Specify per-user SMTP credentials
I've setup Exchange to send mail with a smarthost (gmail), which requires Authentication.This works great if all users on the server are sending through that one gmail account, but that isn't the case. I created a connector for each account, with the same cost, and using * as the access range. I set access rights up in Delivery Restrictions for each connector, and applied to registry fix to enforce checking.I expected that Exchange would select a connection, check it, if it failed, try the other, which would succeed. This isn't the case, I've read there is some caching going on or something. The messages are sent based on a "random" selection of the connector, without rights coming into play.Is there ANY way I can specify different SMTP credentials for each user?I would also be fine with *@dave.domain.com -> user/pass1, *@joe.domain.com -> user/pass2, but I haven't found a way to set this up with a single server.Any advice or direction would be greatly appreciated. Edit:I'm using Exchange 2003 on Windows 2003.
July 13th, 2008 10:15pm
Hi,
Before going on, I would like to clarify something.
In Exchange 2003, the outbound email will be sent based on the closest match which the requirement are the address space, the cost. If the two attributes are the same, it will select the connector with a random selection on the basis of applying with Delivery Restrictions. That signifies if the configuration of the connector reject the user to use it, then will try another connector to send the email until find the appropriate one.
However, from your description, it seems that there was no such mechanism on the connector. Maybe I misunderstood your meaning. You mentioned that I created a connector for each account, did you mean per account exits, per connector will be created? And the goal that you want to each user has own account information to authenticate the smart host by using respective connector. Is it right according to my understanding? Would like to get your confirmation.
Additionally, please also help me understand the following meaning that you said.
I would also be fine with *@dave.domain.com -> user/pass1, *@joe.domain.com -> user/pass2, but I haven't found a way to set this up with a single server, did you mean you would like to configure more than one email address on the internal user?
Thanks
Allen
Free Windows Admin Tool Kit Click here and download it now
July 14th, 2008 1:34pm
Allen Song - MSFT wrote:
Hi,
Before going on, I would like to clarify something.
In Exchange 2003, the outbound email will be sent based on the closest match which the requirement are the address space, the cost. If the two attributes are the same, it will select the connector with a random selection on the basis of applying with Delivery Restrictions. That signifies if the configuration of the connector reject the user to use it, then will try another connector to send the email until find the appropriate one.
From my experience, I have to think that this might not be how it actually happens. Even though I've applied to registry key to enable checking, this just doesn't seem to happen. I had read somewhere that there may be a caching issue and thus the restrictions are not applied.
This is how my connectors are setup.
Connector 1:
Cost 1
Address space: *
Restricted to UserA (Reject everyone by default, Accept UserA)
Outgoing smarthost is smtp.host.com
Outgoing security is configured for UserA to authenticate with smtp.host.com using Basic/TLS.
Connector 2
Cost 1
Address space: *
Restricted to userB (Reject everyone by default, Accept UserB)
Outgoing smarthost is smtp.host.com
Outgoing security is configured for UserB to authenticate with smtp.host.com using Basic/TLS.
I was under the impression that the connector would be selected (at random maybe), and if restricted, would try the other. That does not seem to be the case. All mail just routes through one connector, completely ignoring the restrictions I put in place.
However, from your description, it seems that there was no such mechanism on the connector. Maybe I misunderstood your meaning. You mentioned that I created a connector for each account, did you mean per account exits, per connector will be created? And the goal that you want to each user has own account information to authenticate the smart host by using respective connector. Is it right according to my understanding? Would like to get your confirmation.
I think the above explains that, but yes. My ultimate goal here is to have UserA send mail with smtp.host.com with a set of authentication credentials, and UserB to send mail with smtp.host.com with a different set of authetnication credentials.
Additionally, please also help me understand the following meaning that you said.
I would also be fine with *@dave.domain.com -> user/pass1, *@joe.domain.com -> user/pass2, but I haven't found a way to set this up with a single server, did you mean you would like to configure more than one email address on the internal user?
I didn't mean I /would like/, I just mean that I'm looking for any solution possible, and if that would work, I would be fine with it.I had some trouble trying to specify two different virtual SMTP servers, it seems that Exchange will just choose one at random, and I can't "lock" a domain to a server. (for example, @domain1.com goes through SMTP1, and @domain2.com goes through SMTP2). This is not required, it was just something I am willing to do if it is the only way I can make this work.Thank you so much for replying Allen - I've been working on this all weekend and have been able to find very little information for this specific setup.
