Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

SMTP Relay

Posted on 2006-11-14
16
Medium Priority
?
1,745 Views
Last Modified: 2008-02-01
Ok, I know this has probably been answered 1000 time here, but humor me as I make sure I understand Exchange 2000 SMTP Relay.

I have and exchange server sitting on my active directory domain,  domain1.com and domain2.com.  My domain is behind a firewall via NAT.

Domain1.com is also my active directory domain name (I know, don't use a real public domain for my active directory, I heard that too late after configuring my network 5 years ago).  Domain2.com is only for mail receive/send.

I have a single Virtual SMTP in exchange receiving for both domains.  My send and reverse DNS are working fine as my Firewall is providing the correct broadcast IP for outbound Mail (matches my inbound IP).

I need all my internal users sending from domain1.com and domain2.com to be able to send mail.

I have a couple users that travel need to be able to send mail from the Web Interface and/or Entourage (uses HTTP connection).

How do I eliminate an open relay on exchange?
0
Comment
Question by:jeffreyscottsmith
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 5
16 Comments
 
LVL 18

Expert Comment

by:amaheshwari
ID: 17938212
0
 

Author Comment

by:jeffreyscottsmith
ID: 17938310
Ok, herein lies my confusion.

1. If I change my relay settings to only the list below and uncheck the "Allow All computers..." box, won't that stop my users from receiving from outside domains?

2. It sounds from this article that I should setup a connector. However, I don't see where in my case a connector provide me anything over the Virtual SMTP.

0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 17939411
Exchange is relay secure by default. If you haven't changed anything then it shouldn't be an open relay. Having multiple domains doesn't make your server an open relay.

I have a test for being an open relay and the most common ways you can turn the server in to an open relay on my web site: http://www.amset.info/exchange/smtp-openrelay.asp

The relay setting you have mentioned has no part to play in receiving email from external servers. Email coming in to your server for a domain that Exchange knows it is responsible for is not relaying.

The only time it would cause a problem is when you are using Outlook Express or other POP3/SMTP clients to send their email through your server. The most secure way of dealing with those is to make them authenticate when they are sending their email. You can secure the authentication process so that it cannot be abused.

Simon.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:jeffreyscottsmith
ID: 17939596
Ok, So let me verfiy (bear with me please).

1. I can check "Only the list below" with the list empty on the relay tab and it shouldn't prevent any in coming email from outside domains from reaching my users?

2. I can uncheck "Allow all computers whick successfully authenticate to relay, regardless of the list above."

3  I have an internal DNS entry for mail both domains (mail.domain1.com and mail.domain2.com) pointing to the internal IP for the Virtual SMTP.

4. The Connections Button on the Access tab  for my Virtual SMTP has "All exept the list below" checked.

5. the Access Control Button has all Anonymous Access, Basic Authentication, and Integrated Windows Authentication all checked.

6. My Deliever Tab has mail.domain1.com as the fully qualified domain name.  I don't have a smart host so that is blank.

7. I don't have perform reverse DNS checked as some of our company email contacts don't have that properly configured.  Am I right to assume that if it is checked, email without a correct reverse DNS will be bounced?

8. My Outbound Security Button the the Deliver Tab only has the "Anonymous Access" checked.  The rest are blank.

Thanks again for your help and patience.

0
 
LVL 104

Expert Comment

by:Sembee
ID: 17939684
With regards to your internal DNS, Exchange doesn't care. You can have entries or not, it will not affect email flow.
The reverse DNS option on the SMTP virtual server is a waste of time. Many people would like it to reject email based on a reverse DNS lookup failure, but it doesn't. All it does is slow things down with no benefit other than an extra line in the SMTP headers about the reverse DNS lookup failing.

Everything else looks fine.

Simon.
0
 

Author Comment

by:jeffreyscottsmith
ID: 17939720
When I make my changes to the Relay Area as indicated above, do I need to restart the entire server or can I simply restart the SMTP service?

If no one is actually using POP3, I assume I can disable that service?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17939815
POP3 isn't enabled by default anyway. If you have changed that behaviour then turn it off.
You don't need to restart the entire server - just SMTP will be fine.

Simon.
0
 

Author Comment

by:jeffreyscottsmith
ID: 17939913
Ok, well I made the changes to the relay tab (only the list below and unchecking relay for authenticated users)

I am getting email to users with the Domain1.com (my domain that is my active directory domain and is listed as my FQDN) as primary domain.

However, I am not getting mail to users with domain2.com as there primary email address.

Any thoughts?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17940589
There could be a host of reasons for that.
Do you get an NDR?

Is the second domain listed in recipient policy?

Simon.
0
 

Author Comment

by:jeffreyscottsmith
ID: 17940752
Ah, thanks.  It was in the recipient policy before.  Not sure why it disappeared.  I will modify and let you know if that corrected the issue.
0
 

Author Comment

by:jeffreyscottsmith
ID: 17940924
I take from what you indicated about that all domains need to be listed in the receipient policy to correctly get recieved.

I am waiting for my DNS to propagate to verity this worked.
0
 

Author Comment

by:jeffreyscottsmith
ID: 17941092
Do I need to competely restart exchange for the policy to be implemented?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17941126
Shouldn't need to.
Exchange will update itself after a little while. As long as the domain is enabled it should work.

Simon.
0
 

Author Comment

by:jeffreyscottsmith
ID: 17941313
Ok, I am resolving, but I am getting and uable to relay 550 5.7.1 error for domain2.com.
0
 

Author Comment

by:jeffreyscottsmith
ID: 17941399
Sorry, let me clarify. Domains trying to sent to domain2.com are getting the unable to Relay 550 5.7.1 error for domain2.com  domain1.com is working fine yet.
0
 

Author Comment

by:jeffreyscottsmith
ID: 17941568
Ok, Exchange SP3 rollup seemed to fix the issue.  Go figure.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question