This weekend, after copious amounts of reading, preparing, rigorous testing, and plenty of cursing, I decided that I was prepared enough to replace the 75 lb steel server that was playing the role of my Exchange Server.

The new system (codenamed warhawk) is faster, smaller, and a whole lot quieter but above and beyond it’s also running on a completely different platform. Gone are the days of Exchange Server on Windows – this new system is running Debian Etch (now stable), Postfix, Cyrus IMAP with a dose of SpamAssassin and Razor for good measure.

All in all, I think it went pretty well. I did have a little problem migrating some of my mailboxes over to the new server, but once I found what the issue was it’s been smooth sailing ever since.

Two things saved my hide during the whole process. First off, The Book of Postfix is an invaluable resource for understanding everything that there is to know about Postfix. I don’t think I would have even attempted this project without this book at my side. The second thing is documentation; my own. During testing, I wrote down every little command that I ran to make the server run. Without this, things would have easily been hopeless.

I’m pretty happy with the end result. Postfix runs like a dream as an MTA and the multitude of anti-spam features are a breath of fresh air. I’m amazed at how much spam I stop at “SMTP time” without it ever hitting my inbox.

What spam does make it through gets whacked by the tag-team of SpamAssassin and Vipul’s Razor. SpamAssassin neatly appends the string “SPAM” to the existing subject line, wraps up the message in an attachment and then attaches it to a new report email detailing why it marked it as spam.

As I alluded to in a previous post, I’m going to replace my Exchange Server with the open source MTA Postfix. However, since I’m so very green at Postfix, I wanted to make sure that I had all my ducks in a row before deploying it.

So here is where the conundrum takes place. I want to have both the Exchange Server working while I’m testing the Postfix server. I have only one public IP address and my router is forwarding connections on port 25 (the default port for SMTP) to the Exchange Server. Because of this the Postfix server, can’t listen for incoming email.

It’s still possible to solve this problem, though. What’s the solution?

The solution is namespace sharing. For this to work, you’ll need two domains registered by a domain registry. Using your domain registry’s DNS management tool, point the MX records for both domains to the public IP address. So for example, I have the MX records for eddorre.com and phxindesign.com pointing to the same public IP address.

I want email that is destined for eddorre.com to go to the Exchange Server and email that is destined for phxindesign.com to go to the Postfix server.

Using namespace sharing, you have the Exchange Server accept mail for the phxindesign.com domain and then it forwards it onto the Postfix server beside it (beside it means logically, not physically). So in essence, both the Exchange Server and the Postfix server are sharing the phxindesign.com namespace/domain.

This is nothing new nor miraculous but it’s the first time that I’ve set this up. Microsoft has a Knowledge Base article with instructions on how this can be done with an Exchange 2000 or 2003 Server.

I should note that I did make some modifications to the instructions. I found it cleaner not to modify the Default Recipient Policy. Instead, I created a different Recipient Policy for the shared domain.

Also, the instructions say to check the option for “This Exchange Organization is responsible for all mail delivery to this address”. I found that this creates NDR when attempting to send email to an account in the shared namespace.

Now I can continue to use the Exchange Server while testing the Postfix server in an Internet environment.

Well my domain is complete for now. In order to get Exchange working I had to visit the voodoo god Obatala and learn the dark ritual arts which were then performed on the Exchange Server. Actually, I just blew away my domain controller and started over again, but it didn’t sound so interesting saying that. Turns out that the DNA evidence against ForestFucker was not as conclusive as I thought and he was cleared of all charges. The actual prime suspect is the Active Directory Connector which I’ll call The Active Directory Hoser. The things that it did to the Active Directory shall not be spoken of here since it will frighten small children and big children too.

In other news, I got a PPTP VPN server up and running behind my Linksys router with NAT running. All you have to do is forward port 1723 (UDP and TCP) to the VPN server and make sure that you downgrade!? your firmware to 1.44.2. As to why it doesn’t work with a newer firmware is anyone’s guess. Regardless, I’m happy because I get to close off port 3389 (Remote Desktop) to my super-dooper-wonder-workstation.

Well, I’m on day three of this Exchange 2003 garbage. Although I did get my old mail server up and running this installation of 2003 is getting ludicrous. I’m starting to think that Exchange 5.5 to 2003 migration is only possible in the land of faeries and pixies and can’t actually be accomplished in the real world.

I’ve actually abandoned all hope of such a foolish little fantasy and have tried installing ES2K3 as the first Exchange Server in the site. All ES2K3 installations begin with the ForestPrep tool which should be titled ForestFucker because that is exactly what it does to your Active Directory. I’m not sure exactly what it is doing in the Active Directory but I think it is the equivalent of having a drunk surgeon performing surgery on your brain in the jungles of southeast Asia with a corkscrew. The log file that it generates, while written in English, requires a PHD to actually unravel and understand.

I have even tried to make another domain controller just in case my first one was fucked-up-beyond-all-recognition. I transferred all of the roles over from the old domain controller to the new one essentially making it The Grand Poobah of domain controllers. However, for some godforsaken reason, all of the servers in my domain are still enamored with the old domain controller and refuse to talk to the new one.

Every time that I think that I am close to a solution, the setup throws up all over itself like a new born baby and proceeds to make my life a living hell. I have a feeling that in order to correct the situation I have to format and reinstall both of my domain controllers with the hope that ForestFucker doesn’t come by and gang-rape it all over again.

Ever since attempting to upgrade/move Exchange from 5.5 to 2003 my mail has blown up. I thought that it was awful strange that I wasn’t getting any email. I don’t know if it has to do with the Active Directory Connector piece or something else but I see error 421 in the SMTP logs on the mail server. When I attempt to send email to myself from another domain, I get “421 Internal error. Connection closing”. So it looks like I haven’t been getting email since Wednesday. Afer I’m done playing outside, I’m gonna sit down and attempt to figure out what went wrong and fix it.

Well I tried starting my Exchange 5.5 to 2003 migration last night and every imaginable step that there was blew up like the Hindenberg. I did what it wanted me to do, run the Active Directory Connector tool, run ForestPrep and then DomainPrep. No matter what I did, bad things would happen. I guess that’s what I get for trying to just go in there and do it and not read up on it beforehand. Oh well, this weekend I’ll be armed with Exchange and Outlook Administrator newsletters that tells you what to do.

We have Network Associates’ GroupShield for Exchange on our email server to prevent bad attachments from getting to our users. For each attachment that is quarantined, the administrators (that’s everyone in the IT Department here) get an alert. Ever since the SoBig.f virus found its way on the Internet, we have been getting hammered with these alerts. Over the weekend, I received 46,000+ messages. Luckily, I have a rule that diverts the alert messages to another folder as soon as they come in. Unfortunately, my boss did not do this so when he came back from vacation he was greeted with 96,000+ messages in his inbox.