Answer
NOTE: The following step-by-step instructions use a Server 2003 operating system as a reference. Some of the locations and paths may vary for a Server 2008 machine.
Microsoft IIS SMTP service must be installed and running as an SMTP relay to your mail server. This means that the MX record of your domain must be pointing to the machine on which you will install GFI MailEssentials.
For more information on how to configure IIS: http://technet.microsoft.com/en-us/library/aa998368(EXCHG.65).aspx
- NOTE: If you are going to install GFI MailEssentials on the Microsoft Exchange 2007 Edge Transport Server Role, you do not need to install the IIS SMTP service since Microsoft Exchange Server 2007 has its own built in SMTP server
- IMPORTANT: Disable antivirus software from scanning the GFI MailEssentials, Microsoft IIS and Microsoft Exchange Server directories. Antivirus products are known to both interfere with normal operation as well as slow down any software that requires file access. In fact, Microsoft does not recommend running file based antivirus software on the Microsoft Exchange Server. For more information read the following article: http://kb.gfi.com/articles/SkyNet_Article/Recommended-Antivirus-and-Backup-exclusions-for-MailEssentials
- IMPORTANT: Make sure that backup software is not backing up any of the GFI MailEssentials directories at any point
Installing & configuring IIS SMTP service
GFI MailEssentials uses the Microsoft IIS SMTP service as its SMTP Server and thus the SMTP server must be configured as a mail relay server first.
- NOTE: If you have a Microsoft Exchange Server 2007/2010 environment and are going to install GFI MailEssentials on the Microsoft Exchange 2007/2010 Edge Transport Server Role machine, you do not need to install or configure the IIS SMTP service since Microsoft Exchange Server 2007 has its own built in SMTP server
About the Microsoft IIS SMTP service
The SMTP service is part of Microsoft IIS, which is part of Microsoft Windows 2000/2003. It is used as the message transfer agent of Microsoft Exchange Server, except Microsoft Exchange Server 2007 which has its own built in SMTP server, and has been designed to handle large amounts of email traffic. The Microsoft IIS SMTP service is included in every Microsoft Windows distribution.
NOTE: If you have a cluster please check this Knowledge Base article prior to installing GFI MailEssentials
To install and configure the Microsoft IIS SMTP service as a mail relay server, follow these steps:
Step 1: Verify the Installation of the SMTP Service
1. From the Start menu access the Control Panel
2. Open Add or Remove Programs and click Add or Remove Windows Components
3. Click the Internet Information Services (IIS) component and click the Details button
4. Verify that the SMTP Service checkbox is selected. If it is not selected, click it to select it.
5. Click the OK button, and then follow the installation instructions that are displayed
Step 2: Specify mail relay server name and assign an IP
1. From the Start menu, access the Administrative Tools
2. Click the Internet Information Services (IIS) Manager icon
3. Expand the tree under the server name. Right click the Default SMTP Virtual Server and select Properties.
4. Assign an IP address to the server and click the OK button
Step 3: Configure the SMTP Service to relay email to your mail server
In this step, you configure the SMTP service to relay inbound messages to your mail server.
- NOTE: During installation, GFI MailEssentials will perform this step for you automatically. GFI MailEssentials will ask for your local domain name, and create it as a remote domain. You will see the domain listed in the right pane. However, if you do this step manually, you can confirm that your relay server is working properly before running the GFI MailEssentials installation
Creating a local domain in IIS to route email:
1. Click the Start menu, point to Programs
2. Click Administrative Tools
3. Click Internet Services Manager
4. Expand the tree under the server name
5. Expand the Default SMTP Virtual Server
2. Click Administrative Tools
3. Click Internet Services Manager
4. Expand the tree under the server name
5. Expand the Default SMTP Virtual Server
By default, you should have a Local (Default) domain with the fully qualified domain name of the server.
Configure the domain for inbound:
1. Right click the Domains icon, click New and then click Domain
2. Click Remote, click Next and then type the domain name in the Name box. Click Finish.
- IMPORTANT: Ensure that you add all your inbound email domains, for example ‘mycompany.com’, otherwise inbound email will not be filtered for spam.
- NOTE: Upon installation, GFI MailEssentials will import inbound email domains from the IIS SMTP service. If you want to add additional inbound email domains, you have to add these domains in the GFI MailEssentials configuration.
