How can I keep individual units within my Exchange organization from viewing one another?

Many large companies and Internet Service Providers (ISPs) need to support multiple separate units within an Exchange organization. Often, such companies don't want these individual units to communicate with or view one another. Exchange Server 5.5 supports this requirement with multiple organization hosting. Multiple organization hosting lets you separate the Exchange directory into virtual containers for separate business units, and then configure the access permissions and address book views.

How do I set up my Exchange Server to host multiple organizations or "virtual organizations"?

To set up multiple virtual organizations, you need to configure multiple address spaces (e.g., jerry@abc.com and jerry@xyz.com) for an Exchange server. An address space is the path an Exchange Server connector uses to send messages outside an Exchange Server site. The address space also identifies the recipient address types and addresses. You can configure your Exchange server's Internet Mail Server (IMS) to accept mail for multiple organizational names (e.g., compaq.com and tandem.com) by defining the address spaces (email domains) for which the server accepts inbound message delivery.

You need to create an address space type for each type of message you're routing.

  1. In the Exchange Administrator window, choose Connections.
  2. Double-click the connector you want to modify (e.g., the IMS).
  3. On the Address Space tab, choose New to create a new address space, or Edit to modify an existing address space. Screen 1 shows the Address Space tab.

To route all Simple Mail Transfer Protocol (SMTP) messages through an IMS, choose OK without typing an email domain. To route all messages to company.com, go to the Internet Mail tab on the Internet Mail Service Properties page, click E-Mail Domain, and type

company.com

In addition, you must configure the IMS email domain for inbound in the Routing tab. You also need to configure the following information from the Internet (SMTP) Address Space property page:

  • E-mail Domain—1 through 255 alphanumeric characters composed of one or more domain labels (up to 63 characters each), typically in the format sitename.enterprisename.domain_suffix. Use an asterisk (*) to denote subdomains. Exchange appends an ending asterisk (*) to the address space, but doesn't display it.
  • Cost—A value from 1 to 100. Lower-cost routes take precedence over higher-cost routes.
  • Restrictions—Specifications that denote which messages can travel through the connector. Use the Delivery Restrictions property page to control whether messages from an organization, a site, or a location can travel through the connector. Usually, the IMS replicates address spaces to all Exchange servers to tell the servers which connectors can process messages of a specific address type. Use the Delivery Restrictions property page to control which connectors the organization or site can access. (Note: When you make changes to the IMS, you must stop the IMS and then restart it for the changes to take effect.)

After you have configured the address space to receive inbound messages, you need to correctly configure the Domain Name System (DNS) entries and Mail Exchange, Address (A), or Canonical Name (CNAME) records. This configuration lets the DNS properly route incoming message traffic to the Exchange server running the IMS.

What are the limitations of this method of creating virtual organizations?

This method has two important limitations. First, the configuration allows only one default SMTP address-naming rule per site and, therefore, affects the creation of new users. When you create new users, Exchange Server automatically sets their SMTP address to the site default (user@site.organization.com). The default is the same for all users within a site. However, the administrator can always change an individual user's SMTP address via the Exchange Administrator utility or through the use of a text file and a bulk update.

The second limitation affects the Exchange directory. By default, users can view all other users in the Global Address List (GAL) in the directory. Address book views let the administrator partition the GAL into separate sections and then define which section users can view as their default GAL. The administrator can also define separate recipient containers within the Exchange directory for each organization. These limitations create more work, but they're not usually showstoppers.

When is the Site Connector the best choice for connecting Exchange sites?

A Site Connector lets you make a direct connection between a server in a local site and a server in a remote site. The Site Connector is easy to configure and provides the most efficient and high-performance method to connect two sites. You use Site Connectors when you have LAN or WAN connectivity between all the servers in the sites. Microsoft recommends the Site Connector for connecting sites.

