moondoggie
asked on
Enable relay for authorized clients only
I have tied down my exchange 5.5 (sp4) server to prohibit open relays by doing the following:
In the Exchange IMS Routing properties, checked "Reroute Incoming SMTP mail".
I then added to the "Routing" field ourdomainname.com and <inbound> as the destination.
In IMS Routing Restrictions I have checked "Hosts and Clients that successfully authenticate".
On an Outlook Express client I then created the appropriate smtp and pop3 domain info, and added the user accoutn info for both smtp and pop3 services.
Outlook Express POP3/SMTP clients may now authenticate and retrieve email, and send email, but only to ourdomainname.com (internal) addresses. Messages sent to any external addresses get a 550 Relaying is Prohibited message.
Desired result: I want my corporate clients to be able to connect to their exchange accounts remotely using Outlook or Outlook Express, and be able to deliver messages to any email address, internal or external.
Based on everything I can see, this should be working, but it's not.
Any suggestions would be greatly appreciated.
Thanks,
Ken Moody
In the Exchange IMS Routing properties, checked "Reroute Incoming SMTP mail".
I then added to the "Routing" field ourdomainname.com and <inbound> as the destination.
In IMS Routing Restrictions I have checked "Hosts and Clients that successfully authenticate".
On an Outlook Express client I then created the appropriate smtp and pop3 domain info, and added the user accoutn info for both smtp and pop3 services.
Outlook Express POP3/SMTP clients may now authenticate and retrieve email, and send email, but only to ourdomainname.com (internal) addresses. Messages sent to any external addresses get a 550 Relaying is Prohibited message.
Desired result: I want my corporate clients to be able to connect to their exchange accounts remotely using Outlook or Outlook Express, and be able to deliver messages to any email address, internal or external.
Based on everything I can see, this should be working, but it's not.
Any suggestions would be greatly appreciated.
Thanks,
Ken Moody
ASKER
Thanks, already have that setting configured. I have stopped and started the IMS several times, but still no luck. I agree, this should be working. Very frustrating...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
No. I'll be trying that tonight. I'll post results either way. Thanks.
I'm a little confused. Relaying doesn't have anything to do with your desired result, unless your clients are set up to send mail as something other than username@ourdomainname.com
If you are not wanting their mail to come from your server with a non-natching domain name, in Outlook Express, View the From field and have them enter in username@ourdomainname.com
If you are wanting them to send mail as user@someotherdomain.com, under the Outgoing Mail Server Settings, select Log on using: and under username put in domain\username, and enter int the password for that account.
If you are not wanting their mail to come from your server with a non-natching domain name, in Outlook Express, View the From field and have them enter in username@ourdomainname.com
If you are wanting them to send mail as user@someotherdomain.com, under the Outgoing Mail Server Settings, select Log on using: and under username put in domain\username, and enter int the password for that account.
Relaying has everything to do with it. POP3 clients essentialy relay mail off the server everytime they send a message which is not destined for a local recipient.
True, it's an SMTP connection. But, my understanding of Exchange's SMTP says that with the Routing restrictions set, if the either the Mail From or RCPT To SMTP command coming from Outlook Express ends with a value that is not a valid domain on the server, you'll get the unable to relay message.
No that isn't true. If you authenticate, anything can be in the From ot To fields.
ASKER
Correct jjmck. A client trying to send to a domain name not expressly defined in the IMS Properties Routing section, will have its message returned. Unless of course Exchange is set to route everything (bad), the client authenticates, or their IP is listed as an acceptable IP. And thanks for the common sense solution. Rebooting did the trick. Go figure.
ASKER
Sometimes you just need to try the obvious. ;?) Thanks!!
With Windows, I always say that 99% of your problems can be fixed with a reboot ;)
True, it's an SMTP connection. But, my understanding of Exchange's SMTP says that with the Routing restrictions set, if the either the Mail From or RCPT To SMTP command coming from Outlook Express ends with a value that is not a valid domain on the server, you'll get the unable to relay message.
If that box is checked, I would restart the IMS service and failing that, restart the server. Based on what you have said, you settings are correct in the IMS property page.