If you add additional inbound email domains in IIS SMTP service, they will not be automatically recognized until you enter them in the GFI MailEssentials configuration. This allows you to setup remote smart hosts for particular domains that are not local.
Configure the domain to relay email to your mail server:
1. Access the Properties dialog for the domain that you just created and check the Allow the Incoming Mail to be Relayed to this Domain checkbox
2. If this is being set up for an internal domain, you should specify the server that receives email for the domain name by the IP address in the Route domain dialog box
3. Click the Forward all mail to smart host option, and then type the IP address of the server that is responsible for email for that domain in square brackets. For example: [123.123.123.123].
NOTE: Typing the IP address of the server in brackets is necessary so that the server recognizes that this is an IP address, and thus avoids any attempts at performing a DNS lookup
4. Click the OK button
Step 4: Secure your mail relay server
In this step, you will specify your mail server name, and any other mail servers that will send email via this mail relay server. Effectively you will limit the servers that can send email to the internet through this server. If you do not create restrictions, anyone can use your mail relay server as an open relay for spamming. To prevent this follow these steps:
1. Open the Properties of the Default SMTP Virtual Server
2. On the Access tab, click Relay
3. Click Only the list below
4. Click the Add button, and then add the IP of your mail server that will be forwarding the email to this server. You can specify a single computer, group of computers or a domain:
Single computer - Specify one particular host that you want to relay off from this server. If you click the DNS Lookup button, you can lookup an IP address of a specific host.
Group of computers - Specify a base IP address for the computers that you want to relay.
Domain - Select all of the computers in a domain by domain name that will openly relay. This option adds processing overhead, and might reduce the SMTP service performance because it includes reverse DNS lookups on all IP addresses that try to relay, to verify their domain name
Step 5: Configure your email server to relay email via the mail relay server
After you have configured the IIS SMTP service to send and receive email, you must configure your mail server to relay all email to the mail relay server. To do this:
You will need to setup an SMTP connector that forwards all email to GFI MailEssentials:
1. Start up Exchange System Manager
2. Right click on the Connectors Node, select New > SMTP Connector, and then create a new SMTP connector. You will be prompted for a name.
3. Select the option Forward all mail through this connector to the following smart host, and type in the IP of the GFI MailEssentials server (the mail relay server) enclosed within square brackets, for example: [100.130.130.10].
4. Click Add in the Local bridgeheads section, and select the appropriate virtual SMTP Server instances that you want to forward email for
5. Go to the Address Space tab, and click the Add button. Select SMTP and click the OK button.
6. Click the OK button to exit. All emails will now be forwarded to the GFI MailEssentials machine.
NOTE: If you have Lotus Notes or an SMTP/POP3 server, check the mail server documentation on how to forward email to the GFI MailEssentials machine
Step 6: Point the MX record of your domain to the mail relay server.
Since the new mail relay server must receive all inbound email first, you must update the MX record of your domain to point to the IP of the new mail relay server. Otherwise, email will continue to go to your mail server and by-pass GFI MailEssentials. If you run your own DNS server, you need to update this in your DNS server. If your ISP manages it for you, you need to ask your ISP to update the MX record for you.After you have done this, check if the MX record is correct using the following procedure.
Checking if the MX record for your domain is set correctly
1. Open command prompt. Type nslookup.
2. Now type 'set type=mx'
3. Enter your mail domain
4. The MX record should return a single IP. This IP must be the mail relay server.
NOTE: If you wish to send out email using a smart host (used when using dial-up) or receive email using ETRN, you will need to perform additional steps to configure IIS 5 as a mail relay server. For more information, refer to the IIS 5 documentation.
Step 7: Test your new mail relay server
Before you proceed to install GFI MailEssentials, verify that your new mail relay server is working correctly.
1. Test IIS 5 SMTP inbound connection of your mail relay server by sending an email from an external account to an internal user (you can use hotmail, if you do not have an external account available). Verify that the mail client received the email
2. Test IIS 5 SMTP outbound connection of your mail relay server by sending an email to an external account from an internet email client. Verify that the external user received the email
2. Test IIS 5 SMTP outbound connection of your mail relay server by sending an email to an external account from an internet email client. Verify that the external user received the email
NOTE: Instead of using an email client, you can use Telnet and manually send an email. This will give you more troubleshooting information. Here is the link to the Microsoft KB article on how to do it:
Step 8: Running GFI MailEssentials setup
1. On the newly configured mail relay machine, log-on as administrator and run the GFI MailEssentials setup file
NOTE 1: If installing on Microsoft IIS SMTP (x86), Microsoft Exchange Server 2000, or Microsoft Exchange Server 2003, then you need to run the x86 version of GFI MailEssentials 12: mailessentials12.exe
NOTE 2: If installing on Microsoft Exchange Server 2007, then you need to run the x64 version of GFI MailEssentials 12: mailessentials12_x64.exe
