Mail Gateway Integration I: Prerequisites
Roles and Features
Windows Server 2019 | Windows Server 2016 | Windows Server 2012 | |
Server Roles |
|
|
|
Features |
|
|
|
Web Server Role (IIS) Role Services |
|
|
|
Install Roles & Features
- Open PowerShell as an Administrator
- Run the following PowerShell command
Install-WindowsFeature Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Net-Ext,Web-Request-Monitor,Web-Http-Tracing,Web-Filtering,Web-Stat-Compression,Web-Mgmt-Console,NET-Framework-Core,NET-Non-HTTP-Activ,NET-HTTP-Activation
Firewall Rules
Traffic source (from) | Destination (to) | Port Protocol |
---|---|---|
Incoming | ||
Devices (Internet) | Mail Gateway | 443/tcp |
Devices (e.g Wi-Fi) | Mail Gateway | 443/tcp |
Outgoing | ||
Mail Gateway | Online Certificate Status Protocol Endpoint | 80/tcp or 443/tcp |
Mail Gateway | Certificate Revocation List | 80/tcp 443/tcp |
DNS
As Devices requires devices to connect via DNS, appropriate DNS entries must be setup for the Mail Gateway. This DNS entry should target your Mail Gateway and will be used later in the Exchange ActiveSync configuration as your Exchange ActiveSync server address. Within the following guides, the target name is set to smg.imagoverum.com.
SSL Certificate
A SSL certificate is required for the incoming email client traffic from the internet, e.g. for smg.imagoverum.com. The target devices must communicate over HTTPS and trust the server to ensure the data in transit is encrypted. Therefore, the SSL certificate presented on the Mail Gateway for the device access must be from a certification authority that is trusted by the devices. It’s recommended that you purchase a Subject Alternate Name (SAN) or Wildcard certificate, e.g. *.imagoverum.com for this purpose. This will ensure that devices will trust the server no matter what endpoint they connect to.