Solved

Where is the "relay" permission in a "new relay connector" (Exchange 2010)?

Posted on 2012-03-26
6
715 Views
Last Modified: 2012-03-26
I just followed these instructions (which I found in response to a similar question here in EE):

http://exchangeserverpro.com/how-to-configure-a-relay-connector-for-exchange-server-2010

I performed the setup for a specific ip address for a single server on my network (a list server that needs to send email out from an address that is not on our exchange server).

But looking at these instructions, I don't see where I am specifically allowing "mail relay".

And looking at my default Receive Connector on my Exchange 2010 Server, I don't see where I am denying "mail relay".

In Exchange 2003, we specifically listed servers that were permitted to "relay".  But I don't see the word "relay" in any of this.

I would really like to understand what is going on here and I already have a lot of links on the subject.

Please do not post a link.

Only answer if you yourself can explain in plain English what is going on (without reference to any links).

Thanks.
0
Comment
Question by:gateguard
  • 4
  • 2
6 Comments
 
LVL 9

Expert Comment

by:Geodash
ID: 37767103
A Receive connector is a relay. It is basically saying, "Allow the service from this IP to use me to send mail" hence "relay"

Basically, if there is not a connector in this list, the exchange server will not accept email from it, it will block it. On one of my exchange servers, I have 5 different relays all accepting email from different tools/apps.
0
 

Author Comment

by:gateguard
ID: 37767651
But then why isn't the original default receive connector acting as a relay.  What's stopping it?

What's different about the new receive connector, the fact that it lists a single remote address instead of 0.0.0.0-255.255.255.255?

Or the fact that the "externally secured" box is checked on the new connector?

Thanks again for answering my questions.
0
 
LVL 9

Accepted Solution

by:
Geodash earned 500 total points
ID: 37767756
having 0.0.0.0-255.255.255.255 is dangerous, it is basically saying any device, no matter what, can use this connector to relay. I always lock mine down by IP with /32. By specifying just one IP with a /32, it is saying this only only this device (whatever the IP address is) can use this send connector. You would lock it down by using authentication or security to make sure that nothing was "masking" as that device. In some cases, if it is internal, you don't have to worry about security. I use less security on my internal relays because I like to trust that my network is secure.

Technically, without the security, a user could change their IP to the allowed IP and use your mail server for SPAM. But, how many internal users are going to do that?

I would turn off all authentication and security, except anonymous, just temporarily to test and see if it passes mail.
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 9

Expert Comment

by:Geodash
ID: 37767785
Your question is morphing so I want to make sure it is being answered. You first asked "where" it was that you allow mail relay. But in your last post you said something is stopping it. Are you trying to troubleshoot a broken relay? I just want to help you answer your question the best way.
0
 

Author Closing Comment

by:gateguard
ID: 37767867
Sorry for the morphing.  And you did answer my original question.  I'm now at the stage where I'm just trying to understand what piece does what.

I feel that in Exchange 2003, everything was spelled out with great clarity and that in Exchange 2010 things have gotten muddy.

But you did answer my question so I'm going to close this.  If I have more questions, I'll ask more questions.

Thanks again.
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37767888
It is ok to morph, I just wanted to make sure I was understanding what you were asking. Let us know if you need more help, we are here to help!
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

937 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now