Solved

Where is the "relay" permission in a "new relay connector" (Exchange 2010)?

Posted on 2012-03-26
6
713 Views
Last Modified: 2012-03-26
I just followed these instructions (which I found in response to a similar question here in EE):

http://exchangeserverpro.com/how-to-configure-a-relay-connector-for-exchange-server-2010

I performed the setup for a specific ip address for a single server on my network (a list server that needs to send email out from an address that is not on our exchange server).

But looking at these instructions, I don't see where I am specifically allowing "mail relay".

And looking at my default Receive Connector on my Exchange 2010 Server, I don't see where I am denying "mail relay".

In Exchange 2003, we specifically listed servers that were permitted to "relay".  But I don't see the word "relay" in any of this.

I would really like to understand what is going on here and I already have a lot of links on the subject.

Please do not post a link.

Only answer if you yourself can explain in plain English what is going on (without reference to any links).

Thanks.
0
Comment
Question by:gateguard
  • 4
  • 2
6 Comments
 
LVL 9

Expert Comment

by:Geodash
Comment Utility
A Receive connector is a relay. It is basically saying, "Allow the service from this IP to use me to send mail" hence "relay"

Basically, if there is not a connector in this list, the exchange server will not accept email from it, it will block it. On one of my exchange servers, I have 5 different relays all accepting email from different tools/apps.
0
 

Author Comment

by:gateguard
Comment Utility
But then why isn't the original default receive connector acting as a relay.  What's stopping it?

What's different about the new receive connector, the fact that it lists a single remote address instead of 0.0.0.0-255.255.255.255?

Or the fact that the "externally secured" box is checked on the new connector?

Thanks again for answering my questions.
0
 
LVL 9

Accepted Solution

by:
Geodash earned 500 total points
Comment Utility
having 0.0.0.0-255.255.255.255 is dangerous, it is basically saying any device, no matter what, can use this connector to relay. I always lock mine down by IP with /32. By specifying just one IP with a /32, it is saying this only only this device (whatever the IP address is) can use this send connector. You would lock it down by using authentication or security to make sure that nothing was "masking" as that device. In some cases, if it is internal, you don't have to worry about security. I use less security on my internal relays because I like to trust that my network is secure.

Technically, without the security, a user could change their IP to the allowed IP and use your mail server for SPAM. But, how many internal users are going to do that?

I would turn off all authentication and security, except anonymous, just temporarily to test and see if it passes mail.
0
Want to promote your upcoming event?

Attending an event? Speaking at a conference? Or exhibiting at a tradeshow? Easily inform your contacts by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

 
LVL 9

Expert Comment

by:Geodash
Comment Utility
Your question is morphing so I want to make sure it is being answered. You first asked "where" it was that you allow mail relay. But in your last post you said something is stopping it. Are you trying to troubleshoot a broken relay? I just want to help you answer your question the best way.
0
 

Author Closing Comment

by:gateguard
Comment Utility
Sorry for the morphing.  And you did answer my original question.  I'm now at the stage where I'm just trying to understand what piece does what.

I feel that in Exchange 2003, everything was spelled out with great clarity and that in Exchange 2010 things have gotten muddy.

But you did answer my question so I'm going to close this.  If I have more questions, I'll ask more questions.

Thanks again.
0
 
LVL 9

Expert Comment

by:Geodash
Comment Utility
It is ok to morph, I just wanted to make sure I was understanding what you were asking. Let us know if you need more help, we are here to help!
0

Featured Post

Are your corporate email signatures appalling?

Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

Join & Write a Comment

"Migrate" an SMTP relay receive connector to a new server using info from an old server.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now