The information in this article applies to:
- Microsoft Proxy Server, version 2.0
- Microsoft Exchange Server, versions 4.0, 5.0, 5.5
SUMMARY
This step by step guide is intended to be an addendum to the Microsoft
Proxy Server 2.0 release notes.
The Server Proxy feature allows you to place a server, such as a Microsoft
Exchange Server computer using the Internet Mail Service (Internet Mail
Connector in Exchange version 4.0) on your private network behind Microsoft
Proxy Server. With this configuration, an Exchange Server computer can
provide Internet mail service by using the WinSock Proxy client and relying
on features of Proxy Server 2.0 for protection. In addition, the Exchange
Server computer will not require an additional registered Internet IP
address.
MORE INFORMATION
How Server Proxy Works
The WinSock Proxy client allows you to bind services or applications to the
external network interface of the server computer running Microsoft Proxy
Server. After a service or application is bound on the external network
interface, it is then available to hosts on the Internet. The Proxy Server
compouter will then "listen" for connections on behalf of the service or
application.
For example, if you bind an internal SMTP/POP mail server to the proxy
server, mail clients or SMTP servers on the Internet can contact this mail
server by connecting to the proxy server's Internet IP address. To remote
computers on the Internet, these services will appear to be running on the
proxy server computer.
To Set Up the Server Proxy Feature
for Exchange Server 4.0 - 5.5
These instructions must be followed exactly as stated, otherwise Exchange
will not function with the Server Proxy feature.
- Install and configure the Microsoft Proxy Server.
- In the Winsock Proxy properties, choose CLIENT CONFIGURATION. Find the
"Client Connects to Microsoft Winsock Proxy Server by.." option, and set
this to "IP ADDRESS".
- Install the WinSock Proxy (WSP) client on the Exchange Server computer.
If the WSP client is already installed, REINSTALL IT. This can be done
by connecting to the MSPCLNT share on the proxy server and executing
Setup.exe from the root directory.
- Change the Domain Name Service (DNS) settings on the Exchange Server
computer. An Internet DNS server address MUST BE DEFINED on the Exchange
Server computer, or the Exchange Server computer will not be able to
send mail correctly.
Open Control Panel/Network/TCPIP and click the DNS tab. Add your
Internet Service Provider's DNS server address(es) here. If your DNS
server is does not seem to function properly, try using the Microsoft
Network DNS servers to test name resolution:
204.255.246.17
204.255.246.18
- Test the WSP client on the Exchange Server compouter. Open an MS-DOS
prompt window and type:
FTP FTP.MICROSOFT.COM
You should see a response similar to this if the WSP client is
functioning:
Connected to ftp.microsoft.com.
220 ftp Microsoft FTP Service (Version 3.0).
User (ftp.microsoft.com:(none)):
- After the WSP client is working, additional settings are required for
server proxy on the Exchange Server computer. You will have to create
*two* Wspcfg.ini files for the Exchange Server computer.
Create the first Wspcfg.ini file for use with the Exchange SMTP service.
Copy/Paste the four lines of information below to Notepad (DO NOT
MANUALLY TYPE THE INFORMATION) and save this file as Wspcfg.ini in the
directory where Msexcimc.exe is located.
[MSEXCIMC]
ServerBindTcpPorts=25
Persistent=1
KillOldSession=1
Note: The SMTP port (25) on the Exchange Server computer will then be
bound to the proxy server's port 25.
Create the second Wspcfg.ini file for use with the Exchange information
store (Store.exe). Copy/Paste the four lines of information below to
Notepad (DO NOT MANUALLY TYPE THE INFORMATION) and save this file as
Wspcfg.ini in the directory where Store.exe is located.
[STORE]
ServerBindTcpPorts=110,119,143
Persistent=1
KillOldSession=1
Note: Additional ports, such as ports 119 and 143 shown above, can
be listed because Store.exe provides Network News Transfer Protocol
(NNTP) on port 119, POP mail on port 110, and so on.
- Verify that the two Wspcfg.ini files do NOT have a .txt extension
appended. This will occur if your Internet Explorer interface settings
are set to default values. The file may appear as Wspcfg.ini.txt. Rename
the file if needed.
- If you are NOT using ACCESS CONTROL on the Winsock Proxy service, go to
step 10.
If ACCESS CONTROL is ENABLED on the Winsock Proxy service, you must
grant the user account that starts the Exchange service's access to the
Proxy server.
This must be a domain user account, not a local account on the Exchange
Server computer. If it is a local account, create a NEW user account on
the domain. In Start/Control Panel/Services, grant the new domain user
account logon rights to all of the Exchange services.
- Give the new domain user account access to the proxy server. In the
Winsock Proxy properties, choose PERMISSIONS and give the new account
the UNLIMITED ACCESS right.
- Restart the Exchange Server computer.
- After the Exchange Server computer has restarted, it should
automatically be listening on the external interface of the Proxy Server
computer.
- To test connectivity to the Exchange services from a computer that is
DIRECTLY CONNECTED to the Internet, do the following:
a. Open Telnet.exe from START/RUN on the test computer.
b. Choose CONNECT/REMOTE SYSTEM.
HOST NAME: External IP address of the proxy server
PORT: 25
TERM TYPE: vt100
c. After you are connected, you will see a blank screen. Press the ENTER
key and wait about 30 seconds. You should see a message from the
Exchange SMTP service indicating a good setup. If not, re-check your
settings.
d. You can also try port 110 to test the POP service.
To Configure Your DNS
Mail Exchange (MX) Record
If you are using your ISP's DNS server, you must contact them and ask to
add an 'MX' and 'A' record for your domain so other Internet mail servers
will be able to contact your Exchange Server computer.
- Your 'MX' and 'A' DNS resource records must refer to the IP address of
the proxy server's external network adapter and NOT the internal IP
address of the Exchange Server computer or SMTP server itself.
For example, if your registered Internet domain name is "mydomain.com",
and your internal Exchange Server computer uses a DNS host name of
"exchange1", you need to use an MX, or mail ex- changer, record to
provide other Internet hosts the name of your internal Exchange Server
computer. In this case, an MX record added in the "mydomain.com" zone
can provide this information as follows:
mydomain.com IN MX 10 exchange1.mydomain.com
You then need to create an A, or address, record for
"exchange1.mydomain.com" that uses an external IP address of the
proxy server. If the external IP address of your proxy server
is 127.34.56.89, you add the following A record to the
"mydomain.com" zone:
exchange1.mydomain.com IN A 127.34.56.89
In addition, you can add or create a PTR, or pointer, record to
the "mydomain.com" zone to provide reverse lookup. A valid PTR
record to do this is:
89.56.34.127.in-addr.arpa IN PTR exchange1.mydomain.com
Other Third-Party SMTP Servers
These server proxy setup instructions also apply to other third-party SMTP
mail servers with the exception of step #6. Other SMTP servers will have
slightly different Wspcfg.ini settings. See Microsoft Knowledge Base
article Q177153, "Additional Proxy Server 2.0 Configurations." This article
contains Wspcfg.ini settings for other products, including SMTP servers.
If dynamic packet filtering is enabled on the proxy server (recommended),
the proxy server will dynamically open all necessary ports when they are
requested. No special configuration is needed.
It is not necessary to configure a DNS address on other proxy clients. This
is only required on the Exchange Server computer.
|