Solved

Receive connectors SBS 2011 / Exchange 2010

Posted on 2011-09-06
9
1,548 Views
Last Modified: 2012-06-27
I should be able to figure this out, but I must be missing something..  I uninstalled Trend Micro and somehow in the process it wiped out some settings in my receive connectors.  The main symptom was that although Exchange email continued to flow, a few people who get their email via POP who are outside the network could no longer send or receive email.  I was able to fix that, but in the process they could no longer send mail if they had their client configured to require authentication.  At this point I am not sure what settings each of the connectors should have for Authentication and Permission Groups.  I need to be able to send/receive mail to and from the internet, send/receive mail from a fax device within the network, and I need my POP clients to be able to send/receive email without an open relay.  I know this is simple, and I'm probably overthinking it, but it's driving me nuts!
0
Comment
Question by:landiiiks2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 14

Expert Comment

by:setasoujiro
ID: 36490594
ok,

send connector should require authentication

the receive connector should allow anonymous connection to receive internet mail.

also check if you require pop or secure pop (port difference)
0
 

Author Comment

by:landiiiks2
ID: 36491023
I really didn't think anything had happened to the send connector, but maybe I'm wrong.  I looked at the output of get-sendconnector |fl and couldn't tell whether authentication is required.  Did I just miss it?  The receive connector does allow anonymous connection, I am just not sure what else needs to be checked on that page and on the authentication page.  I don't require secure POP.  Thanks...
0
 

Author Comment

by:landiiiks2
ID: 36491394
I found this answer - run the following command:  Get-ReceiveConnector "YourReceiveConnectorName" | Remove-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient".  Is that what will fix it and require authentication for outgoing email?  I need to find the answer fast because it appears that I do have an open relay at the moment.  Thanks!
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 14

Expert Comment

by:setasoujiro
ID: 36492173
as i said, the send connector should only allow authenticated users/your lan IP range to send mail
receive should allow anonymous.

alsdo you can do this from the management console, and do not need the shell for this
0
 

Author Comment

by:landiiiks2
ID: 36492209
Well, the command failed anyway, said the ACE didn't exist.  And I don't see anywhere in the send connector settings that allow me to set what you say.  It would have to be authenticated users, not IP range because of the POP3 users.  
0
 
LVL 14

Accepted Solution

by:
setasoujiro earned 500 total points
ID: 36492248
OK check this:

under server config-->Hub TRansport--> receive connectors --> properties
check if anonymous is allowed there
this should be marked, also exchange users and servers
and network should be all

that should be it
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 36492282
also forgot to say: TLS should also be enabled under authentication, in order to have pop3 ppl send mails through your server
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 36492286
on the same receive connector
0
 

Author Closing Comment

by:landiiiks2
ID: 36922004
I think this was the complete answer - I ended up opening up an incident wtih Microsoft and the guy didn't know what he was doing - I had it just about working before he called me back and then he messed things up even worse, and finally I fixed it myself.  So I'm not even sure to this day what else wasn't right but it's working now and I appreciate the help.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question