Need help with securing email
I work at a hospital. We currently have someemail accounts that are limited from receiving internet email. We did thisby clicking the Accept Messages From: Authenticated Users only check box under the Exchange General tab/Delivery Restrictions button.
They now want to allow these people to receive emails from certain external systems only that we have contracted with. These systems send emails from addresses that spoof our own domain email addresses, but of course, since SMTP is non-authenticated, they aren't being delivered.
We have tried several things, including removing the check box on Authenticated Users only and instead changing it to receive emails only from people in a specific distribution group. However, the first time the list was too large and bogged down the Exchange server. The second time we tried we used a number of smaller query-based dist lists, but that bogged down the domain controllers.
So is there a better way to do this? To allow email in from only certain external IP addresses and block all other incoming emails?
December 7th, 2009 7:44pm
So, no answer?How about if we try clearing the 'From Authenticated Users only' check box on the Exchange General/Deliver Restrictions page (since it appears when you choose the 'Only from:' it disables it anyway) and instead click the 'Only from:' radio button and then place the contact for the address we want to allow in along with the 'Users' domain group, would that work? Is that group indexed or would we be pounding either Exchange or the DCs with all the emails?We have about 2500 mailboxes that would be affected by this. We want to allow them to ONLY receive email from a few designated external addresses AND all authenticated users and the options don't seem to allow for that.Help?
Free Windows Admin Tool Kit Click here and download it now
December 8th, 2009 10:15pm
Hai,Accepted domains are to be configured on the Organization level, on Exchange servers that have the Hub Transport server role installed, or on servers that have the Edge Transport server role installed on them to receive email from other domains. For that please follow the steps for a HUB TRANSPORT SERVEROpen the Exchange Management Console.
Hub Transport server: Expand Organization Configuration, select Hub Transport.Click the Accepted Domains tab.
Right Click and select 'New Accepted Domain'. The New Accepted Domain wizard appears.
Enter the name and address of the new accepted domain (SMTP domain name for which the Exchange organization will accept e-mail messages). You can use a wildcard character to accept messages for a domain and all its sub-domains.
Select one of the following options to set the accepted domain type:
Authoritative Domain, Internal Relay Domain, or External Relay Domain.
Click New and Finish wizard
regards from www.windowsadmin.infoManuPhilip
December 9th, 2009 1:44pm
It appears I did not mention we are Exchange 2003. Any solutions for that?
Free Windows Admin Tool Kit Click here and download it now
January 14th, 2010 6:19pm