dross333
asked on
Whats should the default receive connector relay settings be?
HI,
I have a seperate Edge server from the HUB/CAS server. I am trying to make sure I have the correct relay settings for both these servers.
Here is what I have for HUB
Client:
network: Port 587; 0.0.0.0-255-255-255-255 ; TLS, basic, Exchange Server, Integrated Windows authentication, permission group is Exchange users
Default:
network: Port 25; 0.0.0.0-255-255-255-255 ; TLS, basic, Exchange Server, Integrated Windows authentication, permission group is Exchange users, Anonymous, Exchange servers, legacy Exchange servers.
Internal Relay:
network: Port 25; 192.168.0.0/16 ; TLS, Externally secured, permission group is Exchange servers.
Edge Server:
network: Port 25; 0.0.0.0-255-255-255-255 ; TLS, basic, Exchange Server; permission group is Exchange users, Anonymous, Exchange servers, Partners
Thanks
I have a seperate Edge server from the HUB/CAS server. I am trying to make sure I have the correct relay settings for both these servers.
Here is what I have for HUB
Client:
network: Port 587; 0.0.0.0-255-255-255-255 ; TLS, basic, Exchange Server, Integrated Windows authentication, permission group is Exchange users
Default:
network: Port 25; 0.0.0.0-255-255-255-255 ; TLS, basic, Exchange Server, Integrated Windows authentication, permission group is Exchange users, Anonymous, Exchange servers, legacy Exchange servers.
Internal Relay:
network: Port 25; 192.168.0.0/16 ; TLS, Externally secured, permission group is Exchange servers.
Edge Server:
network: Port 25; 0.0.0.0-255-255-255-255 ; TLS, basic, Exchange Server; permission group is Exchange users, Anonymous, Exchange servers, Partners
Thanks
Do you need anything to relay? Once the Edge is subscribed to the AD site via HT it will authenticate and communicate with it.
By default anything that can authenticate is allowed to relay
By default anything that can authenticate is allowed to relay
ASKER
MegaNuk3:
I have one remote site and a few local servers that are running scripts that need to relay. So based on what you are saying, do I remove all the 0.0.0.0 - 255.255.255.255 entries I indicated above, and just add the 192.168.0.0/16 and the ip of the remote site.
mooodiecr: Thanks for that info. I did not know about the rules taking priority.
I have one remote site and a few local servers that are running scripts that need to relay. So based on what you are saying, do I remove all the 0.0.0.0 - 255.255.255.255 entries I indicated above, and just add the 192.168.0.0/16 and the ip of the remote site.
mooodiecr: Thanks for that info. I did not know about the rules taking priority.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK,
Sorry for being basic, but let me summarize and let me know if I have this corrrect.
Client:
network: Port 587; "IP of edge server(s)"; TLS, basic, Exchange Server, Integrated Windows authentication, permission group is Exchange users
Default:
network: Port 25; "ip of edge server(s) ; TLS, basic, Exchange Server, Integrated Windows authentication, permission group is Exchange users, Anonymous, Exchange servers, legacy Exchange servers.
Internal Relay:
network: Port 25; "specific IP's of servers needing relay" ; TLS, Externally secured, permission group is Exchange servers.
Edge Server: (No Change)
network: Port 25; 0.0.0.0-255-255-255-255 ; TLS, basic, Exchange Server; permission group is Exchange users, Anonymous, Exchange servers, Partners
Sorry for being basic, but let me summarize and let me know if I have this corrrect.
Client:
network: Port 587; "IP of edge server(s)"; TLS, basic, Exchange Server, Integrated Windows authentication, permission group is Exchange users
Default:
network: Port 25; "ip of edge server(s) ; TLS, basic, Exchange Server, Integrated Windows authentication, permission group is Exchange users, Anonymous, Exchange servers, legacy Exchange servers.
Internal Relay:
network: Port 25; "specific IP's of servers needing relay" ; TLS, Externally secured, permission group is Exchange servers.
Edge Server: (No Change)
network: Port 25; 0.0.0.0-255-255-255-255 ; TLS, basic, Exchange Server; permission group is Exchange users, Anonymous, Exchange servers, Partners
The internal relay one looks good.
Have you created/modified the edge one?
Have you created/modified the edge one?
ASKER
Thanks
http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/managing-receive-connectors-part1.html
If you have an edge transport server then you would want to limit the receive connector to the internal address of the edge server. That will eliminate the ability for any other internal programs/software using the exchange server as a transport unless connected by Outlook. Just a tip, the connectors work as closest to the actual IP first.
Meaning, that if you have 2 rules ... 192.168.1.0/24, Anonymous & second rule 192.168.1.2/32, Exchange servers ... the second rule will apply to the address of 192.168.1.2 not the first rule. That caught me a couple times when I first setup 2007 and had several IPs that needed to relay off of it.