Site Connectors support the use of remote procedure calls (RPCs), which can travel across only high-bandwidth, low-latency links. Most of the companies I work with use Site Connectors; they either have high-bandwidth WANs or upgrade their WAN links as needed.

When is the X.400 Connector a good choice for connecting Exchange sites?

The X.400 Connector for Exchange Server is a good choice for deployments that don't have the luxury of high-bandwidth, low-latency WAN links to connect the organization. The X.400 Connector offers greater flexibility and control of message routing and traffic than the other Exchange Server connectors do. For example, the X.400 Connector supports scheduling and gives an administrator several tuning options that control the flow, content, and behavior of messaging traffic.

When is the Dynamic Remote Access Service (RAS) Connector a good choice for connecting Exchange sites?

You can use the Dynamic RAS Connector between Exchange Server sites that don't have a permanent connection. This connector lets you inexpensively add remote offices to your messaging system, especially if message traffic is low and you can schedule the message transfer. Typically, you use a modem and a dial-up connection at speeds such as 28.8Kbps or 56Kbps to set up a Dynamic RAS Connector. You can use this connector as a backup connection when a site's primary connectors are unavailable. However, people often misuse or misunderstand the Dynamic RAS connector; use it only as a backup or low-traffic solution.

When do you use the IMS to connect Exchange Server sites?

You can use the IMS to connect Exchange Server sites with SMTP. Use the IMS to connect two Exchange Server sites only if the Internet is the sole means of connection between the sites.

How do I implement a list server on Exchange Server?

A list server is a service that implements a mailing list that users can subscribe to or gain membership in. You can use this mailing list as a discussion forum, a newsgroup, or an automailer for product information. Users can send mail messages to the list server, which distributes the messages to the list subscribers.

Curiously, list server functionality has been missing from Exchange Server. In Exchange Server 5.5, however, you can implement this capability with a custom Exchange Server Event Script or with a third-party solution, such as the ReddFish ListServer for Microsoft Exchange Server.

Exchange Server 5.5 adds the Event Scripting Agent feature, which developers can use to create scripts in languages such as Visual Basic (VB), Java, and C++. (For more information about the Event Scripting Agent, see Tony Redmond, "Closing the Messaging and Groupware Gap with Exchange 5.5's Scripting Agent," Windows NT Magazine, March 1998.) Time- or event-driven triggers cause the Event Scripting Agent to execute the script that implements the feature-set of a list server. Users can use the common list server commands to subscribe to a mailing list that would look and feel like any other list server. Microsoft provides a list server application that will work with the Event Scripting Agent on the current BackOffice Resource Kit.

Several third-party Exchange Server solution providers have developed list server functionality for Exchange Server. I am most familiar with ReddFish's ListServer, but L-Soft International and NTP Software have other list server products. You implement the ReddFish ListServer product as a Windows NT service that lets Internet mail users access Exchange Server distribution lists. Users send email containing commands to ListServer's mailbox that ListServer processes. ListServer returns confirmation messages to the user. Each email message can contain many commands. ListServer modifies the membership of distribution lists and creates new custom recipients if the email addresses specified don't correspond to Exchange Server mailboxes or existing custom recipients. The ReddFish ListServer Service Manager lets administrators control the service. Setup and installation are relatively easy and ReddFish lets you try the software, available at its Web site, http://www.reddfish.co.nz free for 1 month.

For another approach, see "Create a List Server on Exchange," page 16.

I am having trouble sending and receiving email over the Internet. How can I ensure that I have configured my system correctly?

The IMS is fully integrated with Exchange Server and NT, and you can troubleshoot problems with the tools (e.g., Windows NT Performance Monitor) for other components. In addition, the IMS can generate SMTP logs.

To configure IMS, from the Exchange Administrator, choose File, New Other, Internet Mail Service, and follow the wizard's steps to create a new IMS. Understanding setup and troubleshooting procedures for these areas should ensure successful configuration and operation of the IMS.

