Solved

Whats should the default receive connector relay settings be?

Posted on 2011-02-21
7
904 Views
Last Modified: 2012-05-11
HI,

I have a seperate Edge server from the HUB/CAS server.  I am trying to make sure I have the correct relay settings for both these servers.

Here is what I have for HUB

Client:
network: Port 587; 0.0.0.0-255-255-255-255 ;  TLS, basic, Exchange Server, Integrated Windows authentication, permission group is Exchange users

Default:
network: Port 25; 0.0.0.0-255-255-255-255 ;  TLS, basic, Exchange Server, Integrated Windows authentication, permission group is Exchange users, Anonymous, Exchange servers, legacy Exchange servers.

Internal Relay:
network: Port 25; 192.168.0.0/16 ;  TLS, Externally secured, permission group is Exchange servers.

Edge Server:
network: Port 25; 0.0.0.0-255-255-255-255 ;  TLS, basic, Exchange Server;  permission group is Exchange users, Anonymous, Exchange servers, Partners

Thanks
0
Comment
Question by:dross333
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 5

Expert Comment

by:mooodiecr
ID: 34944852
Check out:
http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/managing-receive-connectors-part1.html

If you have an edge transport server then you would want to limit the receive connector to the internal address of the edge server.  That will eliminate the ability for any other internal programs/software using the exchange server as a transport unless connected by Outlook.  Just a tip, the connectors work as closest to the actual IP first.

Meaning, that if you have 2 rules ... 192.168.1.0/24, Anonymous  & second rule 192.168.1.2/32, Exchange servers ... the second rule will apply to the address of 192.168.1.2 not the first rule.  That caught me a couple times when I first setup 2007 and had several IPs that needed to relay off of it.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34945405
Do you need anything to relay? Once the Edge is subscribed to the AD site via HT it will authenticate and communicate with it.

By default anything that can authenticate is allowed to relay
0
 

Author Comment

by:dross333
ID: 34945439
MegaNuk3:
I have one remote site and a few local servers that are running scripts that need to relay.  So based on what you are saying, do I remove all the 0.0.0.0 - 255.255.255.255 entries I indicated above,  and just add the 192.168.0.0/16 and the ip of the remote site.

mooodiecr: Thanks for that info.  I did not know about the rules taking priority.
0
MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

 
LVL 31

Accepted Solution

by:
MegaNuk3 earned 500 total points
ID: 34945529
I wouldn't allow whole subnets to relay, just the individual IP addreses of servers that can't authenticate. Have a look at this article:
 http://exchangepedia.com/2007/01/exchange-server-2007-how-to-allow-relaying.html
0
 

Author Comment

by:dross333
ID: 34945613
OK,
Sorry for being basic, but let me summarize and let me know if I have this corrrect.

Client:
network: Port 587; "IP of edge server(s)";  TLS, basic, Exchange Server, Integrated Windows authentication, permission group is Exchange users

Default:
network: Port 25; "ip of edge server(s) ;  TLS, basic, Exchange Server, Integrated Windows authentication, permission group is Exchange users, Anonymous, Exchange servers, legacy Exchange servers.

Internal Relay:
network: Port 25; "specific IP's of servers needing relay" ;  TLS, Externally secured, permission group is Exchange servers.

Edge Server: (No Change)
network: Port 25; 0.0.0.0-255-255-255-255 ;  TLS, basic, Exchange Server;  permission group is Exchange users, Anonymous, Exchange servers, Partners
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34951345
The internal relay one looks good.

Have you created/modified the edge one?
0
 

Author Closing Comment

by:dross333
ID: 34981267
Thanks
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
EXCHANGE 3 27
exchange, squid, proxy, linux 6 43
RPC Proxy can't be pinged 4 32
Exchange 2016 CU5 HealthMailboxes growing and Your mailbox is almost full. 3 34
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question