP Service

In Control Panel, open Add/Remove Programs, click Add/Remove Windows Components. Click the Internet Information Services (IIS) component, click Details, and then verify that the SMTP Service check box is selected. If it is not selected, click to select it, click OK, and then follow the installation directions that are displayed.

Screenshot 7- Specify mail relay server name and assign IP
Step 2: Specify mail relay server name and assign an IP
  1. Click Start, point to Programs, click Administrative Tools, and then click Internet Services Manager.
  2. Expand the tree under the server name, and then expand the Default SMTP Virtual Server. Right click and select Properties. Assign an IP to it.
Step 3: Configure the SMTP Service to relay mail to your mail server

In this step, you configure the SMTP service to relay inbound messages to your mail server.

NOTE: During installation, GFI MailEssentials will perform this step for you automatically. GFI MailEssentials will ask for your local domain name, and create it as a remote domain. You will see the domain listed in the right pane. However, if you do this step manually, you can confirm that your relay server is working properly before running the GFI MailEssentials installation.

Creating a local domain in IIS to route mail

Click Start, point to Programs, click Administrative Tools, and then click Internet Services Manager.

Expand the tree under the server name, and then expand the Default SMTP Virtual Server. By default, you should have a Local (Default) domain with the fully qualified domain name of the server.

Configure the domain for inbound:

1. Right-click the Domains icon, click New, and then click Domain.

2. Click Remote, click Next, and then type the domain name in the Name box. Click Finish.

Screenshot 8 - Configure the domain

IMPORTANT NOTE ABOUT LOCAL EMAIL DOMAINS

Ensure that you add all your local email domains (e.g. mycompany.com); otherwise inbound mail will not be filtered for spam!

NOTE: Upon installation, GFI MailEssentials will import local email domains from the IIS SMTP service. If you want to add additional local email domains, you have to add these local domains in the GFI MailEssentials configuration. For more information see `Adding additional local domains' in the Misc. chapter.

If you add additional local domains in IIS SMTP service, they will not be automatically recognized until you enter them in the GFI MailEssentials configuration. This allows you to setup remote smart hosts for particular domains that are not local.

Configure the domain to relay mail to your mail server:

In the properties for the domain that you just created, click to select the `Allow the Incoming Mail to be Relayed to this Domain' check box.

If this is being set up for an internal domain, you should specify the server that receives email for the domain name by the IP address in the Route domain dialog box.

Click the forward all email to smart host option, and then type the IP address of the server that is responsible for email for that domain in square brackets. For example:

[123.123.123.123]

NOTE: Typing the IP address of the server in brackets is necessary so that the server recognizes this is an IP address and not to attempt a DNS lookup.

4. Click OK.

Screenshot 9 - Relay options
Step 4: Secure your mail relay server.

In this step you will specify your mail server name, and any other mail servers that will send mail via this mail relay server. Effectively you will limit the servers that can send mail to the internet through this server. If you don't create restrictions anyone can use your mail relay server as an open relay (i.e. Spamming). To prevent this:

  1. Open the properties of the Default SMTP Virtual Server.
  2. On the Access tab, click Relay.
  3. Click Only the list below, click Add, and then add the IP of your mail server that will be forwarding the mail to this server. You can specify a single computer, group of computers or a domain:
    a) Single computer: Specify one particular host that you want to relay off from this server. If you click the DNS Lookup button, you can lookup an IP address of a specific host.
    b) Group of computers: Specify a base IP address for the computers that you want to relay.
    c) Domain: Select all of the computers in a domain by domain name that will openly relay. This option adds processing overhead, and might reduce the SMTP service performance because it includes reverse DNS lookups on all IP addresses that try to relay to verify their domain name.
Step 5: Configure your mail server to relay mail via the mail relay server

After you have configured the IIS SMTP service to send and receive mail, you must configure your mail server to relay all mail to the mail relay server. To do this:

If you have Microsoft Exchange Server 4/5/5.5:

1. Start up Microsoft Exchange Administrator.

2. Go to the Internet Mail Service and double-click on it to configure its properties.

3. Go to the Connections tab.

4. Message Delivery section, select 'Forward all messages to host'. Enter the computer name or IP of the machine running GFI MailEssentials.

5. Click OK and restart Exchange server. This can be done from the services applet.

If you have Microsoft Exchange Server 2000/2003:

You will need to setup an SMTP connector that forwards all mail to GFI MailEssentials:

  1. Start up Exchange System Manager

    2. Screenshot 10 - Forwarding mail to GFI MailEssentials machine
  2. Right-click on the Connectors Node->New->SMTP Connector and create a new SMTP connector. You will be prompted for a name.

    3. Screenshot 11 - Specifying IP of GFI MailEssentials machine
  3. Now select the option `Forward all mail through this connector to the following smart host', and type in the IP of the GFI MailEssentials server (the mail relay server) enclosed within square brackets [ ] (e.g.: [100.130.130.10].

    4. Screenshot 12 - Adding a bridgehead
  4. Now click on the Add button in the local bridgeheads section, and select the appropriate virtual SMTP Server instances that you want to forward mail for.

    5. Screenshot 13 - Adding SMTP as address space
  5. Go to the Address Space tab, and click Add. Select SMTP and click OK.
  6. Click OK to exit. All mails will now be forwarded to the GFI MailEssentials machine.
If you have Lotus Notes or an SMTP/POP3 server:

Check the mail server documentation on how to forward mail to the GFI MailEssentials machine.

