What authentication method(s) should our Exchange 2007 recieve connector advertise?

This is a second question from here:
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_24164872.html

The question was not fully answered so I had to post this question.

I have attached images of my current receive connector for receiving mail on our Exchange 2007 Server. Should I change anything? Is TLS the only one that should be enabled or should I have mutual tls also? Or should I have even more auth methods than that?

Thanks
Auth-Tab.JPG
Network-Tab.JPG
Permission-Groups.JPG
gscoAsked:
Who is Participating?
 
SurajCommented:
i guess you do not have service pack 1 installed on the server. Exchange Server 2007 Service Pack 1 and this will take care of the issue.
check this out :http://support.microsoft.com/kb/940207

lemme know if you have any Questions for me
-x
0
 
Syedm2Commented:
On authentication tab,uncheck 2nd option.
Check 3,4,5,6 option.

On Permission group,Check 2,3,4.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
gscoAuthor Commented:
Still not working. GSSAPI error again now. TLS Handshake Failed also.
0
 
SurajCommented:
tell me the complete error  you are getting ..
0
 
SurajCommented:
do you have HUB + edge or jus the edge server in your org?
0
 
gscoAuthor Commented:
I set the remote ip for the default connector to 192.168.0.0/24 and 192.168.1.0/24 like you said to do(I just hope that is right). Then I created a new receive connector of the "Internet" type. Put the fqdn in and it made that connector fine and I left the properties of that alone so everything is default which looks ok. Then I restarted the transport service, sent a test e-mail from my gmail acct and it went through.

The firewall is sending all smtp traffic from one of our wan lines directly to the Exchange Server after filtering attachments and checking black lists. Then I have the anti-spam agents installed because we only have the one server.

I have avoided SP1 b/c of all the issues I have heard people have had after the installation and this server is for a Financial Services Co and its Tax Season so I didn't want to mess things up during such an inconvenient time. Should I go ahead and install it? Should I still keep my new internet receive connector or should I set everything back the way I had it and then install SP1?

How did you know I didn't have sp1 installed? Just wondering how you do that. I'm guessing some telneting?
0
 
gscoAuthor Commented:
Also here is a error report one of the companies we work with sent me regarding the issues.

Reporting-MTA: dns; hosting.twrochester.com
Arrival-Date: Tue, 24 Feb 2009 18:07:12 -0500

Final-Recipient: RFC822; gschafferjr@gregoryschaffer.com
Action: delayed
Status: 4.7.0
Diagnostic-Code: SMTP; 403 4.7.0 TLS handshake failed.
Last-Attempt-Date: Tue, 24 Feb 2009 22:37:31 -0500
Will-Retry-Until: Sun, 1 Mar 2009 18:07:12 -0500
0
 
SurajCommented:
Sevice pack for 2007 has fixed lot of problems and bugs... now rollup 6 is also available.. so u need them for sure man... the error you got can be solved by sp1.
ha ha ha... no man.. telnet cannot tell that... its Experience ;-)

-x-SaM-
0
 
gscoAuthor Commented:
Thanks, I will install SP1 and see how that works out. How should I configure the receive connector for internet flow? Just like you said in the original post so the only authentication method is TLS with the anonymous permission?
0
 
Syedm2Commented:
does that happen with one domain or all domain?
0
 
Syedm2Commented:
were do u see this error?
0
 
SurajCommented:
on exchange server 2007 TLS Is already configured automatically... you need not do much..
disable the receive connector you got.. create a new one.. with "anonymous access checked"
and thts it.. restart the transport service.. Done !
-x
0
 
gscoAuthor Commented:
Ok so just to be sure All I need for authentication methods for smtp mail flow from the internet is TLS and not anything else? Not Mutual TLS also? Thank You so much. You are the one who's helped me out the most. I wish I could give you a million points.
0
 
gscoAuthor Commented:
Others have mislead me saying I need all these other authentication methods like basic, and exchange..., ect.
0
 
SurajCommented:
Thanks Buddy !! Glad to help you.
0
 
SurajCommented:
Yu cn chk my profile for my emailaddress.just ping me if you hav any questns...
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.