School-based Mail Servers

Local Mail Server or Cloud?  (Microsoft Exchange Server or Microsoft Live@Edu?)

There seems to be a debate about whether it is still value for money for schools to use a local mail server such as Microsoft Exchange Server when Hosted Exchange, in the form of Microsoft Live@Edu, is free to schools and offers virtually the same functionality.  There are schools still installing Exchange Server and others who are removing it in favour of Live@Edu. I don’t feel qualified to enter this debate.  The best I can do is to point out that there is a debate and to encourage you to take advice from your ICT Support Provider before making any changes. I can also put you in touch with schools that have made a move from one mail system to the other so that you can check out their reasons for changing and whether they still think they made the right move.

What follows assumes that you have decided to install Exchange Server.

You need to use a mail relaying and SPAM/Virus scanning service

We don’t allow school based Exchange Servers to be open relays.  In the dim and distant past we did allow this and within days a school Exchange Server had been compromised and was distributing Chinese porn around the world. We suggest that you use the RM relay service for a couple of reasons:

  1. I havent found anyone cheaper … RM currently charge £400 per anum per domain.  This includes the charge for scanning all incoming mail for viruses and SPAM.
  2. HCC have separately funded RM (ie it doesn’t come out of your Connectivity Charges)  to manage a VPN between HCC systems, RM themselves and Updata.  The result of this is that SMTP email traffic travels securely between HCC email users and school email users.  This applies to school official (.herts.sch.uk) domains only and of course if school users are accessing their school mail server from off-site that connection will be via Secure HTTP on port 443.

Typical Scenario: A school is transferring accounts on its official domain to accounts on a school hosted Exchange Server

In this scenario your domain will already have the correct MX record and so Updata will not need to make a change to that.  (Strictly speaking this is only the case if you decide to ask RM to continue to relaying your mail.  If RM will not be relaying your mail then you will  need to contact the Service Desk to arrange for your MX record to be edited.)

You will also need to:

  1. Agree with RM the date when your mail will be switched from EasyMail to SMTP mail.
  2. Agree with RM that on that date the incoming mail that they have scanned should henceforth be directed up the VPN link that they manage between their mail servers and Updata.  You will need to tell them the internal (172. ) address of your mail server so that when the mail arrives in the Updata network it can then be routed to your mail server.  (Because of the VPN link RM do not require an external IP address for your mail server.)
  3. Let the Service Desk know if you wish your users to access your Exchange Server when off-site using Outlook Web Access.  You should tell the Service Desk the internal IP address of your Exchange Server and ask for access to that address on port 443.  Also ask for a DNS record so that your users can access using
    https://webmail.<schoolname>.herts.sch.uk

Other scenarios involving the transfer of mail accounts to and from school-based mail servers

There are limitless possible other scenarios … too many to describe here … the best advice is if in doubt contact myself or the Service Desk … preferably at the planning stage of your mail migration project!

Leave a Reply