Configure separate addresses to use with partners and customers
In my consulting practice, I regularly encounter small businesses that have developed niche services to fill a specialized need. To effectively market these services, they use multiple "doing business as" (dba) names, each relevant to a particular service. Invariably, such businesses need to maintain multiple email identities to give customers a consistent view of the business. For instance, the main line of business for the fictitious company Thomas and Associates might be accounting, but the firm also sells a third-party software program under the name Advanced Accounting Solutions and needs many of its employees to maintain both the thomasassoc.com and aasolutions.com email domains. I'll show you the easiest way to maintain multiple email identities in one Exchange mailbox without using any special software. Letting users send and receive mail by using different email addresses and only one Exchange mailbox per user is an important capability for many small businesses because most don't want the hassle of maintaining two different mailboxes.
Single Mailbox, Multiple Email Domains
Exchange Server 2003 and Microsoft Office Outlook 2003 aren't well suited for maintaining completely different email identities for one user and one mailbox. Although you can assign multiple alias addresses to a single mailbox, Outlook always sends email by using the primary email address. I'll show you how to solve the sending problem later, but first you need to set up the Exchange server to accept mail for both the thomasassoc.com and aasolutions.com email domains. (Of course, you'll also need to set up appropriate MX records in the aasolutions.com domain's zone file that direct email to your Exchange server, just as you'd have done previously for thomasassoc.com.)
To do so, first open Exchange System Manager (ESM) from the Start menu on your Exchange server. Select the Recipients\Recipient Policies folder. In this example, you'll edit the Default Policy and simply add aasolutions.com to the already-existing thomasassoc.com domain. Double-click Default Policy and, on the E-Mail Addresses (Policy) tab, click New and add the new policy, which Figure 1 shows. Within a few minutes, Recipient Update Service (RUS) will add aasolutions.com to all your user accounts that have mailboxes. Now user Bob, for example, can receive email sent to firstname.lastname@example.org or email@example.com. The email will arrive in Bob's mailbox, and he can easily determine which of his addresses the sender used by looking at the To: field in the email header.
The method I've just described will give every user an aasolutions.com alias. If you want only certain users to be able to receive email at the aasolutions.com domain, you can create a recipient policy without an LDAP filter. Such a policy lets Exchange receive mail for the aasolutions.com domain, but since there's no LDAP filter, the policy isn't applied to any users. Then, to selectively enable specific users, you edit their accounts in the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in. On the Email Addresses tab, add an SMTP address for the aasolutions.com domain.
When Bob replies to the message, however, Exchange and Outlook will always send the message via his primary email address, which according to the recipient policy that Figure 1 shows is firstname.lastname@example.org (next to the SMTP type). Whether Bob creates a new message or replies to a message received at the other address, there's no way for him to tell Outlook, "Send this message from my other address, not my primary address."
Step 1: Configure Outlook
To enable a user to send messages from multiple accounts and only one mailbox, you can set up a "dummy" POP account in the same Outlook profile that you use to access the mailbox. You'll never use the POP account for receiving mail, and there's no need to enable POP access on the server. Instead, you'll be using the POP account configuration for sending mail via SMTP relay through Exchange. Outlook lets you set up one or more accounts, such as POP, in addition to your default Exchange account in an Outlook profile. When you've defined one or more POP accounts and send a new message, Outlook lets you choose which account to send the message from. The only thing you have to do on Exchange is configure it to allow SMTP relay for your users (but not for the general public on the Internet, unless you want to find your server on every open-relay database this side of the Milky Way). Here are the steps to do so.
First configure Bob's Outlook profile to add a new POP account for email@example.com. To do so, in Outlook select Tools, E-mail Accounts. In the E-mail Accounts dialog box, select Add a new e-mail account and click Next. On the wizard's Server Type page, which appears next, select POP3 and click Next.
On the Internet E-mail Settings (POP3) page, enter Bob's name and the firstname.lastname@example.org address. Enter anything you want in the Incoming mail server (POP3) box. (You'll never use that setting, but the Outlook configuration wizard requires some text to be entered.) In the Outgoing mail server (SMTP) box, enter your Exchange server's address. If the Outlook client you're configuring is on a laptop, make sure that the address works both inside your LAN and on the Internet. Depending on your environment, you might need to take additional steps on your firewall or Microsoft Internet Security and Acceleration Server (ISA Server) to publish the SMTP service on your Exchange server to the Internet. However, most small environments will have one Exchange server accessible to both the Internet and internal network. Enter any text in the User Name and Password boxes. Your entries should look similar to those in Figure 2.
Click More Settings. In the Internet E-Mail Settings dialog box that's displayed, select the Outgoing Server tab. Select the My outgoing server (SMTP) requires authentication check box. Select Log on using and enter Bob's Active Directory (AD) username and password. Next, select Log on using Secure Password Authentication (SPA - also known as NTLM, a Windows authentication protocol) to protect Bob's password when he sends mail as email@example.com.
Click OK, then click Next. Now you'll configure Outlook so that it never tries to retrieve email via this new POP account. To do so, select Tools, Send/Receive, Send/Receive Settings, and Define Send/Receive Groups, which displays the Send/Receive Groups dialog box. Select the All Accounts group and click Edit. In the Send/Receive Settings-All Accounts dialog box, select the POP account you just created and clear the Receive mail items check box.
Step 2: Configure Exchange
Now you need to configure your Exchange server to let Bob and other users relay SMTP mail through Exchange as their aasolutions.com account. To do so, open ESM on your Exchange server. In this example, Thomas and Associates has a single, dual-homed Exchange server connected to the Internet and internal LAN. If your environment is different, you'll need to adjust the configuration steps according to how many network connections and virtual SMTP servers you have—but the overall process is the same.
Navigate to the Protocols\SMTP folder for your Exchange server. In our example, the Default SMTP Virtual Server has an IP address on the internal LAN and services internal clients. The Internet SMTP Virtual Server has an IP address on the Internet and currently receives email from other SMTP servers. SMTP relaying is enabled on the internal SMTP server but disabled on the Internet virtual server to prevent spammers from using the server as a relay point. This means that if Bob's laptop is connected to the internal LAN, he can send mail by using his new aasolutions.com account without any problem, but if he tries to connect when away from the office, the Internet virtual SMTP server will reject his attempt to relay email.
To enable SMTP relaying on the Internet virtual SMTP server, open the Internet SMTP Virtual Server's properties, click the Access tab, then click Relay. In the Relay Restrictions dialog box, select the Allow all computers which successfully authenticate to relay, regardless of the list above check box. Now when Bob is away from the office and sends a message by using his alias POP account, Outlook will authenticate to the Exchange server and relay the message successfully. If you have any email-security products installed on your Exchange server, make sure they're configured, if necessary, to allow relays by authenticated users.
If you want additional protection for Bob's password and encryption of the message when it's sent between Bob's PC and the Exchange server, consider implementing Secure Sockets Layer (SSL) encryption and a server certificate for the Exchange server. Remember, though, that Bob will typically use the aasolutions.com identity to send outgoing email to external parties, which means the mail won't be encrypted when Exchange forwards it on the recipient's SMTP server anyway.
You're done! When Bob receives a message and clicks Reply, Outlook automatically selects the appropriate account to use when sending the message. Bob has to maintain only one mailbox with one inbox, and all his sent messages are stored in his Sent folder regardless of which identity he uses. When Bob creates a new message without replying, he needs to make sure he clicks the Accounts button on the new message window's toolbar to ensure that he uses the correct "from" address. Once you start using multiple email identities, you'll likely find that this capability gives your company more flexibility in communicating with customers.