SMTP authenticate to relay question
In Exchange 2003 in Default SMTP Virtual Server, Properties, Access, Relay...if I select "Only the list below" putting in the spam filter IP and deselect "Allow all computers which successfully authenticate to relay, regardless of the list above," will users using Outlook be able to send internet email?
December 16th, 2009 10:14pm
On Wed, 16-Dec-09 19:14:46 GMT, DrewW NFS wrote:>In Exchange 2003 in Default SMTP Virtual Server, Properties, Access, Relay...if I select "Only the list below" putting in the spam filter IP and deselect "Allow all computers which successfully authenticate to relay, regardless of the list above," will users using Outlook be able to send internet email? "Yes" to the Outlook question. But why do you want to retain theability to use authenticated SMTP relays? If you have no SMTP clientsyou don't need that, either.---Rich MatheisenMCSE+I, Exchange MVP---
Rich Matheisen
MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
December 17th, 2009 12:33am
If the Allow all computers which successfully authenticate to relay regardless of the list above check box is not selected on the SMTP virtual server, you may receive NDRs that contain error code 5.7.1
----------Refer to <How to troubleshoot mail relay issues in Exchange Server 2003 and in Exchange 2000 Server>
Relay is the ability to send messages to the domains other than your own, if even the authenticated users cant be allowed to relay, I dont think the users can send internet messages
Recourses:
Setting Relay Restrictions
Users Without Permissions to Relay Messages Can Still Send Messages Through the SMTP Virtual ServerJames Luo TechNet Subscriber Support (http://technet.microsoft.com/en-us/subscriptions/ms788697.aspx) If you have any feedback on our support, please contact tngfb@microsoft.com
December 17th, 2009 10:32am
I am trying to correct a network that is sending spam from an unknown machine. However, it was likely that a hacker had comprised the server and was relaying spam through the server via authentication. Therefore, I wanted to see if turning off authentication for relay would stop the spam. I was doing several things to stop the spam. Anyway, the list of IP's included the IP of the spam filter (inbound), the IP of a copier/scanner that sent scans via email to users' mailboxes, and the IP of the server itself. When I turned off authentication for relay, the users were able to send and receive external (internet) email.I ended up having to turn it back on for a user that has his phone setup for IMAP...gonna try to get him setup on EAS instead.
Free Windows Admin Tool Kit Click here and download it now
December 21st, 2009 6:19am
“However, sometimes relaying is required. For example, if you have Post Office Protocol (POP3) and Internet Message Access Protocol (IMAP4) clients who rely on SMTP for message delivery and have legitimate reasons for sending e-mail messages to external domains. You can work around this issue by creating a second SMTP virtual server that is dedicated to receiving e-mail messages from POP3 and IMAP4 clients”
-------------Refer to <The msExchSmtpRelayForAuth value has been changed from its default of True>
Resources:
Stop Spam From the Inside by Locking Down SMTPJames Luo TechNet Subscriber Support (http://technet.microsoft.com/en-us/subscriptions/ms788697.aspx) If you have any feedback on our support, please contact tngfb@microsoft.com
December 21st, 2009 8:26am
"Yes" to the Outlook question. But why do you want to retain theability to use authenticated SMTP relays? If you have no SMTP clientsyou don't need that, either.---
I didn't say that I needed to retain the ability to use authenticated SMTP relays.
Free Windows Admin Tool Kit Click here and download it now
December 24th, 2009 7:13pm
On Thu, 24-Dec-09 16:13:00 GMT, DrewW NFS wrote:>"Yes" to the Outlook question. But why do you want to retain theability to use authenticated SMTP relays? If you have no SMTP clientsyou don't need that, either.---I didn't say that I needed to retain the ability to use authenticated SMTP relays. You're right, you didn't. You said "DEselect" and I read "select". Mybad.---Rich MatheisenMCSE+I, Exchange MVP---
Rich Matheisen
MCSE+I, Exchange MVP
December 25th, 2009 7:42am
BTW, in case anyone is interested, I found out how this setting affects Exchange Active Sync (EAS)...it doesn't affect either way. The "Allow all computers which successfully authenticate to relay, regardless of the list above" setting is selected (checked) by default. So if you want to have a pretty secure Exchange 2003 config that is very resistant to being used as a rogue relay, deselect (uncheck) the above and force OWA and EAS to use SSL. Internal (LAN) based Outlook clients will work fine, but external (internet) based POP/IMAP clients will not work (however, most people I know don't support those clients on corporate Exchange setups).
Free Windows Admin Tool Kit Click here and download it now
December 30th, 2009 9:54pm