So Microsoft still has the MacOS Outlook for download

I was kind of surprised.  Even more so that I could get it working to my Exchange 5.5 server.

outlook on macos 8

Outlook on MacOS 8.0

Unless you have AppleTalk enabled on your server, you’ll need to setup your TCP/IP, and that also means you have to be able to resovle the exchange server by name.

If you want to use a hosts file, be sure to set the user mode to advanced in the control panel, and then setup a hosts file in the special format that looks more like a DNS zone record.

exchange.superglobalmegacorp.com A 172.18.8.50
exchange CNAME exchange.superglobalmegacorp.com
bbs CNAME bbs.superglobalmegacorp.com

Then save it somewhere like System/Control panels, point the TCP/IP panel to it, and that should do it.

For anyone who wants to try to connect to their Exchange server, you can find the client here, on their ancient ftp server.  And I suppose you could also try the one from Exchange 4.0SP2, but I didn’t bother, since this one is so new, like 1999!

 

Exchange 5.5 OWA vs Outlook 2003

ASP 0115

ASP 0115

error ‘ASP 0115’

Unexpected error

/exchange/USA/root.asp

A trappable error occurred in an external object. The script cannot continue running.

So, call me crazy, but I’ve been running an Exchange 5.5 server a home for a while without issues.  It’s perfect for a single user, I can keep up to 16GB worth of email on there, and best of all I can use real email clients like Outlook (or is it LookOut!?).  Anyways I noticed something weird which is that Outlook 2003 always is unsure if the server is there, and I have to tell it that it’s OK to connect.  Also once the Outlook 2003 client connects, it kills OWA, giving me these weird ASP 0115 Unexpected errors.

googling around for a fix was a bit futile, and I’d largely written off OWA, as in this day & age, who really wants some ASP 3.0 app?  But for some reason, today was going to be the day to fix it, as I don’t have Outlook on my macbook air.

So with the Outlook 2003 clue in mind I finally found KB-818709, aka “Outlook Web Access stops responding when you try to access a mailbox on an Exchange 5.5 computer”.

As the cause states:

This problem occurs when you try to access a user account that was previously accessed by a client computer that is running Microsoft Office Outlook 2003.

Outlook 2003 adds a fourth entry to the PR_FREEBUSY_ENTRYIDS property. PR_FREEBUSY_ENTRYIDS is a multi-valued MAPI property that is stored on the Inbox folder. CDO expects three entries. The unexpected fourth entry causes heap corruption that causes OWA or the third-party program to stop responding.

Well how about that?

So with the hotfix in hand, and a reboot, it now works perfectly, like it did back in 1997.  And the best part is that it works great in Chrome.

And for anyone crazy like me with Exchange 5.5, remember to install SP4, and of course the KB829436 hotfix!

Running Microsoft Exchange from home.

Well thanks to my latest outage, I’ve gone back from having an Exchange server in the “cloud” (well really a server I rented), to a Virtual Server at home.

First my ‘plan’ is to get a VPS that I can run OpenVPN on.  From there I’m going to build a VM at home that will also run OpenVPN, and it will connect to the VPS.  I will then setup routing, so that the Exchange server can then communicate with the VPS’s internal interface, and the VPS can communicate directly with the exchange server.  I’ll then configure postfix to store & forward email to the Exchange server.  This way if the link drops, the VPS will just spool the mail.  Finally I’ll setup SpamAssasin to filter out the SPAM.

First you will need to have a tun0 interface in your VPS.  Almost everyone supports this these days so it shouldn’t be too hard… If you cannot get a tun0 interface, perhaps ppp0 with pptp..?

I followed these instructions on setting up OpenVPN on Debian 6.  Now granted, I’m using Debian 7, but the instructions are pretty much the same.  Basically you have to setup a CA (Certificate Authority), and then you generate a Server certificate, and a client certificate.  For my needs, I’m going to issue single certificates for everything(one) that connects into my VPN.  I also have a network at home that I want routed to the VPS, so this is included (192.168.0.0/24).

A simple server.conf looks like this:

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-config-dir ccd
route 192.168.0.0 255.255.255.0
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

And a the client configuration I’m using is this:

client
dev tun
proto udp
remote MYHOST MYPORT
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert hong-kong-home.crt
key hong-kong-home.key
ns-cert-type server
comp-lzo
verb 3

In the directory /etc/openvpn/ccd on the server, I have to ensure that I have a file called ‘homefw’ which is the common name of the client certificate.  It has to contain the following line to ensure that my home network is routed to the VPS.

iroute 192.168.0.0 255.255.255.0

Don’t forget to turn on ip forwarding on both the VPS, and the local ‘tunnel router’.  For Linux based stuff you need to make sure that “/proc/sys/net/ipv4/ip_forward ” is a 1.  You can just do a simple “echo 1 > /proc/sys/net/ipv4/ip_forward ” in “/etc/rc.local” or go through your distributions networking documentation to make sure you set it up ‘correctly’.

