Email Groups and Lists in Exchange

Any Exchange admin who has been working for some time has had to answer NO to the dreaded question “Can i get an External email list created with about 1 billion email addresses please?”

The problem with exchange is that all members of a Distribution Group need to be either a mail contact or a user account (Either static or dynamically assigned).
That’s a lot of administrative over head when it comes to emails that just get pumped out to hundreds or even thousands of people.
On top of that all these contacts and groups start to clutter up your AD and Address Book in Exchange. My of my users hate seeing them in there and moan quite a bit about it.

So the solution ?

Well there is 2 of them. Lets take a look at them and I’ll show you how I managed to deal with this.

Option 1)
Here we place a server in front of exchange that sorts mail before sending it to exchange.
The drawback here is, if you have already got an Exchange environment it requires quite a bit of configuration to change it. Although that’s not to say i would never use this configuration. Infact it would be a great idea if you handled multiple domains. This would be another good place to scan mail as all mail has to pass though it to get in. See the diagram below.

Option 2)
Here we bolt (as it were) the Mailing list server.
The benefit here is that we can do all the configuration without the need for downtime.
However there is a drawback, You will need 1 distribution group in exchange for every group you create as well as 1 Mail contract that will be a member of that group. Still 2 objects is better than creating 100 objects ? This however can also be a good thing as the group will show up in the OAB in exchange if you choose not to hid it.
This is the option I have chosen. Take a look at the diagram below.

I had a limitation placed on me while doing this project.
THE SOLUTION HAD TO RUN ON WINDOWS! and require as lest cost as possible (This mean it needs to be free).
This closed off all open source options and narrowed down the list.

A option I the admin placed on the solution was the need to import users from a CSV and not have to type them out manually. Else i may as well stuck with Exchange

I found 2 options but only 1 stood the tests.

Option 1)
Hmail (www.hmailserver.com)
This is a great lightweight mail application  that supports pop and imap (As well as groups).
It however failed in that it needed some VB Scripts to add the group members into its DB.
I’m looking for a button not run a script (Lazy and can be I know.)

Option 2)
EnableMail (http://www.mailenable.com/standard_edition.asp)
These guys offer a solution that rivals Exchange in terms of features.
The standard edition is free and paid for version looks like its well worth the money.
Amongst its myriad of features is the support for Email Lists and Group.
THEY HAD A BUTTON AND I TOOK IT!

So Lets get to the tech stuff

Firstly we need a server to run EnableMail on.
I placed it on a Windows server 2008R2 Standard edition box with 2CPU, 3GB RAM and 80GB of space. As for pre-requisites
In PowerShell:

import-module servermanager
Add-WindowsFeature AS-WAS-Support, AS-TCP-Activation, AS-Named-Pipes, Web-Server, Web-App-Dev, Web-Net-Ext, Web-Security, Web-Filtering, Web-Mgmt-Tools, Web-Mgmt-Compat, Web-Metabase, Web-Metabase, Web-Lgcy-Scripting, Web-Lgcy-Mgmt-Console, NET-Framework, NET-Framework-Core, NET-Win-CFAC, NET-HTTP-Activation, NET-Non-HTTP-Activ, Telnet-Client, WAS, WAS-Process-Model, WAS-NET-Environment, WAS-Config-APIs –Restart

It looks like a lot but really it’s just .net 3.5, IIS 6 Management console and telnet  client.

You will also need to give your machine a static IP address.

Next download the EnableMail Server binaries.
http://www.mailenable.com/download.asp Use this link to get to the download page.

The install is very straight forward and doesn’t ask any questions that you shouldn’t already know the answer to.

When it asks you for a post office account this will be your domain name (Or descriptive).
When it asks you for the first domain, this will be the domain that your groups will use.
eg. groups.maildomain.com

Lets see the few changed to you need to make after the install.
First get the console open.
Start > All Programs > Mail Enable > Mail Enable

Now we need to sort out the SMTP Settings first.
Servers > Services and Connectors > SMTP > Rclick > Properties
You can change the settings as you need to. This is what I changed.

Inbound > Inbound IP Bindings > Bind only to the actual IP (Not 127.0.0.1)
Inbound > Access Control > Change to Denied Access then add in your servers that will send email to this groups server. (Later we will set this in the exchange send connector)

Outbound > Limit Outbound Message size > Set to some reasonable limit
Outbound > Outbound IP Binding > Set to the machines IP

Smart Host > [tick] Smart Host Enabled
Set the exchange server that will be receiving email from this server and authentication if needed.

Now apply all those settings.

While we are here lets create our first group.
Messaging Manager > Post Offices > Your domain > Groups / Lists
I’ll leave it to you to see which one will be better for you.
Lists – Emails come from the list server.
Groups – Emails come from the user that sent the email to the group.

Groups > Right click > New Group > fill in a name and Valid Email group address. eg. Group1@groups.maildomain.com
Select the group > Create group Member (Add members 1 by 1)
                              Import Members (Import from a CSV)

And that’s that! Enable Mail should now be ready to start pumping out mail.

Now for Exchange !
I should point out at this point this is for exchange 2010

First the plan:
Create a Accepted domain and make it a internal relay.
Create a send connector for the domain and set source servers
Create a receive connector on a server using port 26 and anonymous authentication and permitted source.
Create your first mail contact
Create your first email distribution group

In the Exchange Management Console:
Accepted domains are organization wide:
Organization Configuration > Hub transport > Accepted Domains > Create a new Internal Relay using the domain that you used for EnableMail (above I used groups.maildomain.com)
Organization Configuration > Hub transport > Send Connectors > Create a new send connector.
In the address space add in the domain used for EnableMail with a cost of 1. Under Network Make sure you route the mail though a smart host and point it to the IP address of the EnableMail machine. Under Source Server add which servers can send email to the EnableMail server. (Use these servers IP addresses in the SMTP allowed hosts on the EnableMail inbound security settings)
Apply the settings. You may need to wait for replication if you have multiple Exchange servers.

