• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 736
  • Last Modified:

Where is the "relay" permission in a "new relay connector" (Exchange 2010)?

I just followed these instructions (which I found in response to a similar question here in EE):

http://exchangeserverpro.com/how-to-configure-a-relay-connector-for-exchange-server-2010

I performed the setup for a specific ip address for a single server on my network (a list server that needs to send email out from an address that is not on our exchange server).

But looking at these instructions, I don't see where I am specifically allowing "mail relay".

And looking at my default Receive Connector on my Exchange 2010 Server, I don't see where I am denying "mail relay".

In Exchange 2003, we specifically listed servers that were permitted to "relay".  But I don't see the word "relay" in any of this.

I would really like to understand what is going on here and I already have a lot of links on the subject.

Please do not post a link.

Only answer if you yourself can explain in plain English what is going on (without reference to any links).

Thanks.
0
gateguard
Asked:
gateguard
  • 4
  • 2
1 Solution
 
GeodashCommented:
A Receive connector is a relay. It is basically saying, "Allow the service from this IP to use me to send mail" hence "relay"

Basically, if there is not a connector in this list, the exchange server will not accept email from it, it will block it. On one of my exchange servers, I have 5 different relays all accepting email from different tools/apps.
0
 
gateguardAuthor Commented:
But then why isn't the original default receive connector acting as a relay.  What's stopping it?

What's different about the new receive connector, the fact that it lists a single remote address instead of 0.0.0.0-255.255.255.255?

Or the fact that the "externally secured" box is checked on the new connector?

Thanks again for answering my questions.
0
 
GeodashCommented:
having 0.0.0.0-255.255.255.255 is dangerous, it is basically saying any device, no matter what, can use this connector to relay. I always lock mine down by IP with /32. By specifying just one IP with a /32, it is saying this only only this device (whatever the IP address is) can use this send connector. You would lock it down by using authentication or security to make sure that nothing was "masking" as that device. In some cases, if it is internal, you don't have to worry about security. I use less security on my internal relays because I like to trust that my network is secure.

Technically, without the security, a user could change their IP to the allowed IP and use your mail server for SPAM. But, how many internal users are going to do that?

I would turn off all authentication and security, except anonymous, just temporarily to test and see if it passes mail.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
GeodashCommented:
Your question is morphing so I want to make sure it is being answered. You first asked "where" it was that you allow mail relay. But in your last post you said something is stopping it. Are you trying to troubleshoot a broken relay? I just want to help you answer your question the best way.
0
 
gateguardAuthor Commented:
Sorry for the morphing.  And you did answer my original question.  I'm now at the stage where I'm just trying to understand what piece does what.

I feel that in Exchange 2003, everything was spelled out with great clarity and that in Exchange 2010 things have gotten muddy.

But you did answer my question so I'm going to close this.  If I have more questions, I'll ask more questions.

Thanks again.
0
 
GeodashCommented:
It is ok to morph, I just wanted to make sure I was understanding what you were asking. Let us know if you need more help, we are here to help!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now