Exchange 2003 Post Installation Tasks
You have installed your Exchange 2003 Server. Now what?
Before creating users, there are a number of things that you should do to ensure that the server runs smoothly and is secure.
- Enable Message Tracking.
This shows you what Exchange is doing with messages. More Information.
- Secure the SMTP Relaying Feature
While Exchange is relay secure out of the box, it does allow authenticated relaying to take place. If you are not going to have users relaying email through your server - for example from Outlook Express, or the use is going to be limited, then you should review the relay settings. More Information.
- Setup an Email Admins group
This group should be used for setting any high level permissions on the server - for example as the owner of Public Folders. More Information.
- Setup an "All Staff" group
As well as allowing all of your users to email everyone else, the group can be used to secure other parts of the Exchange email system. More Information.
- Purchase an SSL Certificate.
This doesn't have to be a huge expense, a Certificates for Exchange SSL certificate will be fine. However by using a commercial SSL certificate you will avoid any certificate prompts and can easily deploy features like RPC over HTTPS or Exchange ActiveSync.
- Enable Recipient Filtering to Drop Email for Unknown Users
This will stop your server being used in an NDR relay spam attack. Filter Unknown Users.
- Open the relevant ports on your firewall.
For a secure Exchange server that is accepting email directly by SMTP, you only need two ports to be open - 443 (https) and 25 (smtp). No others need to be opened for Exchange to operate correctly.
- Configure DNS, MX and Server Banner
Not all of these changes will need to take place immediately, but should be addressed. More Information.
- Move the Exchange databases and logs.
If you have configured the server correctly, you will have separate drives for the transaction logs and database. Exchange doesn't use these by default, so you will have to move the databases and transaction logs using the correct procedure as outlined in this article: http://support.microsoft.com/kb/257184
- Configure an SMTP Connector.
While not strictly required for all configurations, an SMTP Connector even configured for DNS delivery is a good thing to have in place. More Information.
- Run the Best Practises Analyzer
After configuring the server, run the Microsoft Best Practises Analyzer to ensure your server is configured correctly as per the guidance from Microsoft. More Information
What has been skipped from the list above includes...
- Configure backups
- User Creation
- Additional Group Creation
- Updating the server with the latest service packs and updates from Microsoft.