Installing GFI MailEssentials on a separate machine If you install GFI MailEssentials on a separate machine, you must ensure it is the first to receive all mails destined for your mail server and the last 'stop for outbound mail. In order for this to happen, GFI MailEssentials must act as a gateway for all email. This set-up is also known as 'Smart host' or 'Mail relay' server. Effectively GFI MailEssentials will act as a mail relay server. System requirements · Windows 2000 - Pro, Server or Advanced Server or Windows XP Professional. (Note that if you use Windows 2000 Pro, you will only be able to accept up to 10 inbound SMTP connections simultaneously, so its better to use Windows 2000 server) · IIS5 SMTP service installed and running as an SMTP relay to your mail server. This means that the MX record of your domain must be pointing to the machine on which you will install GFI MailEssentials. For more information about configuring IIS5: http://support.microsoft.com/support/kb/articles/Q293/8/00.ASP · Microsoft Exchange server 2000, 4, 5 or 5.5, Lotus Notes 4.5 and up, or an SMTP/POP3 mail server. Installing & configuring IIS 5 SMTP service GFI MailEssentials uses the Windows 2000 IIS 5 SMTP service as its SMTP server. Because GFI MailEssentials works with this SMTP service, you need to configure this service as a mail relay server first. About the Windows 2000 IIS 5 SMTP service The Windows 2000 SMTP service is part of IIS 5, which is part of Windows 2000. It is used as the message transfer agent of Microsoft Exchange Server, and has been designed to handle large amounts of mail traffic. The Windows 2000 IIS 5 SMTP service is included in every Windows 2000 distribution, including Windows 2000 professional. To install & configure the IIS5 SMTP service as a mail relay server: Step 1: Verify the Installation of the SMTP Service In Control Panel, open Add/Remove Programs, click Add/Remove Windows Components. Click the Internet Information Services (IIS) component, click Details, and then verify that the SMTP Service check box is selected. If it is not selected, click to select it, click OK, and then follow the installation directions that are displayed. Specify mail relay server name and assign IP Step 2: Specify mail relay server name and assign an IP 1.Click Start, point to Programs, click Administrative Tools, and then click Internet Services Manager. 2.Expand the tree under the server name, and then expand the Default SMTP Virtual Server. Right click and select 'Properties'. Assign an IP to it. Step 3: Configure the SMTP Service to relay mail to your mail server In this step, you configure the SMTP service to relay inbound messages to your mail server. Note: During installation, GFI MailEssentials will perform this step for you automatically. GFI MailEssentials will ask for your local domain name, and create it as a remote domain. You will see the domain listed in the right pane. However, if you do this step manually, you can confirm that your relay server is working properly before running the GFI MailEssentials installation. Creating a local domain in IIS to route mail Click Start, point to Programs, click Administrative Tools, and then click Internet Services Manager. Expand the tree under the server name, and then expand the Default SMTP Virtual Server. By default, you should have a Local (Default) domain with the fully qualified domain name of the server. Configure the domain for inbound: Right-click the Domains icon, click New, and then click Domain. Click Remote, click Next, and then type the domain name in the Name box. Click Finish. Configure the domain IMPORTANT NOTE ABOUT LOCAL DOMAINS Note: Upon installation, MailEssentials will import local domains from the IIS SMTP service. If you want additional local domains, you have to add these local domains in the MailEssentials configuration. For more infromation see 'Adding additional local domains' in the Misc chapter. If you add additional local domains in IIS smtp service, they will not be automatically recognised until you enter them in the MailEssentials configuration. This allows you to setup remote smarthosts for particular domains that are not local. Configure the domain to relay mail to your mail server: 1.In the properties for the domain that you just created, click to select the Allow the Incoming Mail to be Relayed to this Domain check box. 2.If this is being set up for an internal domain, you should specify the server that receives email for the domain name by the IP address in the Route domain dialog box. 3.Click the forward all email to smart host option, and then type the IP address of the server that is responsible for email for that domain in square brackets. For example: [123.123.123.123] Note: Typing the IP address of the server in brackets is necessary so that the server recognizes this is an IP address and not to attempt a DNS lookup. 4.Click OK. Relay options Step 4: Secure your mail relay server. In this step you will specify your mail server name, and any other mail servers that will send mail via this mail relay server. Effectively you will limit the servers that can send mail through this server. If you don't create restrictions anyone can use your mail relay server as an open relay (i.e. Spamming). To prevent this: Open the properties of the Default SMTP Virtual Server. On the Access tab, click Relay. Click Only the list below, click Add, and then add the IP of your mail server that will be forwarding the mail to this server. You can specify a single computer, group of computer or a domain: Single computer: Specify one particular host that you want to relay off of this server. If you click the DNS Lookup button, you can lookup an IP address of a specific host. Group of computers: Specify a base IP address for the computers that you want to relay. Domain: Select all of the computers in a domain by domain name that will openly relay. This option adds processing overhead, and might reduce the SMTP service performance because it includes reverse DNS lookups on all IP addresses that try to relay to verify their domain name. Step 5: Configure your mail server to relay mail via the mail relay server After you have configured the IIS SMTP service to send and receive mail, you must configure your mail server to relay all mail to the mail relay server. To do this; If you have Microsoft Exchange Server 4/5/5.5: 1.Start up Microsoft Exchange Administrator. 