July 14th, 2008 6:20pm
Hi,
Thank you for your clearly explanation.
In fact, this is due to the Delivery Restrictions was disabled by default. We need to enable it in order to make it function.
1. Start Registry Editor (Regedt32.exe).
2. Locate and click the following registry key: HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/Resvc/Parameters/
3. On the Edit menu, click Add Value, and then add the following registry value: Value Name: CheckConnectorRestrictions Data Type: REG_DWORD Radix: Hexadecimal Value: 1
4. Quit Registry Editor.
5. Restart the Microsoft Exchange Routing Engine service and the Simple Mail Transfer Protocol (SMTP) services for this change to take effect.
You can also view the below link as the reference.
http://support.microsoft.com/default.aspx?scid=kb;en-us;277872
Thanks
Allen
Free Windows Admin Tool Kit Click here and download it now
July 15th, 2008 10:30am
Allen Song - MSFT wrote:
Hi,
Thank you for your clearly explanation.
In fact, this is due to the Delivery Restrictions was disabled by default. We need to enable it in order to make it function.
1. Start Registry Editor (Regedt32.exe).
2. Locate and click the following registry key: HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/Resvc/Parameters/
3. On the Edit menu, click Add Value, and then add the following registry value: Value Name: CheckConnectorRestrictions Data Type: REG_DWORD Radix: Hexadecimal Value: 1
4. Quit Registry Editor.
5. Restart the Microsoft Exchange Routing Engine service and the Simple Mail Transfer Protocol (SMTP) services for this change to take effect.
You can also view the below link as the reference.
http://support.microsoft.com/default.aspx?scid=kb;en-us;277872
Thanks
AllenSorry Allen -When I said "I set access rights up in Delivery Restrictions for each connector, and applied to registry fix to enforce checking." - that was exactly what I was talking about. I've applied this fix but it doesn't seem to make any difference either way.From what I've read, I'd be seeing warnings in my event log noting that I need to do that. As I said, I've been searching for this, and this is the response that I keep finding, but it just doesn't seem to work the way that it appears to. Exchange still just decides to select one SMTP Connector and stick with it, ignoring the restrictions.* Am I right in that I SHOULD see something in my event log if I set CheckConnectorRestrictions to 0? Because if I do that, and restart Routing/MTA Stacks, I don't ever see any warnings.I don't know if there is something else that needs to be setup, but like I said, the key has been set, but it doesn't make any difference. I don't know how to debug from that point, but what I had read suggested caching--and that Exchange wont' reroute based on restrictions, but fail with an NDR. Any other suggestions? I'm unable to find any documentation or anything related to restrictions that explains the behavior that I'm seeing.
July 15th, 2008 4:26pm
Hi,
If the Exchange is under the Mixed Mode, the Delivery Restrictions may be out of work.
Please check whether the Exchange server is in Mixed Mode. If it is, please change to Native Mode.
Open ESM, right click First Organization, click Properties, click Change Mode.
Then check this issue again.
If the issue persists, please download WinRoute and collect the log, then send it to allensyr2003@hotmail.com
Thanks
Allen
Free Windows Admin Tool Kit Click here and download it now
July 18th, 2008 5:33am
I have Exchange running in Native mode. If I delete one of the connector's, the restrictions start working. It appears to be a chaching issue in the routing service. Is there any way to disable caching, even if it is a preformance hit?
July 19th, 2008 12:48am
Hi,
Based on the current situation, maybe we need to check the relevant information by live meeting.
For the limitation of the forum, I suggest we submit the case to the professional support team (Microsoft newsgroup)
http://www.microsoft.com/communities/newsgroups/default.mspx
Thanks
Allen
Free Windows Admin Tool Kit Click here and download it now
July 24th, 2008 11:51am
I have the same problem.Did you found the solution?
November 21st, 2008 4:12pm
Have the same problem. Seems like default reject is not working on Windows 2003 SMTP Connector. Any fix?
Free Windows Admin Tool Kit Click here and download it now
September 21st, 2011 3:30pm