Solved

Creating Exchange 2007 Receive connector

Posted on 2012-04-10
6
488 Views
Last Modified: 2012-07-24
We have Exchange 2007 configured as single server. We are moving from an in house spam filtering device to a hosted spam solution.  The hosted spam solution will receive all mail externally and then in turn forward to our Exchange server/Network.  I have created a new Receive Connector and added the IP of the internal network card on the firewall as allowed to relay. I have also set as anonymous access. When I test the setup by unchecking the Anonymous access on my Default Receive Connector and save all settings, mail flow stops.  I need to know what the best steps are to configure a new receive connector for mail coming from my firewall and not have anonymous access enabled on the default Receive Connector. I don't want the server open for anyone to send from with the default connector.
0
Comment
Question by:webfullcircle
  • 3
  • 3
6 Comments
 
LVL 14

Expert Comment

by:isaman07
ID: 37829433
Your internet facing receive connector must have anonymous access allowed, or else, you will never-ever receive emails from the internet. This is not a security hole, it is like that by design and not only for Microsoft, but any other platform. Having anonymous access, does not mean you are open relay.
Now if you want to tighten, in your case you can and you should, because you will receive incoming emails only through your spamfiltering provider, then on your firewall, create a rule that accepts smtp connection only from your prividers IP and that smtp port is redirected to your exchange. Doing this will minimize any security breach.
0
 
LVL 1

Author Comment

by:webfullcircle
ID: 37829485
isaman07  - I like the firewall approach. One additional note. I have setup a new receive connector to only allow inbound email from the router (added IP of internal interface of router only to allow for relay). This receive connector has Anon Access enabled. I then disable Anon Access  on the Default Receive Connector and that is where in bound email stops. My question is this normal or is there a step I am missing.
0
 
LVL 14

Expert Comment

by:isaman07
ID: 37829610
As i explained, this is normal, YOU MUST HAVE ANONYMOUS ACCESS enabled at all times. or the other approach, if you have a spam filtering appliance or mail forwarder in front of your exchange server, then yes you can configure your appliance to relay to your exchange using a username and password, then you can disable the anonymous access, since all incoming emails will go through your appliance. In your case, if  you follow the firewall approach, you are more than safe TRUST ME on that.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 14

Accepted Solution

by:
isaman07 earned 350 total points
ID: 37829625
OOOps, forgot to say, you don't need to create a new receive connector, just leave the default one as it is (with anonymous enabled), your firewall will take care of the rest.
0
 
LVL 1

Author Comment

by:webfullcircle
ID: 37829698
thanks isaman07.  Let me test this out and will update the Question!
0
 
LVL 1

Author Closing Comment

by:webfullcircle
ID: 38219112
This was the actual solution. We created a separate connector.
0

Featured Post

Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

Join & Write a Comment

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now