Step 6: Point the MX record of your domain to the mail relay server.

Since the new mail relay server must receive all inbound mail first, you must update the MX record of your domain to point to the IP of the new mail relay server. Otherwise mail will continue to go to your mail server and by-pass GFI MailEssentials.

If you run your own DNS server you need to update this in your DNS server. If your ISP manages it for you, you need to ask your ISP to update the MX record for you. After you have done this, check if the MX record is correct using the following procedure.

Checking if the MX record for your domain is set correctly
  1. Open command prompt. Type nslookup
  2. Now type 'set type=mx'
  3. Enter your mail domain.
  4. The MX record should return a single IP. This IP must be the mail relay server!

    5. Screenshot 14 - Checking the MX record of your domain

NOTE: If you wish to send out mail using a smart host (used when using dial-up) or receive mail using ETRN, you will need to perform additional steps to configure IIS 5 as a mail relay server. For more information refer to the IIS 5 documentation.

Step 7: Test your new mail relay server!

Before you proceed to install GFI MailEssentials, verify that your new mail relay server is working correctly.

1. Test IIS 5 SMTP inbound connection of your mail relay server by sending a mail from an external account to an internal user (you can use hotmail, if you don't have an external account available). Verify that the mail client received the email.

2. Test IIS 5 SMTP outbound connection of your mail relay server by sending an email to an external account from an internet email client. Verify that the external user received the email.

NOTE: Instead of using an email client, you can use Telnet and manually send an email. This will give you more troubleshooting information. Here is the link to the Microsoft KB article how to do it: http://support.microsoft.com/support/kb/articles/Q153/1/19.asp

Step 8: Running GFI MailEssentials setup

1. On the newly configured mail relay machine, Log-on as administrator and run GFI MailEssentials setup by double-clicking the file me.exe. A welcome dialog will appear. Close other Windows programs and click Next. GFI MailEssentials will prompt you to check for a later GFI MailEssentials version. Always use the latest version!

2. Read and confirm the License agreement, click Next.

3. Setup will now ask you where you want GFI MailEssentials to be installed. GFI MailEssentials will need approximately 70 MB of free hard disk space. In addition to this, you must reserve approximately 200 MB for temporary files.

4. Now enter your Name, company, and License key. If you are evaluating the product, leave the default `Evaluation'. Click Next.

Screenshot 15 - Specify mail server IP & domain

5. Setup will now ask you to specify your mail server IP, port and your local domain:

  • Specify the IP of your Mail server (e.g. Exchange server name) and the port of the Mail server
  • Specify your local domain.

The local domain is the last part of your internal email address, for example gfi.com.

6. Setup will ask you for the administrator email. This email will be used to send critical notifications.

Screenshot 16 - Selecting SMTP mode or Active Directory mode

If you are installing GFI MailEssentials on a machine that is part of a domain and has Active Directory, setup will ask you whether you want to install in Active Directory mode or in SMTP mode. Active Directory mode allows you to select users present in Active Directory for user based configuration/rules, such as a disclaimer. However, if your machine is in the DMZ, then it is better to select SMTP mode. In this mode all user based configuration/rules will require you to input the SMTP email address.

Screenshot 17 - Screenshot 15- Installing Microsoft Message Queuing Service

7. If you do not have Microsoft Message Queuing Services (MSMQ) installed, setup will ask you whether you wish to install it. The list server feature requires this service. Microsoft Message Queuing Service is a scalable event processing system service developed by Microsoft. It is included with every Windows 2000/2003 and XP version, although not always installed by default. If you do not plan to use the list server feature, or if you wish to install it later, you can click No to continue set-up. If you click Yes you will be prompted for the Windows CD and setup will launch the MSMQ setup.

Screenshot 18 - Confirm your local domain

8. Setup will now confirm the local domains that you have configured. It retrieves the local domains from your IIS set-up. It is important to ensure that your local domains are listed correctly. GFI MailEssentials will ONLY filter mail destined for your local domain - therefore if you do not configure your local domain correctly no spam will be detected! You can change these local email domains at a later stage from the GFI MailEssentials configuration.

9. Setup will now copy all program files to the selected destination, and finish the installation by creating a GFI MailEssentials program group. Click Finish to end setup. After setup has copied all the files, it will ask if it can restart the SMTP service.

10. After installation, setup will check if you have the Microsoft XML engine installed. If you don't, and you are running a US/UK version of Microsoft Windows it will install it for you. If you are NOT running a UK/US version of windows, setup will prompt you to download and install the appropriate Microsoft XML engine. The XML engine is used by the reporter application and is only 2 megabytes. It is most likely to be used by other applications too. For more information check

http://kbase.gfi.com/showarticle.asp?id=KBID001584

If you have IIS services running, GFI MailEssentials will need to stop these services during installation to install certain files. After it has done that, it will offer to restart these services.

Table of ContentsPreviousNextIndex


   © 2008. All rights reserved. GFI Software Home Products Download Trials Support Ordering Site Map About Us Contact us
GFI solutions: anti spam - exchange anti virus - isa server - network vulnerability scanner - event log management - USB security software - exchange archiving - fax server software