Settings to Tweak in Exchange 2003 System Manager and in IIS

You may be able to change most of these settings before applying any exchange 2003 service pack. After applying Exchange 2003 SP2, return here to tweak any new options and features added with the service pack.

1. Open Exchange System Manager.

2. Right click the Exchange Organization and select Properties. On the General Tab, check the box to Display Administrative Groups, and clear the box next to Display Routing Groups. Click OK.

3. Under Global Settings, select Internet Message Format and in the second window right-click Default and select properties. Go to the Message Format Tab and Select the MIME and the Both radio buttons. On the Advanced Tab select only:

Exchange rich-text format:

• Determined by individual user settings

Message text word wrap

• Never use

Enable the following check boxes:

• Allow out of office responses
• Allow automatic replies
• Allow automatic forward
• Allow delivery reports
• Allow non-delivery reports
• Preserve sender's display name on message

Click apply, Click OK to close default message format properties

4. Under Global Settings, right click Message Delivery and select Properties.

• a. On the General Tab there is an button to add perimeter servers. If this is a one-box setup, there may be no perimeter servers.

• b. On the Defaults tab, there a default delivery restrictions for recipients: Sending Message size 10240 KB, Receiving Message Size 10240 KB, and Number of Recipient Limits 5000. Change as you see fit.

• c. On the Sender Filtering Tab, Check the box next to: Drop connection if address matches filter

• d. Under Connection Filtering Tab, by default there is nothing in the Block List Service Configuration, nothing in the exception list, nothing in Global Accept, and no IP's configured in the list to deny e-mail form certain IP Addresses.

• e. Under the Recipient Filtering Tab, by default there are no recipients listed under Block messages that are sent to the following recipients, and the check box is cleared next to Filter recipients who are not in the Directory.

• f. Under Sender ID Filtering (Available in Exchange sp2) the default setting is to Accept the Message (and the sender ID status will be attached to the message for further anti-spam processing). You could also choose to Delete or to Reject, but be careful by rejecting if mail is forwarded from a non-exchange perimeter server. You may create a loop.

• g. Under Intelligent Message Filtering Tab (available as an add-in to exchange SP1, or available as part of exchange SP2), Chose SCL ratings of approximately 6 (so everything 7 and above will be treated as you configure). If you merely want Exchange to sort messages into the Junk Mail folder, then under the heading When blocking messages, just select No Action. Then, under the heading of Store Junk Email, select an SCL of 6 in order to move messages to Junk Mail when the SCL is 7 or more. (contrary to what the property page says about greater than or equal to, it only filters messages greater than the SCL

5. Under Global Settings, right click Mobile Services and select properties.

a. Under Exchange ActiveSync, check these boxes:

• Enable user initiated synchronization
• Enable up-to-date notification

Under Outlook Mobile Access, check these boxes:

• Enable Outlook Mobile Access

You should try clearing the box Enable unsupported devices (until you have users with mobile devices that requires this to be enabled).

There are additional items to consider when Exchange SP2 is installed. Return to this section if you want to enable mobile Device Security by enforcing complex passwords on device, etc.

Close Mobile Services Properties.

6. Add new mobile carriers to Mobile Services. Right click Mobile Services and select New and click Mobile Carrier. Under Name, insert a name for the new carrier, like Sprint PCS. Under SMTP domain insert @sprintpcs.com and click APPLY and click OK.

7. In Exchange System Manager, expand Recipients, Select Recipient Policies, and right-click Default Policy and select Properties. On the Email Addresses Policy Tab, insert the smtp addresses for Generating Mail Box Addresses of Recipients in the Organization. For example, click new and Select SMTP Address, and insert an address like @mx1.yourdomain.net or @yourdomain.net and click OK. There should already be an SMTP policy for @yourdomain.lan, as well as an X400 policy you should NOT edit. Make sure you check the box next to each new SMTP address to enable that policy.

Here, you can also SET AS PRIMARY the single SMTP address for outgoing mail from accounts within the organization. It is recommended that you use the registered Fully Qualified Domain Name that the organization will use on the internet (for example, use .com, .net, .org, .edu, etc. domain names, and not your .lan or your .local).

Answer Yes when the Alert box Asks whether you want to propogate those new SMTP policy changes by applying them to existing exchange email box accounts.

8. In Exchange System Manager, expand First Administrative Group, expand Servers, and right click your server name and left click properties. The Tab RPC-HTTP does not appear until Exchange 2003 Service Pack is Applied. At that time, if this is a one-box server, you will click the radio button next to RPC-HTTP back-end server. You may be able to set it as Not part of an Exchange managed RPC-HTTP topology. THIS NEEDS MORE STUDY. It works as an RPC proxy when RPC-HTTP back-end server is selected. Careful, not sure what if any is reversible here.

9. Under Servers, Protocols, SMTP, right click Default SMTP server and select properties.

• a. On the general tab, You can check the box to enable logging with w3c extended log file format, and you will see that the IP address for this virtual SMPT server should be (All Unassigned) and on standard port 25. Click Advanced to find you can edit smtp and enable various SMTP filters. The Inteligent Message Filter is only available as and add on at the time of SP1, and an updated version of Intelligent Message Filter is integrated with Exchange SP2. However, IMF must be enabled here in SMTP properties, and In Global settings, under Message Deliver properties, as described above.

• b. Under the Delivery Tab, select Advanced Delivery button, change the qualified domain name from yourhost.ntdomain.lan to yourhost.internetdomain.com. On the same Advanced Delivery page, insert the IP address (between BRACKETS) of any Smart Host (your perimeter non-exchange email server) that may handle other email accounts for the same FQDN and all mail where delivery is not local to exchange mail boxes handled on the exchange server. The brackets are required to prevent the DNS service from trying to resolve the IP address of the smart host IP number as if its were a host name. Click the button Configure (to configure external DNS servers).

10. In IIS, Default Website, Exchange Virtual Directory, Go to Properties, Directory security tab, Under Secure Communications section, click Edit button, and Check the boxes next to Require Secure Channel (SSL) and Require 128-bit encryption. Under client certificates, check Ignor client certificates - even though it all seems to work even if you check require client certificates (and no clients have certificates). Click OK, Click Apply, click OK to exit Exchange Virtual folder properties.

11. In IIS, Default website, RPC virtual directory, Properties, Directory Security Tab, clear the Enable anonymous access check box. Check the 2 boxes one next to integrated Windows Authentication and one next to Basic Authentication (password is sent in clear text). When queried by alert box, click yes to allowing passwords sent in clear text, and next to Default domain, type in the pre-windows 2000 secondary NT-type domain name (without a primary domain dot suffix). An example would be MSN, not MSN.com or MSN.lan. Click OK, click APPLY, Click OK to Exit RPC virtual directory properties.

12. Note, change nothing in RpcWithCert virtual directory.

13. Remember to restart the IIS Admin Service and its dependent services. Start, Run, Services.msc, Open, right click IIS Admin Service, and Left-Click RESTART, and also Click Yes when asked whether you also want to restart the listed dependent services.