Enable relay for authorized clients only

moondoggie
moondoggie used Ask the Experts™
on
I have tied down my exchange 5.5 (sp4) server to prohibit open relays by doing the following:

In the Exchange IMS Routing properties, checked "Reroute Incoming SMTP mail".

I then added to the "Routing" field ourdomainname.com and <inbound> as the destination.

In IMS Routing Restrictions I have checked "Hosts and Clients that successfully authenticate".

On an Outlook Express client I then created the appropriate smtp and pop3 domain info, and added the user accoutn info for both smtp and pop3 services.

Outlook Express POP3/SMTP clients may now authenticate and retrieve email, and send email, but only to ourdomainname.com (internal) addresses.  Messages sent to any external addresses get a 550 Relaying is Prohibited message.  

Desired result:  I want my corporate clients to be able to connect to their exchange accounts remotely using Outlook or Outlook Express, and be able to deliver messages to any email address, internal or external.  

Based on everything I can see, this should be working, but it's not.

Any suggestions would be greatly appreciated.

Thanks,

Ken Moody




Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
In Outlook Express, go to Tools->Accounts and click on the Mail tab. Highlight your mail account and click Properties. On the Servers tab, make sure the checkbox beside "My server requires authentication" is checked under the Outgoing mail server heading.

If that box is checked, I would restart the IMS service and failing that, restart the server. Based on what you have said, you settings are correct in the IMS property page.

Author

Commented:
Thanks, already have that setting configured.  I have stopped and started the IMS several times, but still no luck.  I agree, this should be working.  Very frustrating...

Have you rebooted the server? I have seen instances where these setting don't take effect until a reboot.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
No. I'll be trying that tonight.  I'll post results either way.  Thanks.

Commented:
I'm a little confused.  Relaying doesn't have anything to do with your desired result, unless your clients are set up to send mail as something other than username@ourdomainname.com.

If you are not wanting their mail to come from your server with a non-natching domain name, in Outlook Express, View the From field and have them enter in username@ourdomainname.com.  Then send the message.

If you are wanting them to send mail as user@someotherdomain.com, under the Outgoing Mail Server Settings, select Log on using: and under username put in domain\username, and enter int the password for that account.
Relaying has everything to do with it. POP3 clients essentialy relay mail off the server everytime they send a message which is not destined for a local recipient.

Commented:
True, it's an SMTP connection.  But, my understanding of Exchange's SMTP says that with the Routing restrictions set, if the either the Mail From or RCPT To SMTP command coming from Outlook Express ends with a value that is not a valid domain on the server, you'll get the unable to relay message.
No that isn't true. If you authenticate, anything can be in the From ot To fields.

Author

Commented:
Correct jjmck.  A client trying to send to a domain name not expressly defined in the IMS Properties Routing section, will have its message returned.  Unless of course Exchange is set to route everything (bad), the client authenticates, or their IP is listed as an acceptable IP.  And thanks for the common sense solution.  Rebooting did the trick.  Go figure.

Author

Commented:
Sometimes you just need to try the obvious.  ;?)  Thanks!!

With Windows, I always say that 99% of your problems can be fixed with a reboot ;)

Commented:
True, it's an SMTP connection.  But, my understanding of Exchange's SMTP says that with the Routing restrictions set, if the either the Mail From or RCPT To SMTP command coming from Outlook Express ends with a value that is not a valid domain on the server, you'll get the unable to relay message.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial