Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

What authentication method(s) should our Exchange 2007 recieve connector advertise?

Posted on 2009-02-24
17
Medium Priority
?
579 Views
Last Modified: 2012-05-06
This is a second question from here:
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_24164872.html

The question was not fully answered so I had to post this question.

I have attached images of my current receive connector for receiving mail on our Exchange 2007 Server. Should I change anything? Is TLS the only one that should be enabled or should I have mutual tls also? Or should I have even more auth methods than that?

Thanks
Auth-Tab.JPG
Network-Tab.JPG
Permission-Groups.JPG
0
Comment
Question by:gsco
  • 7
  • 6
  • 4
17 Comments
 
LVL 6

Expert Comment

by:Syedm2
ID: 23722120
On authentication tab,uncheck 2nd option.
Check 3,4,5,6 option.

On Permission group,Check 2,3,4.
0
 

Author Comment

by:gsco
ID: 23756515
Still not working. GSSAPI error again now. TLS Handshake Failed also.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 17

Expert Comment

by:Suraj
ID: 23757122
tell me the complete error  you are getting ..
0
 
LVL 17

Expert Comment

by:Suraj
ID: 23757147
do you have HUB + edge or jus the edge server in your org?
0
 
LVL 17

Accepted Solution

by:
Suraj earned 2000 total points
ID: 23757176
i guess you do not have service pack 1 installed on the server. Exchange Server 2007 Service Pack 1 and this will take care of the issue.
check this out :http://support.microsoft.com/kb/940207

lemme know if you have any Questions for me
-x
0
 

Author Comment

by:gsco
ID: 23757463
I set the remote ip for the default connector to 192.168.0.0/24 and 192.168.1.0/24 like you said to do(I just hope that is right). Then I created a new receive connector of the "Internet" type. Put the fqdn in and it made that connector fine and I left the properties of that alone so everything is default which looks ok. Then I restarted the transport service, sent a test e-mail from my gmail acct and it went through.

The firewall is sending all smtp traffic from one of our wan lines directly to the Exchange Server after filtering attachments and checking black lists. Then I have the anti-spam agents installed because we only have the one server.

I have avoided SP1 b/c of all the issues I have heard people have had after the installation and this server is for a Financial Services Co and its Tax Season so I didn't want to mess things up during such an inconvenient time. Should I go ahead and install it? Should I still keep my new internet receive connector or should I set everything back the way I had it and then install SP1?

How did you know I didn't have sp1 installed? Just wondering how you do that. I'm guessing some telneting?
0
 

Author Comment

by:gsco
ID: 23757550
Also here is a error report one of the companies we work with sent me regarding the issues.

Reporting-MTA: dns; hosting.twrochester.com
Arrival-Date: Tue, 24 Feb 2009 18:07:12 -0500

Final-Recipient: RFC822; gschafferjr@gregoryschaffer.com
Action: delayed
Status: 4.7.0
Diagnostic-Code: SMTP; 403 4.7.0 TLS handshake failed.
Last-Attempt-Date: Tue, 24 Feb 2009 22:37:31 -0500
Will-Retry-Until: Sun, 1 Mar 2009 18:07:12 -0500
0
 
LVL 17

Expert Comment

by:Suraj
ID: 23758471
Sevice pack for 2007 has fixed lot of problems and bugs... now rollup 6 is also available.. so u need them for sure man... the error you got can be solved by sp1.
ha ha ha... no man.. telnet cannot tell that... its Experience ;-)

-x-SaM-
0
 

Author Comment

by:gsco
ID: 23758702
Thanks, I will install SP1 and see how that works out. How should I configure the receive connector for internet flow? Just like you said in the original post so the only authentication method is TLS with the anonymous permission?
0
 
LVL 6

Expert Comment

by:Syedm2
ID: 23758764
does that happen with one domain or all domain?
0
 
LVL 6

Expert Comment

by:Syedm2
ID: 23758769
were do u see this error?
0
 
LVL 17

Expert Comment

by:Suraj
ID: 23760599
on exchange server 2007 TLS Is already configured automatically... you need not do much..
disable the receive connector you got.. create a new one.. with "anonymous access checked"
and thts it.. restart the transport service.. Done !
-x
0
 

Author Comment

by:gsco
ID: 23761628
Ok so just to be sure All I need for authentication methods for smtp mail flow from the internet is TLS and not anything else? Not Mutual TLS also? Thank You so much. You are the one who's helped me out the most. I wish I could give you a million points.
0
 

Author Comment

by:gsco
ID: 23761634
Others have mislead me saying I need all these other authentication methods like basic, and exchange..., ect.
0
 
LVL 17

Expert Comment

by:Suraj
ID: 23764483
Thanks Buddy !! Glad to help you.
0
 
LVL 17

Expert Comment

by:Suraj
ID: 23764495
Yu cn chk my profile for my emailaddress.just ping me if you hav any questns...
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to effectively resolve the number one email related issue received by helpdesks.
There are literally thousands of Exchange recovery applications out there. So how do you end up picking one that’s ideal for your business & purpose? By carefully scouting the product’s features, the benefits it offers you, & reading ample reviews f…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question