I’ve been toying around with running an Exchange server at home to make family e-mail a more integrated experience (since I’m used to Exchange at work). There are obviously a variety of simpler web-based solutions that are available, not the least of which is Google Apps for your domain. I’m actually experimenting with Google Apps on a sub-domain for more extended family but am not satisfied with IMAP or Gmail’s web interface as my primary interaction method. Part of this has to do with using Outlook / Exchange for so long at work and getting quite used to the entire paradigm.
I also have my personal domain hosted thru Lunarpages web hosting (on another note, I give them a B-/C+ at best but they are really inexpensive). I didn’t want to give up having my personal domain hosted at a provider because even if I do run a mail server at home, my Comcast connection doesn’t give me a static IP and more importantly many of Comcast’s IP addresses get put on blacklists due to other spammers. I actually have my DNS information hosted at dyndns.org and can have a dynamic IP for my MX server but it didn’t seem like it was worth the hassle. Then there is also the consumer level router I have (D-Link DIR-655) and I’d have way too many ports to open to allow direct access to an Exchange server inside my firewall.
So my desire to try out Exchange at home seemed like it wouldn’t get off the ground. (Umm, yes, using Exchange is really waaaaaaaaaaaay overkill at home, but lets ignore that for now) :-) I found out that Microsoft’ Small Business Server 2003 product allows you to actually access remote mail via POP (the POP3 connector). This seemed like a good route to go, but left the issue of direct access open.
Then I had an idea that I thought was brilliant (though as you usually find out on the internet these days, many others already had the idea): Setup an exchange server at home and use Hamachi to access remotely (Hamachi is a peer-to-peer VPN system).
After a lot of experimentation here is what I ended up with:
- Microsoft Small Business Server 2003 running on a relatively old Shuttle SK41G box. I configured the SBS 2003 server on a domain that follows the following: servername.externaldomainname.local The SBS 2003 box uses the POP3 Connector to retrieve mail from my external hosting provider (yes, there is a 15 frequency cap on checking email). The SBS 2003 server is configured to send outgoing mail via DNS.
- I have my server name (FQDN) properly setup on dyndns.org using dynamic update for the IP. That way a reverse DNS lookup on my SBS 2003 server (for outgoing mail purposes) actually resolves properly to handle not being classified as a spam server.
- Hamachi VPN installed on all the client machines and also on the SBS 2003 server.
- I also followed the following advice on the SBS 2003 server (though I’m still not sure if this was necessary for my setup):
You need to create a reverse lookup zone for the Hamachi 5.x.x.x network. To do this, start the Reverse Lookup Zone wizard in DNS. The network is 5. , notice I didn’t put anything after 5. , this is important. Since this is a class A subnet, you need to be able to resolve any possible Hamachi address.
- Outlook 2007 on the client side configured to access the domain name listed above. I also went into the etc/hosts file and hard coded the server name to the Hamachi 5.x.x.x IP address. I also actually setup the Outlook 2007 client to not only be setup with Exchange but also checked my direct POP account more often to accommodate for the 15 min POP3 limitation in SBS 2003.
- And then the final and most important configuration I did was to setup the Outlook Anywhere setting in Outlook 2007.
This last item was fairly critical to get the whole thing working flawlessly from any network (regardless of the host networks restrictions on specific ports).
Outlook Anywhere is within your Exchange Server Mail settings in Outlook 2007. You go to the Connection tab and under Outlook Anywhere check the “Connect to Microsoft Exchange using HTTP” checkbox. Click on “Exchange Proxy Settings”. Here is what I finally settled on:
In the https:// box I put in the just the server name, not the domain name or TLD at the end. Again just the server name.
Both “Connect using SSL only” and “Only connect to proxy servers that have this principal name in their certificate” were both checked. The text box underneath has msstd:servername.domainname.actualTLD. That means I didn’t use .local at the end in this field.
“On fast networks” not checked. “On slow networks” is checked.
Under Proxy authentication settings, I picked “Basic Authentication” which grays out the “Connect using SSL only” box above.
This was a fairly critical step to allow Outlook 2007 to communicate via HTTPS thru the Hamachi connection to the Exchange / SBS 2003 server.
Please note that you have to install the security certificate that is automatically generated by the SBS 2003 server on your client machine to ensure that everything is recognized.
E-mail me if you want to try something crazy like this and I can tell you more details as needed! 🙂
Links: Hamachi and Exchange, Outlook over Internet, RPC over HTTP