exchange 2003, added new domain to existing ones, unable to relay for...
Posted on 2006-04-12
running ex2k3, packed out, everything was working fine. we receive email for domain1.com, domain2.com and domain3.com. these work fine, have been working fine for years... even before the upgrade to exchange 2003...
now, we have the requirement to add 2 more domains to the mix. call them domain4.com and domain5.com.
i've set settings the same as the other domains as far as i can remember... but when sending mail to the 'new' domains, we always get "unable to relay for: firstname.lastname@example.org"... same for domain5.com.
the mx and a records for all of these domains resolve to the same internet ip address, with different hostnames (server.domain1.com, server.domain2.com, server.domain3.com, etc...)
the recipient addresses do actually exist and are assigned to individual users in active directory.
in exchange system manager, in the smtp1 connector all of the domains are listed, with variuos priorities. also, * is listed, and the checkmark at the bottom is not checked (allow relaying to these domains). as this, everything works fine for domain1,2,3... and we're not an open relay.
if i put a checkmark there, they get their mail just fine... but leaving the * there, i assume makes us an open relay. so i removed the *. we can still send email as a company, to wherever... and everyone seems to get their mail ok now.
in the course of troubleshooting, i get many errors about metabase update not being able to find the specified path, like 1 error per minute, for a long time. i have a potential fix for that, will try later tonight. i assume that exchange just isnt talking with active directory as well as it can be, and one of them doesnt understand that domain4 and domain5 are ours.
and now, the question:
by having the * gone, and a checkmark there for relay to these domains, does this make us less secure, create a less secure environment, or have a better way of happening?
thoughts would be appreciated.