Solved

Receive connectors SBS 2011 / Exchange 2010

Posted on 2011-09-06
9
1,497 Views
Last Modified: 2012-06-27
I should be able to figure this out, but I must be missing something..  I uninstalled Trend Micro and somehow in the process it wiped out some settings in my receive connectors.  The main symptom was that although Exchange email continued to flow, a few people who get their email via POP who are outside the network could no longer send or receive email.  I was able to fix that, but in the process they could no longer send mail if they had their client configured to require authentication.  At this point I am not sure what settings each of the connectors should have for Authentication and Permission Groups.  I need to be able to send/receive mail to and from the internet, send/receive mail from a fax device within the network, and I need my POP clients to be able to send/receive email without an open relay.  I know this is simple, and I'm probably overthinking it, but it's driving me nuts!
0
Comment
Question by:landiiiks2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 14

Expert Comment

by:setasoujiro
ID: 36490594
ok,

send connector should require authentication

the receive connector should allow anonymous connection to receive internet mail.

also check if you require pop or secure pop (port difference)
0
 

Author Comment

by:landiiiks2
ID: 36491023
I really didn't think anything had happened to the send connector, but maybe I'm wrong.  I looked at the output of get-sendconnector |fl and couldn't tell whether authentication is required.  Did I just miss it?  The receive connector does allow anonymous connection, I am just not sure what else needs to be checked on that page and on the authentication page.  I don't require secure POP.  Thanks...
0
 

Author Comment

by:landiiiks2
ID: 36491394
I found this answer - run the following command:  Get-ReceiveConnector "YourReceiveConnectorName" | Remove-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient".  Is that what will fix it and require authentication for outgoing email?  I need to find the answer fast because it appears that I do have an open relay at the moment.  Thanks!
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 14

Expert Comment

by:setasoujiro
ID: 36492173
as i said, the send connector should only allow authenticated users/your lan IP range to send mail
receive should allow anonymous.

alsdo you can do this from the management console, and do not need the shell for this
0
 

Author Comment

by:landiiiks2
ID: 36492209
Well, the command failed anyway, said the ACE didn't exist.  And I don't see anywhere in the send connector settings that allow me to set what you say.  It would have to be authenticated users, not IP range because of the POP3 users.  
0
 
LVL 14

Accepted Solution

by:
setasoujiro earned 500 total points
ID: 36492248
OK check this:

under server config-->Hub TRansport--> receive connectors --> properties
check if anonymous is allowed there
this should be marked, also exchange users and servers
and network should be all

that should be it
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 36492282
also forgot to say: TLS should also be enabled under authentication, in order to have pop3 ppl send mails through your server
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 36492286
on the same receive connector
0
 

Author Closing Comment

by:landiiiks2
ID: 36922004
I think this was the complete answer - I ended up opening up an incident wtih Microsoft and the guy didn't know what he was doing - I had it just about working before he called me back and then he messed things up even worse, and finally I fixed it myself.  So I'm not even sure to this day what else wasn't right but it's working now and I appreciate the help.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question