Solved

Where is the "relay" permission in a "new relay connector" (Exchange 2010)?

Posted on 2012-03-26
6
720 Views
Last Modified: 2012-03-26
I just followed these instructions (which I found in response to a similar question here in EE):

http://exchangeserverpro.com/how-to-configure-a-relay-connector-for-exchange-server-2010

I performed the setup for a specific ip address for a single server on my network (a list server that needs to send email out from an address that is not on our exchange server).

But looking at these instructions, I don't see where I am specifically allowing "mail relay".

And looking at my default Receive Connector on my Exchange 2010 Server, I don't see where I am denying "mail relay".

In Exchange 2003, we specifically listed servers that were permitted to "relay".  But I don't see the word "relay" in any of this.

I would really like to understand what is going on here and I already have a lot of links on the subject.

Please do not post a link.

Only answer if you yourself can explain in plain English what is going on (without reference to any links).

Thanks.
0
Comment
Question by:gateguard
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 9

Expert Comment

by:Geodash
ID: 37767103
A Receive connector is a relay. It is basically saying, "Allow the service from this IP to use me to send mail" hence "relay"

Basically, if there is not a connector in this list, the exchange server will not accept email from it, it will block it. On one of my exchange servers, I have 5 different relays all accepting email from different tools/apps.
0
 

Author Comment

by:gateguard
ID: 37767651
But then why isn't the original default receive connector acting as a relay.  What's stopping it?

What's different about the new receive connector, the fact that it lists a single remote address instead of 0.0.0.0-255.255.255.255?

Or the fact that the "externally secured" box is checked on the new connector?

Thanks again for answering my questions.
0
 
LVL 9

Accepted Solution

by:
Geodash earned 500 total points
ID: 37767756
having 0.0.0.0-255.255.255.255 is dangerous, it is basically saying any device, no matter what, can use this connector to relay. I always lock mine down by IP with /32. By specifying just one IP with a /32, it is saying this only only this device (whatever the IP address is) can use this send connector. You would lock it down by using authentication or security to make sure that nothing was "masking" as that device. In some cases, if it is internal, you don't have to worry about security. I use less security on my internal relays because I like to trust that my network is secure.

Technically, without the security, a user could change their IP to the allowed IP and use your mail server for SPAM. But, how many internal users are going to do that?

I would turn off all authentication and security, except anonymous, just temporarily to test and see if it passes mail.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 9

Expert Comment

by:Geodash
ID: 37767785
Your question is morphing so I want to make sure it is being answered. You first asked "where" it was that you allow mail relay. But in your last post you said something is stopping it. Are you trying to troubleshoot a broken relay? I just want to help you answer your question the best way.
0
 

Author Closing Comment

by:gateguard
ID: 37767867
Sorry for the morphing.  And you did answer my original question.  I'm now at the stage where I'm just trying to understand what piece does what.

I feel that in Exchange 2003, everything was spelled out with great clarity and that in Exchange 2010 things have gotten muddy.

But you did answer my question so I'm going to close this.  If I have more questions, I'll ask more questions.

Thanks again.
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37767888
It is ok to morph, I just wanted to make sure I was understanding what you were asking. Let us know if you need more help, we are here to help!
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
Read this checklist to learn more about the 15 things you should never include in an email signature.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question