Solved

Where is the "relay" permission in a "new relay connector" (Exchange 2010)?

Posted on 2012-03-26
6
719 Views
Last Modified: 2012-03-26
I just followed these instructions (which I found in response to a similar question here in EE):

http://exchangeserverpro.com/how-to-configure-a-relay-connector-for-exchange-server-2010

I performed the setup for a specific ip address for a single server on my network (a list server that needs to send email out from an address that is not on our exchange server).

But looking at these instructions, I don't see where I am specifically allowing "mail relay".

And looking at my default Receive Connector on my Exchange 2010 Server, I don't see where I am denying "mail relay".

In Exchange 2003, we specifically listed servers that were permitted to "relay".  But I don't see the word "relay" in any of this.

I would really like to understand what is going on here and I already have a lot of links on the subject.

Please do not post a link.

Only answer if you yourself can explain in plain English what is going on (without reference to any links).

Thanks.
0
Comment
Question by:gateguard
  • 4
  • 2
6 Comments
 
LVL 9

Expert Comment

by:Geodash
ID: 37767103
A Receive connector is a relay. It is basically saying, "Allow the service from this IP to use me to send mail" hence "relay"

Basically, if there is not a connector in this list, the exchange server will not accept email from it, it will block it. On one of my exchange servers, I have 5 different relays all accepting email from different tools/apps.
0
 

Author Comment

by:gateguard
ID: 37767651
But then why isn't the original default receive connector acting as a relay.  What's stopping it?

What's different about the new receive connector, the fact that it lists a single remote address instead of 0.0.0.0-255.255.255.255?

Or the fact that the "externally secured" box is checked on the new connector?

Thanks again for answering my questions.
0
 
LVL 9

Accepted Solution

by:
Geodash earned 500 total points
ID: 37767756
having 0.0.0.0-255.255.255.255 is dangerous, it is basically saying any device, no matter what, can use this connector to relay. I always lock mine down by IP with /32. By specifying just one IP with a /32, it is saying this only only this device (whatever the IP address is) can use this send connector. You would lock it down by using authentication or security to make sure that nothing was "masking" as that device. In some cases, if it is internal, you don't have to worry about security. I use less security on my internal relays because I like to trust that my network is secure.

Technically, without the security, a user could change their IP to the allowed IP and use your mail server for SPAM. But, how many internal users are going to do that?

I would turn off all authentication and security, except anonymous, just temporarily to test and see if it passes mail.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 9

Expert Comment

by:Geodash
ID: 37767785
Your question is morphing so I want to make sure it is being answered. You first asked "where" it was that you allow mail relay. But in your last post you said something is stopping it. Are you trying to troubleshoot a broken relay? I just want to help you answer your question the best way.
0
 

Author Closing Comment

by:gateguard
ID: 37767867
Sorry for the morphing.  And you did answer my original question.  I'm now at the stage where I'm just trying to understand what piece does what.

I feel that in Exchange 2003, everything was spelled out with great clarity and that in Exchange 2010 things have gotten muddy.

But you did answer my question so I'm going to close this.  If I have more questions, I'll ask more questions.

Thanks again.
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37767888
It is ok to morph, I just wanted to make sure I was understanding what you were asking. Let us know if you need more help, we are here to help!
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Find out what you should include to make the best professional email signature for your organization.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question