After you've configured the IMS, first check your server's connectivity to the Internet by using the ping command to reach a well-known host (if your server uses the Dynamic RAS connector, you need to make the connection before using the ping command). Screen 2, page 9, shows the ping command syntax. If the ping was not successful (i.e., you received a message such as Destination Host Unreachable or Request Timed Out), you need to troubleshoot your Internet connection before proceeding. You might have problems with your TCP/IP, router and firewall, or RAS configuration.

Next, check whether you've set up your Exchange server's TCP/IP configuration correctly by using the ping command to test its network presence by name (ping servername). If this test isn't successful, you need to add an Address (A) record to your DNS configuration for the Exchange server. If you are using an ISP and its DNS service, you must ask the DNS administrator to add this record for you.

Next, verify that other host computers on the Internet can recognize your Exchange server as a mail exchanger (MX) host. First, the DNS administrator must add an MX record to the DNS configuration. You can then test this by using the Nslookup utility that comes with NT 4.0. Load Nslookup and type

set type=MX

Next, type in your organization's domain name (e.g., compaq.com). If the configuration is correct, this test will return the name of your Exchange server and domain (e.g., mail.compaq.com).

The next step is to test whether your Exchange server is running the SMTP services necessary to transfer mail to and from hosts on the Internet. The easiest way to test whether Exchange has SMTP services available is to use Telnet. Use Telnet to connect to your Exchange server (enter the host name such as mail.compaq.com) and use 25 as the port number. Port 25 is the standard port that the SMTP service uses to listen for and communicate with other SMTP systems. If the SMTP service is available on your Exchange server, you will receive a response similar to 220 mail.compaq.com Microsoft Exchange Internet Mail Service 5.5.1960.4. A response starting with 220 means that the SMTP service is running. If you are familiar with SMTP commands, you can enter them here to do additional testing. Type help at the SMTP command prompt to get a list of valid commands.

If your Exchange server passes these tests, it is ready to send and receive mail via the Internet. Other obstacles are outside the scope of the Exchange IMS configuration. If you are using an ISP, check with the ISP for additional steps for troubleshooting Internet mail exchange.

What IMS settings can affect mail transfer between Exchange Server and an ISP?

Several IMS settings can affect mail transfer to and from your ISP and your Exchange Server IMS. Check these settings on the tabs of the IMS Properties page to match your requirements.

  • Accept & Reject Connections, Transfer Mode, and Message Delivery settings on the Connections tab. Ensure that you've configured your ISP mail host properly and selected the correct transfer mode. In addition, the message delivery options must be correct for your specific configuration.
  • Message Size settings on the General tab. The IMS won't accept or forward messages that are outside the size parameters. Ensure that this setting is within your organizational and ISP guidelines. No limit is the default setting.
  • Address Space settings on the Address Space tab. You must configure the correct address space and its associated restrictions and routing information for the IMS to accept mail from your ISP for the email address domains you want. Try using an asterisk as an address space for troubleshooting to see whether this configuration is the problem.
  • Routing entries on the Routing tab. The routing list contains domain names and associated SMTP hosts. For each recipient of every inbound message the IMS receives, the IMS compares the domain name on the address with the list of domain names on the Routing tab. If the IMS finds a match, it reroutes the message for that recipient to the associated host. The IMS won't forward messages that are outside these parameters to the ISP mail host. Be sure that this setting is within your organizational and ISP guidelines.
  • Message Content settings on the Internet Mail tab. You must configure message content according to the types of content that your ISP mail host can accept. As Screen 3 shows, you can format attachments as either MIME (default) or UUENCODE. If attachments are not getting through or are garbled, check these settings.
  • E-mail Security settings on the Security tab. For outbound mail transfer to the mail host, you must add each outbound mail domain and configure the encryption and authentication options. If your ISP requires secure or encrypted authentication, you must configure it properly.

This column is a forum for discussing common questions you face day to day as an Exchange Server administrator. Send me your questions, comments, and feedback for future columns.