Solved

SMTP Restrictions in SBS 2003

Posted on 2006-06-13
11
496 Views
Last Modified: 2008-02-07
I have an SBS 2003 Standard edition server.  We have a scenario where office users will be using exchange to send and recieve email (via outlook 2003).  By default,  the SBS SMTP connector is the only connecter used at present to send mail.  Also,  we have 10 shops that pop3 into the server for mail.  What i want to do is for the shops give them the address of the server to use as their smtp server, but lock it down so they can only send to the business domain ie. mydomain.com.  I still want all office users to be able to send to who ever they want to.  How do i do this the most effective way?
0
Comment
Question by:msha094
  • 4
  • 4
  • 3
11 Comments
 
LVL 8

Expert Comment

by:dhoustonie
ID: 16899142
Why not use rpc over http for your remote shops? Leaves the mail on your server for backup purposes, Outlook is configured to use cached mode, so minimal bandwidth usage.

Relaying can be setup, but would be less secure then using Outlook 2003.
Just to note, you have a license to use Outlook 2003 for every CAL that you have, so either every machine that authenticates to the server or user that authenticate is entitled to use Outlook 2003.

Is there a particular reason not to use RPC over Http? I just want to eliminate this before telling you how to open up your server to possible open relay problems if the server ever got compromised.

David
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16900921
I would agree... providing POP3 service can cause both resource and security issues.  The only reason that they wouldn't be able to use RPC over HTTP is if they don't have Outlook 2003.  But they could use Outlook Web Access instead.

The CAL issue is something to consider though... Essentially if you are only providing an Exchange Mailbox for someone and they access mail via POP3 or RPC over HTTP they are authenticating against Active Directory and require a CAL.  However, if you create that same mailbox and FORWARD the messages out to a 3rd party mail server, then you don't need a CAL...

So... that would suggest my OTHER solution to this situation... use GMail.  

You can actually forward through GMail to your users who can use POP3 to retreive the messages from GMail.  You can also create ANY "From" name and "Reply to" setting with Gmail, so you can essentially have Gmail be transparent (it'll show in the headers only).  If messages are left on the GMail server, then this also handles the archiving issue.

Jeff
TechSoEasy

0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16900996
In rereading your question... do you want to ONLY allow users to send messages from the remote locations to your main office?  If so, then definitely use Outlook Web Access... it's much easier to deploy/use.  To restrict the users from sending mail outside the network, you would have to create separate routing groups and then create a second SMTP Connector which can get pretty complicated... so I would think you could also handle it by creating an Exchange Rule in Outlook that would delete any messages sent outside your domain, and then removing access to the Rules interface from the particular user via group policy.

Jeff
TechSoEasy
0
 

Author Comment

by:msha094
ID: 16901988
Yep, we just want shops to be able to send email to the head office.

There is no reason why i cant use RPC over HTTP, ive set it up before and it works well.  The only thing is the purchasing of an extra 12 CAL's which can be pricey.  So if i was to use RCP over HTTP, i would need to get extra CAL's, or use OWA and not need to buy any more CAL's?

Can someone run me through creating the routing groups and second SMTP connector, as this would be the first time i would have needed to do this.

Thanks!
0
 
LVL 8

Accepted Solution

by:
dhoustonie earned 250 total points
ID: 16902506
Actually no, using OWA requires CALs, the option Jeff mentioned was to Forward mail to an external email address, and the reason this is not the same is that to use OWA you have to supply Login credentials that authenticate against Active Directory. By forwarding email, you create a mail enabled contact and have their email forwrded to an external address, they do not have to  login or authenticate to your server to access this.

To create routing groups and restricting out going email :

http://www.msexchange.org/tutorials/MF009.html

Hope this helps,

David
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16903183
If you're going to go the route of creating an additional SMTP connector, here's a good how-to for that:  http://www.amset.info/exchange/smtp-connector.asp

Your restricted connector needs to have a "lower cost" than the Default connector, so that it doesn't interfere.

I think my GMail idea is pretty nifty though... even though it really doesn't fit here.  Although if this is just for internal messaging, you MAY want to consider using www.officelive.com's mail service (which is essentially a remake of hotmail) or even www.groove.net's messaging service.  Both of these fully integrate with SBS and Office.

OfficeLive will even give you a domain name that can be used for your external users.

Jeff
TechSoEasy

0
 

Author Comment

by:msha094
ID: 17029330
Those sites you gave me tell me how to create a connector which i already know how to do, but how do i assign a connector to one group only with another connector for the rest?  Also to restrict a group of users recieving outside mail i.e no internet mail only internal mail, do i just create a mail enabled group and tick recieve from authenticated users only?  For some reason the groups that i create dont work, but it works for single users.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17029445
Creating a separate routing group is a very complicated process.  (http://www.microsoft.com/technet/prodtechnol/exchange/guides/E2k3TransnRouting/b7c25326-3fd2-4049-bf3d-dc0e4976a373.mspx)

I would highly suggest that you take a look at Microsoft Office Groove which will provide you exactly what you are looking for with regards to messaging and other interfacing with your network resources.  You can download the betas and see how it works for you:  http://www.microsoft.com/office/preview/programs/groove/highlights.mspx

Jeff
TechSoEasy
0
 
LVL 8

Expert Comment

by:dhoustonie
ID: 17029850
Did you add the registry key at the beginning of the document?
Did you work through the adsi edit part?

David
0
 

Author Comment

by:msha094
ID: 17033428
Yeah i added the reg key but haven't restarted yet - does this matter?
0
 
LVL 8

Expert Comment

by:dhoustonie
ID: 17033665
When it comes to the registry, most of the time a restart kick starts it no matter what the documents say, so if you can do restart it.

David
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

A lot of problems and solutions are available on the net for the error message "Source server does not meet minimum requirements for migration" while performing a migration from Small Business Server 2003 to SBS 2008. This error pops up just before …
I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now