The receive connector is more of a personal preference. In my case, my external mail scanners wont accept email from anyone other than my exchange servers that I have authorized. So I rather decided to inject the email back into the exchange environment and let it deal with delivery.
If you can send mail straight out I would suggest making EnableMail just send out. If you cant and your like me, here’s what I did.

On one of your Exchange Hub Transport servers
Server Configuration > Hub transport > {selected server} > Receive connectors > New Receive Connector:
Give it a name and select custom [ next ]
Add a listening IP and assign port 26 to it, then remove the default created one.
Add the server name to the Helo response. [ next ]
Click the down arrow next to add and select IP Address, add the IP of your EnableMail server. This is the some IP that was set in the Outbound SMTP settings in the EnableMail settings. [ next ]
Click new and go.
Now open the newly created receive connector and select Permission Group. Make sure that only the “Anonymous Users” is ticked. Apply and OK.
The reason that we need to allow Anonymous users is so that exchange will accept email on this connector that is destined for mail domains that are outside of the exchange organization.

We are nearly finished.
This part you will need to do for each and every group that you create.
Make a mail contact that has the external smtp attribute set to the email address of the group that we created. ( above we created group1@groups.maildomain.com).

Now create a distribution group with the email address that you want people to use. eg. group1@maildomail.com and add the above created mail contact as a member. This will then forward the emails to your EnableMail group which then gets broken down to members and sent out.

Once you have added the mail contact to the group it may be a good idea hide the contact from the address book settings.

By using the distribution group you effectively hide the EnableMail server from your users. They should see the email address as group1@maildomain.com when they send to it and reply to it.

That should be that. Its a long and bumpy road to get here but I hope it works for you.
It is a shame that exchange doesn’t include this standard but what can you do
Your users should not be able to send email to the groups and EnableMail will break it down for you and pump it back into exchange. External messages will be routed out as if a normal user had sent them (In terms of the route they take)

I hope that this helps someone out there.
Leave your thoughts and comments below.

Ubuntu DNS Server

In this post we’ll cover a quick and dirty guide on how to create a DNS server using Ubuntu 13.04 and bind9.

Firstly install your ubuntu with minimal settings.

Next install bind9

sudo apt-get install bind9

next we need to make the directories that we will be using. I like to keep it all tidy so i put my databases in a zone folder.

cd /etc/bind
mkdir zones

Now lets define our zone files.
Edit the file /etc/bind/named.conf.local

zone “domainname.com” {
type master;
file “/etc/bind/zones/example.com.db”;
};

zone “1.1.10.in-addr.arpa” {
type master;
file “/etc/bind/zones/rev.1.1.10.inaddr.arpa”;
};

Now lets get our forwarder working.
Edit the file /etc/bind/named.conf.options

## Find this
forwarders {
0.0.0.0;
};

## Replace with
### These are the DNS serves for virgin media UK
forwarders {
194.168.4.100; 194.168.8.100;
};

Check that the named.conf file is including the above 2 files.

root@dns:/etc/bind# cat named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include “/etc/bind/named.conf.options”;
include “/etc/bind/named.conf.local”;
include “/etc/bind/named.conf.default-zones”;

Now its time to make the actual files that contain the dns data. These are also known as the zone files. Make server that the you change the serial number up when you make changes if you plan to have replication. Use the date in yyyymmddhhmm as that will always go up. eg 201305231324

cd zones
sudo vi example.com.db

$TTL	86400 ; 24 hours could have been written as 24h or 1d
$ORIGIN example.com.
@  1D  IN	 SOA ns1.example.com.	hostmaster.example.com. (
			      2002022401 ; serial
			      3H ; refresh
			      15 ; retry
			      1w ; expire
			      3h ; minimum
			     )
       IN  NS     ns1.example.com. ; in the domain
       IN  NS     ns2.smokeyjoe.com. ; external to domain
       IN  MX  10 mail.another.com. ; external mail provider
; server host definitions
ns1    IN  A      192.168.0.1  ;name server definition     
www    IN  A      192.168.0.2  ;web server definition
ftp    IN  CNAME  www.example.com.  ;ftp server definition
; non server domain hosts
bill   IN  A      192.168.0.3
fred   IN  A      192.168.0.4

save and exit

sudo vi rev.1.1.10.inaddr.arpa

$TTL	86400 ; 24 hours could have been written as 24h or 1d
$ORIGIN 1.1.10.IN-ADDR.ARPA.
@  1D  IN	 SOA ns1.example.com.	admin.example.com. (
			      2002022401 ; serial
			      3H ; refresh
			      15 ; retry
			      1w ; expire
			      3h ; minimum
			     )
; server host definitions
1      IN  PTR    ns1.example.com.
2      IN  PTR    www.example.com.            
; non server domain hosts
3      IN  PTR    bill.example.com.  
4      IN  PTR    fred.example.com.

If all goes well we can now start the service.

sudo /etc/init.d/bind9 restart

* Stopping domain name service… bind9
waiting for pid 2875 to die
…done.
* Starting domain name service… bind9
…done.

You can test that its working with a windows machine.

cmd
nslookup – <serverip>
hostname

If you get an answer back your working.

If not you need to trouble shoot.
I would start with “tail –f /var/log/syslog” then in another session restart bind.
This should either give you an indication on where to start looking for issues of if the client is to blame.