2.Go to the Internet Mail Service and double-click on it to configure its properties. 3.Go to the Connections tab. 4.Message Delivery section, select 'Forward all messages to host'. Enter the computer name or IP of the machine running GFI MailEssentials. 5.Click OK and restart Exchange server. This can be done from the services applet. If you have Microsoft Exchange Server 2000 : You will need to set-up an SMTP connector that forwards all mail to GFI MailEssentials: 1.Start up Exchange System Manager 2.Right-click on the Connectors Node->New->SMTP Connector and create a new SMTP connector. You will be prompted for a name. 3.Now select the option "Forward all mail through this connector to the following smart host", and type in the IP of the GFI MailEssentials server (the mail relay server) enclosed within square brackets [ ] (e.g.: [100.130.130.10]. Click OK to ADD. 4.Select the SMTP Server that the SMTP Connector will be working on. Go to the Address Space tab, and click Add. Select SMTP and click OK. 5.Click OK to exit. All mails will now be forwarded to the GFI MailEssentials machine. If you have Lotus Notes or an SMTP/POP3 server: Check the mail server documentation how to forward mail to the GFI MailEssentials machine. Step 6: Point the MX record of your domain to the mail relay server. Since the new mail relay server must receive all inbound mail first, you must update the MX record of your domain to point to the IP of the new mail relay server. Otherwise mail will continue to go to your mail server and by-pass GFI MailEssentials. If you run your own DNS server you need update this in your DNS server. If your ISP manages it for you, you need to ask your ISP to update the MX record for you. After you have done this, check if the MX record is correct using the following procedure. Checking if the MX record for your domain is set correctly Open command prompt. Type nslookup Now type 'set type=mx' Enter your mail domain. The MX record should return a single IP. This IP must be the mail relay server! Checking the MX record of your domain Note: If you wish to send out mail using a smart host (used when using dial-up) or receive mail using ETRN, you will need to perform additional steps to configure IIS 5 as a mail relay server. For more information refer to the IIS 5 documentation. Step 7: Test your new mail relay server! Before you proceed to install GFI MailEssentials, verify that your new mail relay server is working correctly. 1. Test IIS 5 SMTP inbound connection of your mail relay server by sending a mail from an external account to an internal user (you can use hotmail, if you don't have an external account available). Verify that the mail client received the email. 2. Test IIS 5 SMTP outbound connection of your mail relay server by sending a mail to an external account from an internet email client. Verify that the external user received the email. Note: Instead of using an email client, you can use Telnet and manually send an email. This will give you more troubleshooting information. Here is the link to the Microsoft KB article how to do it: http://support.microsoft.com/support/kb/articles/Q153/1/19.asp Step 8: Running GFI MailEssentials set-up 1.On the newly configured mail relay machine, Log-on as administrator and run GFI MailEssentials set-up by double-clicking the file me.exe. A welcome dialog will appear. Close other Windows programs and click Next. GFI MailEssentials will prompt you to check for a later GFI MailEssentials version. Always use the latest version! 2.Confirm the License agreement, click Next. 3.Set-up will now ask you where you want GFI MailEssentials to be installed. GFI MailEssentials will need approximately 30 MB of free hard disk space. In addition to this, you must reserve approximately 200 MB for temporary files. 4.Now enter your Name, company, and serial number. If you are evaluating the product, leave the default serial number as Evaluation. Click Next. Specify mail server IP & domain 5.Set-up will now ask you to specify your mail server IP, port and your local domain: · Specify the IP of your Mail server (e.g. Exchange server name) and the port of the mail server · Specify your local domain. The local domain is the last part of your internal e-mail address, for example gfi.com. You can use the Test IP function to test whether the IP and port you specified are correct 6.Set-up will ask you for the administrator e-mail. This e-mail will be used to send critical notifications. Selecting SMTP mode or Active Directory mode 7.If you are installing GFI MailEssentials on a machine that is part of a domain and has Active Directory, set-up will ask you whether you want to install in Active Directory mode or in SMTP mode. Active Directory mode allows you to select users present in Active Directory for user based configuration/rules, such as a disclaimer. However, if your machine is in the DMZ, then it's better to select SMTP mode. In this mode all user based configuration/rules will require you to input the SMTP email address. 8.Set-up will now copy all program files to the selected destination, and finish the installation by creating a GFI MailEssentials program group. Click Finish to finish setup. 9.After installation set-up will check if you have the Microsoft XML engine installed. If you don't, and you are running a US/UK version of Microsoft Windows it will install it for you. If you are NOT running a UK/US version of windows, set-up will prompt you to download and install the appropriate Microsoft XML engine. The XML engine is used by the reporter application and is only 2 megabytes. It is most likely to be used by other applications too. For more information check http://kbase.gfi.com/showarticle.asp?id=kbid001584 If you have IIS services running, GFI MailEssentials will need to stop these services during installation to install certain files. After it has done that, it will offer to restart these services.