Solved

Exchange 2003 - Limit email to within Domain only - no internet email

Posted on 2012-03-14
6
373 Views
Last Modified: 2012-03-20
We have a single Exchange 2003 box, configured to pop from our email host, and to SMTP out. I have a handful of users that I need to restrict from sending email to the net, but these employees need to receive emails internally (within domain).

I have read the article http://www.msexchange.org/tutorials/MF009.html. It discusses creating an SMTP Connector. My Exchange setup does not have "Connector" at that root level as shown in the example, so I cannot follow that instruction set. I do have SMTP Virtual, but the article specifically states *not* to use that.

I then found the article http://www.msexchange.org/tutorials/MF025.html. This article speaks on restricting what email the user can GET. Not what I need...

Then the article http://support.microsoft.com/default.aspx?scid=kb;en-us;Q277872 however I am not comfortable in modifying the reg just yet - nit until I am certain of a complete solution.

I cannot restrict at the firewall level. We also do not proxy.

I opened dsa.msc, went to the user, Exchange General>Delivery Restrictions>Maximum KB set it to "0", yet mail still went out.

In a single Exchange environment, with no bridgehead server, how can one stop emails from going to the net in this situation?
Exchg2003SysMgr.jpg
0
Comment
Question by:RAMTEK
  • 4
  • 2
6 Comments
 
LVL 4

Expert Comment

by:Paul-B
ID: 37723044
You can follow that Tutorial you mention there first, the MF009.html link but see this picture here where to find it in Exchange 2003.

Exchange Server 2003 SMTP Connector Location in System Manager
0
 

Author Comment

by:RAMTEK
ID: 37723364
Unfortunately that didnt work..

In reference to Article: http://www.msexchange.org/tutorials/MF009.html

1) Created group in AD - called it "No Internet Email"
     -) verified it was mail enabled
     -) checked "Hide group from Exchange address lists" to keep it off the GAL
2)  Added a user to the group
3) Added the D-WORD reg key
     -) stopped MS Exchange services
     -) rebooted server (yes I know it said to simply restart smtp services, but I rebooted the server anyway because of reg changes, and thats how I was trained eons ago...)
4) Created the SMTP connector and followed the instructions exactly (will attach screen shots if wanted)
5) Logged in to a workstation as user. Opened Outlook. Sent email to my gmail account. Email was received in GMail without error.

The process did not work for me. We are a non-pofit and our IT Budget is non-existant, so thoughts of acquiring a 3rd party software is not feasible.

What else to try?
0
 
LVL 4

Expert Comment

by:Paul-B
ID: 37723399
what happens if you go the the default Virtual SMTP Server (not connector) and then bring up the properties, go to "Access" tab, then near the bottom click the Relay.. button in the relay restrictions, Check the upper radio tick for grant access to only those in the lost box. In the list box delete everything (RIGHT IT ALL DOWN FIRST OF COURSE) and uncheck the box at the bottom for "Allow relaying for those that authorize regardless blah blah blah" and then click OK. After all its not relaying if it's for someone there on the domain.  Just make sure you write down your settings prior :)
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:RAMTEK
ID: 37725186
Modifying the Relay Restrictions under the Access tab in the Default SMTP Virtual Server  Properties also did not work. I left everything I had done prior intact, and followed your direction. In the Relay Restrictions, there was only one entry which was the ipa of the DNS server. I removed that entry and unchecked the "Allow all computers..." checkbox. I did *not* stop and restart any services. I logged on as the user we are trying to block, opened Outlook and sent a message to my gmail account. The message was successfully received. I also went back through all of the individual steps above and verified all actions were according to the article, and that I did not overlook or typo anything. I still am unable to block this user from sending email out into the world. NOTE> After the modification of the Relay Restrictions did not work, I put *back* the ipa of the DNS server, and rechecked the "Allow all computers..." checkbox so everything on the virtual server is as it was.

What do we try next? (Yes - I'd LOVE to be able to upgrade to Exchange 2010 but as I said before, that isn't an option at this time)
0
 

Accepted Solution

by:
RAMTEK earned 0 total points
ID: 37727661
After much discussion internally, our organization has decided to drop this effort. This is due to 1) I have tried all the steps already BEFORE I  had opened this questions; 2) There were no helpful suggestions in this thread that had not been tried before; 3) all attempts at following the instructions failed to provide a solution; 4) I have been informed by others that the final solution of modifying the SMTP virtual Server could have negatively impacted operations. Since we cannot find a solution for this issue, we have modified the job duties  of the employee to where they now do not need to be on the computer. Due to this, I am going to not award any points since there was a non-solution.
0
 

Author Closing Comment

by:RAMTEK
ID: 37741290
no technical solution was found, so modification of the employees duties away from a computer was necessary. Since no solution was identified, and since all research had been done prior and no successful steps were identified, and due to a questionable suggestion to modify the virtual smtp server, no points are being awarded.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
exchange, scripts 30 77
Export user type with mailbox size 41 55
Can't send to contact 6 39
exchange, 2 16
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
The viewer will learn how to simulate a series of coin tosses with the rand() function and learn how to make these “tosses” depend on a predetermined probability. Flipping Coins in Excel: Enter =RAND() into cell A2: Recalculate the random variable…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now