In OpenBSD I just simply uncomment the following line from /etc/sysctl.conf

net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of IPv4 packets

If you don’t have routing in place you’ll notice that you can only ping the tunnel interfaces, but not the IP’s on the LAN.  While this may be fine for a p2p or client setup it isn’t good enough if you want to route traffic.

I’m running VMWare ESXi 5 at home, and thankfully it does support Windows NT 4.0 Server out of the box.  I setup a Domain Controller running DNS & WINS.  The VMWare tools won’t work properly with some service pack (4 I think?) but I went all the way to 6, along with the rollup.  Until you load the service pack, the network adapter will *NOT* work.

I’m going with Exchange 5.5, so again I installed another NT 4.0 server, service packed it, and joined it with the domain controller.  Remember to install IIS, and the ASP update, as 5.5 OWA needs asp. Be sure to apply the latest service pack for Exchange, SP4 – in the case of Exchange 5.5 .

Now for routing I could go with dynamic routing, or static routing.  I chose static as I didn’t want to get too involved for this project, as I needed to get email flowing as quickly as possible.

route add 10.8.0.1 mask 255.255.255.255 192.168.0.49 -p

From Windows NT.

It is imperative no matter what version of Exchange you run, that you turn off the open relay “feature”.  A great step by step guide is available here on msexchange.org .

With the basic routing in place you should be able to talk to the Exchange servers’ SMTP engine.  You may want to setup either a local DNS and populate the VPS’s source address or put in some host entries for it.

# telnet 192.168.0.55 25
Trying 192.168.0.55…
Connected to 192.168.0.55.
Escape character is ‘^]’.
220 exchange.superglobalmegacorp.com ESMTP Server (Microsoft Exchange Internet Mail Service 5.5.2653.13) ready
HELO
250 OK

Now it would be insane to place an Exchange server directly onto the internet.  Plus when the VPN link is down, it’d be nice to have the VPS store email and forward it when it can.  So for this task I installed postfix.

For me the big changes in main.cf were:

mydestination = nodedeploy.superglobalmegacorp.com, localhost.superglobalmegacorp.com, , localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.8.0.0/24 192.168.0.0/24
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
relay_domains = superglobalmegacorp.com work.com
transport_maps = hash:/etc/postfix/transport
virtual_alias_domains = virtuallyfun.com
virtual_alias_maps = hash:/etc/postfix/virtual

This will permit my exchange server to relay out my VPS, and tell postfix that it’s OK to accept email for the various domains I have.

My transport database is very simple.  For the email accounts I’m using two domains, so I simply instruct postfix to forward emails destined to these domains to the exchange server

superglobalmegacorp.com smtp:192.168.0.55
work.com smtp:192.168.0.55

And for domains I couldn’t be bothered to create mailboxes for, instead I have their email setup to forward to an existing box using a virtual domain in the ‘virtual’ file.

abuse@virtuallyfun.com abuse@work.com
postmaster@virtuallyfun.com postmaster@work.com

Now due to the nature of postfix you need to generate database hashes for it to work, so my script to kick this off is:

postmap hash:/etc/postfix/transport
postmap /etc/postfix/virtual
newaliases
postfix reload

Which isn’t too involved once you get the bits in the right place.

Assuming you’ve got your MX records setup on the outside, with any luck you should start seeing some mail flow through.  If not telnet to port 25 and start talking to your mail server.

One problem I have is that superglobalmegacorp.com is an old domain, and it’s lapsed a few times to different idiots who not only added to the ridiculous spam lists I’m on, but also spammed from it as well.  So to deal with SPAM, I went ahead and installed spamassassin, as described in this page.

As mentioned adding the two lines to master.cf got it going

smtp inet n – – – – smtpd -o content_filter=spamassassin -o syslog_name=postfix/submission
spamassassin unix – n n – – pipe
user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}

And I did change the spamassasin local.cf

use_razor2 1
use_dcc 1
use_pyzor 1

As I do get a lot of spam.

I don’t think most people will care, but this is more so for me keeping my notes straight.  So yeah I run Exchange 5.5 at home (which I got on ebay for $25!) with Outlook 2003 on Windows XP x64.  It works well enough for me.