Delivery Restrictions in Exchange Server 2003 Enterprise SP2 not working

We are running Exchange 2003 SP2 Enterprise on a Windows 2003 SP1 box (all current updates).  This is the only server in our company and has but a single SMTP connector to our e-mail filtering software which handles all actual sending and receiving of internet e-mail.

Per the suggested article in other posts (http://www.msexchange.org/tutorials/MF009.html) I have configured a mail enabled security group to restrict users from sending over the SMTP connector.  I added the group to the reject portion on the connector, made the necessary registry changes and restarted the services.  Didn't work.  I enabled the connection and sender filtering on the virtual server and restarted the virtual connector, and even rebooted the server to no avail.  I have followed the directions in the article exactly, but the account I am testing with can send freely over the only SMTP connector we have.  I am at a loss.  We need to find a relatively easy and foolproof way to stop users who should not be able to send external e-mail, and this looked like the right solution.

Please help!  
SolomonPCAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SolomonPCAuthor Commented:
Sorry, did see that.  I guess I should have been more specific.  My comment 'made the necessary registry changes and restarted the services' was exactly that issue.  I did the registry change per Q277872, restarted the 2 services as directed and it still does not work.
VahikCommented:
did u restart the server????
CompTIA Security+

Learn the essential functions of CompTIA Security+, which establishes the core knowledge required of any cybersecurity role and leads professionals into intermediate-level cybersecurity jobs.

VahikCommented:
one more thing ....when setting up restriction u must choose "by default  messages from everyone is accepted" and then choose reject messages from" and then add
the users or groups.....the other way around will not work....
SolomonPCAuthor Commented:
The server has been restarted since I made the changes.  I have tried the restrictions settings both ways with default-everyone-accepted and reject and also with default-everyone-rejected and accept, and neither have any impact on the message flow.  Thanks.
VahikCommented:
well then maybe ur messages do not get routed through ur connector....
if u leave everything at default and take a look at the connector through ADSIedit
u will notice that dlMemDefault is set at 1.....
now if u change it to reject from all u will see the dlMemDefault change to 0
now if u leave it at default which is accept from all but reject from certain users
or groups u will see this additional attribute UnAuthOrig with the value of the users
or group that u have added......
Do u see these attributes in the ADSIedit.....do they change when u change the settings in the ESM????
if u think everything is OK and messages do indeed get routed through connector
and still no restrictions are applied then maybe a call to MS is neccessary....
if u ever get this resolved post back so we will know the excat cause(if u like)
PS: in the connnector make sure entire organization is checked.....
take care and good luck...

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SolomonPCAuthor Commented:
Figured it out.  I had not configured my SMTP connector for all address spaces.  So most of the messages were not going through it.  Your comment about making sure the messages were routing through the connector pointed me in the right direction, so the points are yours.  Thanks for your help.
VahikCommented:
SolomonPC,glad to hear u have solved ur problem
take care and good luck.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.