Hello, If I want to allow local users to use pc's out on the internet and use my Exchange server as an smtp server and enable authentication. Should I create a connector open to all ip address with Anonymous ticked and with Transport Layer Security ( TLS ) ticket, is that good and safe enough?

On Wed, 1 Dec 2010 19:46:56 +0000, acmsoft wrote: >If I want to allow local users to use pc's out on the internet and use my Exchange server as an smtp server and enable authentication. Should I create a connector open to all ip address with Anonymous ticked and with Transport Layer Security ( TLS ) ticket, is that good and safe enough? That depends on what you're really asking. Are they sending e-mail only to addresses in your e-mail system, or are they expecting to be able to send e-mail to any domain? If you're running Exchange 2007 or 2010 you can use the client receive connector and port 587. Leave port 25 for server-to-server message transfer. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

This would be helpful http://msexchangeteam.com/archive/2006/12/28/432013.aspx

>That depends on what you're really asking. Are they sending e-mail only to addresses in your e-mail system, or are they expecting to be able to send e-mail to any domain? From the Exchange 2010 perspective what is the difference when an e-mail is received from an external source and destinated for a recipient inside the organisation and an e-mail received from an external source to be delivered to an external e-mail address. Do both cases have to do with the receive connectors configuration ? What is the difference between a client (located somewhere on the internet ) using my Exchange as his smtp server address to send e-mails to external addresses vs Mail Servers sending e-mails destinated for my Exchange server, are not they both received at port 25 and taken care of by the receive connector ? Thanks in advance

What is the difference between a client (located somewhere on the internet ) using my Exchange as his smtp server address to send e-mails to external addresses... When a client is using your exchange server obvioulsy it authenticates and has a mailbox on your exchange server.. it connects and sends the mail through your -- receive connector -> exchange connector-> send connector and message is saved. Mail Servers sending e-mails destinated for my Exchange server .. When the mail servers send the mail to your exchange server at port 25 , the server provides informationn and confirmation of which server it is and then your mail server wverifies and accepts the message for the users located in your org. \ if it accepts for all usewrs then it is open relay .. if it redirects to other domain then it relay. not they both received at port 25 and taken care of by the receive connector ? Smtp on port 25 is the way mail ios transferred on the internet... If you want you can change the port to someone with whom you can share the mail at the same port. But port 25 is universally open

therefore how many receive connectors should I set 1 for internal outlook connections 1 to receive e-mails from the internet to the company mailboxes and I should do another one for smtp incoming connections which will use my server to send mails from

can someone also please explain why although I have removed all options under authentication and permission on the client receive connector I am still managing to connect to the same receive connector by telnet to port 587 from the command ?

which option on the receive connector dictates if a sender can relay messages because it gets confusing for example even if there is anonymous users ticked it does not mean that the same connector can relay how do I set a particular connector to relay message and another one not ?

On Thu, 2 Dec 2010 05:51:42 +0000, acmsoft wrote: >>That depends on what you're really asking. Are they sending e-mail only to addresses in your e-mail system, or are they expecting to be able to send e-mail to any domain? >From the Exchange 2010 perspective what is the difference when an e-mail is received from an external source and destinated for a recipient inside the organisation and an e-mail received from an external source to be delivered to an external e-mail address. The first case does not require your server to send the e-mail to another e-mail system. The second case does. This really isn't something that specific to Exchange, though. >Do both cases have to do with the receive connectors configuration ? Yes. And the set of domains in your accepted domains list. >What is the difference between a client (located somewhere on the internet ) using my Exchange as his smtp server address to send e-mails to external addresses If you permit this sort of access to anonymous connections you'll quickly find your server's IP address in many DNSBLs. >vs Mail Servers sending e-mails destinated for my Exchange server, You're not sending the e-mail on behalf of some other organization, you're only accepting e-mail for delivery to mailboxes under your control. >are not they both received at port 25 and taken care of by the receive connector ? Port 25 can be used in both cases. However, the anonymous server-to-server connections on port 25 can safely be limited to only accepting e-mail sent to domains in your accepted domains list. Port 587 (the client submission port) can be restricted and controlled. E.g. requiring authentication and disallowing anonymous connections, and only allowing TLS connections. Once you trust the sender you can allow them to use your server as a relay. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

On Thu, 2 Dec 2010 19:14:01 +0000, acmsoft wrote: >therefore how many receive connectors should I set That depends on what how you want your server to be used. >1 for internal outlook connections No, this isn't necessary. Outlook, on your LAN, is going to use RPC to connect to your Client Access Server. Outlook, from the Internet, can use Outlook Anywhere (encapsulating RPC in HTTPS) to connect to yout CAS. The "Client" receive connector is there to accept authenticated connections from clients that aren't using RPC or RPC-over-HTTPS (i.e. not Outlook), and it uses port 587 (the client submission port) instead of port 25. >1 to receive e-mails from the internet to the company mailboxes Yes. >and I should do another one for smtp incoming connections which will use my server to send mails from From client software, not from other servers. But this is the purpose of the "Client" receive connector. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

On Thu, 2 Dec 2010 19:24:36 +0000, acmsoft wrote: >can someone also please explain why although I have removed all options under authentication and permission on the client receive connector I am still managing to connect to the same receive connector by telnet to port 587 from the command ? By removing everything from the Authentication tab you're saying that no form of authentication will be accepted. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

On Thu, 2 Dec 2010 20:41:09 +0000, acmsoft wrote: >which option on the receive connector dictates if a sender can relay messages because it gets confusing Authenticated users can use your receive connector as a SMTP relay. >for example even if there is anonymous users ticked it does not mean that the same connector can relay > >how do I set a particular connector to relay message and another one not ? Please read this: http://technet.microsoft.com/en-us/library/aa996395.aspx --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

ok so since Outlook and Outlook anywhere will use RPC to connect to Exchange and do not need a receive connector, what kind of clients will user the client connector, will they be clients like Thunderbird and if yes why they do not use port 25 instead of 587 ( is it not 25 the default for every client )

On Fri, 3 Dec 2010 20:54:57 +0000, acmsoft wrote: >ok so since Outlook and Outlook anywhere will use RPC to connect to Exchange and do not need a receive connector, what kind of clients will user the client connector, will they be clients like Thunderbird Yes. >and if yes why they do not use port 25 instead of 587 ( is it not 25 the default for every client ) The use of port 25 certainly is more common. But common usage isn't always correct usage. http://www.ietf.org/rfc/rfc2476.txt --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Thank You Rich, you are very helpful