gsco
asked on
What authentication method(s) should our Exchange 2007 recieve connector advertise?
This is a second question from here:
https://www.experts-exchange.com/questions/24164872/How-do-I-configure-Exchange-2007-Recieve-Connector-for-GSSAPI-Authentication.html
The question was not fully answered so I had to post this question.
I have attached images of my current receive connector for receiving mail on our Exchange 2007 Server. Should I change anything? Is TLS the only one that should be enabled or should I have mutual tls also? Or should I have even more auth methods than that?
Thanks
Auth-Tab.JPG
Network-Tab.JPG
Permission-Groups.JPG
https://www.experts-exchange.com/questions/24164872/How-do-I-configure-Exchange-2007-Recieve-Connector-for-GSSAPI-Authentication.html
The question was not fully answered so I had to post this question.
I have attached images of my current receive connector for receiving mail on our Exchange 2007 Server. Should I change anything? Is TLS the only one that should be enabled or should I have mutual tls also? Or should I have even more auth methods than that?
Thanks
Auth-Tab.JPG
Network-Tab.JPG
Permission-Groups.JPG
ASKER
Still not working. GSSAPI error again now. TLS Handshake Failed also.
tell me the complete error you are getting ..
do you have HUB + edge or jus the edge server in your org?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I set the remote ip for the default connector to 192.168.0.0/24 and 192.168.1.0/24 like you said to do(I just hope that is right). Then I created a new receive connector of the "Internet" type. Put the fqdn in and it made that connector fine and I left the properties of that alone so everything is default which looks ok. Then I restarted the transport service, sent a test e-mail from my gmail acct and it went through.
The firewall is sending all smtp traffic from one of our wan lines directly to the Exchange Server after filtering attachments and checking black lists. Then I have the anti-spam agents installed because we only have the one server.
I have avoided SP1 b/c of all the issues I have heard people have had after the installation and this server is for a Financial Services Co and its Tax Season so I didn't want to mess things up during such an inconvenient time. Should I go ahead and install it? Should I still keep my new internet receive connector or should I set everything back the way I had it and then install SP1?
How did you know I didn't have sp1 installed? Just wondering how you do that. I'm guessing some telneting?
The firewall is sending all smtp traffic from one of our wan lines directly to the Exchange Server after filtering attachments and checking black lists. Then I have the anti-spam agents installed because we only have the one server.
I have avoided SP1 b/c of all the issues I have heard people have had after the installation and this server is for a Financial Services Co and its Tax Season so I didn't want to mess things up during such an inconvenient time. Should I go ahead and install it? Should I still keep my new internet receive connector or should I set everything back the way I had it and then install SP1?
How did you know I didn't have sp1 installed? Just wondering how you do that. I'm guessing some telneting?
ASKER
Also here is a error report one of the companies we work with sent me regarding the issues.
Reporting-MTA: dns; hosting.twrochester.com
Arrival-Date: Tue, 24 Feb 2009 18:07:12 -0500
Final-Recipient: RFC822; gschafferjr@gregoryschaffe
Action: delayed
Status: 4.7.0
Diagnostic-Code: SMTP; 403 4.7.0 TLS handshake failed.
Last-Attempt-Date: Tue, 24 Feb 2009 22:37:31 -0500
Will-Retry-Until: Sun, 1 Mar 2009 18:07:12 -0500
Reporting-MTA: dns; hosting.twrochester.com
Arrival-Date: Tue, 24 Feb 2009 18:07:12 -0500
Final-Recipient: RFC822; gschafferjr@gregoryschaffe
Action: delayed
Status: 4.7.0
Diagnostic-Code: SMTP; 403 4.7.0 TLS handshake failed.
Last-Attempt-Date: Tue, 24 Feb 2009 22:37:31 -0500
Will-Retry-Until: Sun, 1 Mar 2009 18:07:12 -0500
Sevice pack for 2007 has fixed lot of problems and bugs... now rollup 6 is also available.. so u need them for sure man... the error you got can be solved by sp1.
ha ha ha... no man.. telnet cannot tell that... its Experience ;-)
-x-SaM-
ha ha ha... no man.. telnet cannot tell that... its Experience ;-)
-x-SaM-
ASKER
Thanks, I will install SP1 and see how that works out. How should I configure the receive connector for internet flow? Just like you said in the original post so the only authentication method is TLS with the anonymous permission?
does that happen with one domain or all domain?
were do u see this error?
on exchange server 2007 TLS Is already configured automatically... you need not do much..
disable the receive connector you got.. create a new one.. with "anonymous access checked"
and thts it.. restart the transport service.. Done !
-x
disable the receive connector you got.. create a new one.. with "anonymous access checked"
and thts it.. restart the transport service.. Done !
-x
ASKER
Ok so just to be sure All I need for authentication methods for smtp mail flow from the internet is TLS and not anything else? Not Mutual TLS also? Thank You so much. You are the one who's helped me out the most. I wish I could give you a million points.
ASKER
Others have mislead me saying I need all these other authentication methods like basic, and exchange..., ect.
Thanks Buddy !! Glad to help you.
Yu cn chk my profile for my emailaddress.just ping me if you hav any questns...
Check 3,4,5,6 option.
On Permission group,Check 2,3,4.