Trying to bring MAPI online. DNS and WWW issue.

Question asked by Jeff Davis - 7/22/2020 at 11:53 AM

Unanswered

So we have decided to move towards MAPI. In moving that direction I went from having one domain on server to a split domain to try to get MAPI working. So far I have not gotten the MAPI working because I am stuck with DNS and WWW issues.

Oringially, We have a company website hosted on networksolutions. We also hosted the email with them. But because of rising email space costs and wanting to have a exchange type server with funtionality of calendar and such we decided to bring email inhouse a couple years back with Smartermail. Our people like Outlook here, so we went with EAS addon. It has been pretty easy to work with and has pretty much just ran without many issues.

Well after some recent upgrades to SmarterMail and the fact that SmarterTools has decided to no longer supporting/troubleshooting EAS issues related to Outlook on desktop. The reason for this change in their policy is because Microsoft has ended support for EAS connections to Outlook altogether.

You can read more about it here -

https://support.microsoft.com/en-us/help/2859522/outlook-does-not-support-connections-to-exchange-by-using-activesync.

https://www.smartertools.com/smartermail/clients-protocols-features

So we have started to bring MAPI online. Unfortunately I have hit some challenges with the local and external DNS. I was hoping someone might be able to help me to clear up the issues.

hosted domain - www.straughntrout.com

internal domain - stanet.internal

It was running fine with just that with EAS and Outlook, include Lets'Cypt.

But then when I started to move toward setup MAPI I was unable to get the MAPI to work. In working with the DNS, I decided to try to setup split DNS to help route the correct domin locally. Fast forward, at this point I have been able to get MAPI to put up a Login and a password for authentication, but would not authentication.

I have tried just about everything that I can think of to get the DNS correct, but I am now knocking my head on the wall at this point.

I have currently have the following -

Windows Server 2019 Standard

SmarterMail Enterprise Version - 100.0.7459.31221

DNS - (split)

internal (local split) - stanet.internal

internal (ext split) - straughntrout.com

hosted domain - www.straughntrout.com

I will attach a couple of pictures to help for visual.

Thanks,

Jeff

7 Replies

Reply to Thread

Urs Replied

7/23/2020 at 8:35 AM

Hi Jeff

mail. is an A record, so means you should query MX only for the plain domain straughntrout.com

mail.straughntrout.com will then be the reply.

For the autodiscover stuff I did following:

- create a SRV record for your main mailserver

- check that either autodiscover.xydomain.com does not resolve at all or set the host name in mailserver and have a valid certificate for autodiscover.xydomain.com too

If you have several domains on same mailserver you would need a let's encrypt cert for each name then.

You can generate a let's encrypt cert with max. 100 names in it, so i.e. you can make up to 33 domains with each 3 names like

- xymailserver.com

- autodiscover.xymailserver.ch

- webmail.xymailserver.com

- xzmailserver.com

- autodiscover.xzmailserver.com

- webmail.xzmailserver.com

If you use wacs(https://www.win-acme.com/ ) you can use such command

wacs.exe --target iis --siteid 2 --host-pattern xymailserver.com,xzmailserver.com,autodiscover.*.*,webmail.*.*, --acl-fullcontrol "network service,administrators" --emailaddress tech@mydomain.ch --accepttos

make sure first add host headers in IIS site bindings before running wacs and using correct SiteID

Check https://www.win-acme.com/reference/cli for more parameters

regards Urs

Heimir Eidskrem Replied

7/23/2020 at 9:17 AM

Urs,

Going off topic but following your comment.

33 domains using the setup as mentioned.

I assume we can add another IP to the server and do another 33 the same way as you mentioned.

We are in the transition to a new server with ver 17.

Urs Replied

7/24/2020 at 2:09 AM

Hello Heimir

guess that should be possible and then define those domains to run on additional ip and set all bindings for it.

I did plan another strategy, as the mailserver seems only for its own SSL bindings to need a SSL cert:

- create a neutral mailserver site for all those small domains not requiring a own site url(make sure autodiscover. does not resolve at all for them and only use a SRV record, otherwise you will get invalid certificate warnings)

- create only for the real mailserver names a certificate, so I can have up to 99 additional separate server names

- for autodiscover. and webmail. etc. created additional separate certificates which will be used then for IIS bindings only

But it is allways some try and error with it, as still many things are open to fix in new release.
SM Team seems working really hard on it... currently I am not sure if I will really switch in next weeks to new release.

good luck