How to run Microsoft Exchange using a Dynamic IP Address

ExchangeIPFirst of all, let me say that I would not recommend running Microsoft Exchange using a dynamic Internet Protocol (IP) address.  Still, there are some scenarios where this might be desired, whether for the purpose of training (Deploying Exchange using a dynamic IP is actually harder), or as part of initial setup and testing for a new server.

I have successfully set up and run my own Exchange Server for over a year on a dynamic IP, which I also configured to run with RIM’s BlackBerry Enterprise Server.  Because of the number of steps involved, I will not be able to go through every detail and configuration option, though I will outline the key steps that need to be looked into.  Having said that, an administrator with a good understanding of how email and networking works should find this article more than adequate to work with.

Get Dynamic DNS Configured

Just like a static IP isn’t very useful without a domain name, using a dynamic IP to host anything at all necessitates the presence of a dynamic DNS service provider in order for your server to be found.  This could necessitate the installation of a software client to update the service when your IP address changes, or via built-in support found in most firewalls or Internet routers – I personally recommend the latter.  Depending on features and capabilities, your DNS service provider might charge you a small fee, though free seems to be the order of the day nowadays.

Mail Relaying

This is the probably the most tricky yet most important part of the entire setup.  And because MX records can only ever use an A (AAAA for IPv6) entry in the data field, the administrator is left with only two options if forced to host the mail server behind a dynamic IP address.

  • Email forwarding

Hosting plans with email capabilities are a dime a dozen.  Signing up for a standard plan with POP/SMTP capabilities to host your organization’s domain option makes it possible to cut out a large chunk of the technical complexity.  Of course, email addresses will need to be individually configured to forward to the destination (dynamic) domain created in the previous section.  If your domain is testing.myip.com, then your destination email configuration will look like paulmah@testing.myip.com.

  • MX Routing

The more elegant solution by far, this usually entails paying a service provider who will accept emails routed via your domain’s MX entry.  Emails are usually held for a predefined number of days should your mail server or domain prove to be unavailable, and depending on providers, could include perks such as spam blacklisting and filtering services.

Configure appropriate port forwarding

The fact that you are hosting your Exchange Server with a dynamic IP means that it is in all likelihood tucked away behind a firewall or Internet router.  As such, it is critical that the appropriate rules are implemented to forward pertinent network ports to the internal IP address used by your Exchange installation.  Relevant ports in this case would be port 25 (For incoming mails), port 80 (For Exchange ActiveSync and Outlook Web App), and port 443 (For SSL encrypted communications).

Note that Microsoft Outlook will not work from outside the firewall with the above port forwarding enabled.  To access your emails when on-the-go, a proxy pointing towards your dynamic domain will first need to be configured on the email client.

Configuring your Exchange Server to recognize redirected email

Because the new emails are directed at paulmah@testing.myip.com instead of paulmah@your_company.com, administrators will need to alias the testing.myip.com domain with Exchange Server accordingly.  You can read up more on how to configure Exchange to receive emails from other domains here, which goes through the steps for setting up Exchange 2007.  Administrators overseeing Exchange 2000/2003 deployments will also find the relevant links in the above-mentioned guide.

Setting up an outbound relay

Another downside of using a dynamic IP address is how these addresses are likely to have been blacklisted, thanks to the proliferation of botnets that distribute spam via malware infected workstations.  For this reason, it is pretty much mandatory to pay for an outbound relay service to route your emails out via non-blacklisted IP addresses.  I personally relied on MailHop Outbound, which charges a low annual fee for up to 150 outgoing emails per day, and which can be increased by paying a higher fee.

Written by Paul Mah

1 Comment

  1. Richard Parvass · February 16, 2011

    This article really makes the non-issue of dynamic IPs for Exchange servers a horribly complex scenario. Deploying Exchange using a dynamic IP is almost no different from deploying using a static IP.

    The only differences are that the MX record should use the A record that gets updated by the dynamic DNS client software (such as myhost.mydynamicipprovider.com) rather than an A record in your own DNS zone, and you must use an outbound relay, either from a third party or your ISP’s relays, to circumvent the probability that your dynamic address is on a blacklist.

    Job done. None of this reconfiguring Exchange to allow redirected email or having to use a store-and-forward.

    With regard to Outlook Anywhere, as long as your server’s certificate name (such as mail.mydomain.com) is CNAMEd to your myhost.mydynamicipprovider.com, it works exactly the same way with a dynamic IP address. Note that this CNAME is fine because it’s not used in the MX record which must use an A record.

Leave A Reply