2. A welcome dialog will appear. Close all the other running Windows programs and click Next to continue.
3. GFI MailEssentials will prompt you to check for a later GFI MailEssentials version. Always use the latest version.
4. Read and confirm the License agreement and then click Next
5. Setup will now ask you where you want GFI MailEssentials to be installed.
6. Enter your name, company, and license key. If you are evaluating the product, leave the default ‘Evaluation’. Click Next.
7. If you are installing GFI MailEssentials on Microsoft Exchange Server, Setup will now ask you to specify your mail server IP, port and your local domain:
a. Specify the IP of your mail server (e.g. Microsoft Exchange Server name) and the port of the mail server
b. Specify your local domain. The local domain is the last part of your internal email address, for example gfi.com
8. Setup will ask you for the administrator email. GFI MailEssentials will use the administrator email to send critical notifications.
9. If you are installing GFI MailEssentials on a machine that is part of a domain and has Active Directory, setup will ask you whether you want to install in Active Directory mode or in SMTP mode. Active Directory mode allows you to select users present in Active Directory for user-based configuration/rules, such as a disclaimer. However, if your machine is in the DMZ, then it is better to select SMTP mode. In this mode, all user-based configuration/rules will require you to input the SMTP email address.
10. If you do not have Microsoft Message Queuing Services (MSMQ) installed, setup will ask you whether you wish to install it. The list server feature requires this service. Microsoft Message Queuing Service is a scalable event processing system service developed by Microsoft. It is included with every Microsoft Windows 2000/2003 and XP version, although not always installed by default. If you do not plan to use the list server feature, or if you wish to install it later, you can click No to continue set-up. If you click Yes, you will be prompted for the Microsoft Windows CD and setup will launch the MSMQ setup
11. Setup will now confirm the inbound email domains that you have configured. It is important to ensure that your inbound email domains are listed correctly.
IMPORTANT: Ensure that you add all your inbound email domains, for example ‘mycompany.com’, otherwise inbound email will not be filtered for spam.
NOTE: If you are installing GFI MailEssentials on a Microsoft Exchange 2007 Edge Transport Server Role machine, the inbound email domains step of the installation wizard is skipped since these are determined from the GFI MailEssentials Post-Installation wizard that is launched when you finish this installation wizard.
You can change these inbound email domains at a later stage from the GFI MailEssentials configuration
12. Setup will now copy all program files to the selected destination, and finish the installation by creating a GFI MailEssentials program group. Click Finish to end setup. After setup has copied all the files, it will ask if it can restart the SMTP service.
NOTE 1: If you are installing GFI MailEssentials on a x64 machine with Microsoft Exchange Server 2007, the files will be installed under the C:\Program Files (x86)\ folder
NOTE 2: If you are installing on a Microsoft Exchange 2007 Edge Transport Server Role machine, you will not be prompted to restart the SMTP service
13. After installation, setup will check if you have the Microsoft XML engine installed. If you do not, and you are running a US/UK version of Microsoft Windows it will install it for you. If you are NOT running a UK/US version of Microsoft Windows, setup will prompt you to download and install the appropriate Microsoft XML engine. The XML engine is used by the reporter application and is only 2 megabytes. It is most likely to be used by other applications too
The GFI MailEssentials Reporter uses Microsoft XML technology to create reports. The Microsoft XML 4.0 engine (known also as Microsoft XML Core Services (MSXML) 4.0) can be downloaded from:
If you have IIS services running, GFI MailEssentials will need to stop these services during installation to install certain files. After it has done that, it will offer to restart these services.
NOTE: If you are installing on a Microsoft Exchange 2007 Edge Transport Server Role machine, the installation will launch the GFI MailEssentials Post-Installation Wizard. If you need to run it later, the Wizard can be found in the MailEssentials root installation folder and is called e2k7wiz.exe. Running this application will automatically install the Exchange Transport Agents so that MailEssentials can process email.
Priyanka Bhotika
Comments