• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 507
  • Last Modified:

Creating Exchange 2007 Receive connector

We have Exchange 2007 configured as single server. We are moving from an in house spam filtering device to a hosted spam solution.  The hosted spam solution will receive all mail externally and then in turn forward to our Exchange server/Network.  I have created a new Receive Connector and added the IP of the internal network card on the firewall as allowed to relay. I have also set as anonymous access. When I test the setup by unchecking the Anonymous access on my Default Receive Connector and save all settings, mail flow stops.  I need to know what the best steps are to configure a new receive connector for mail coming from my firewall and not have anonymous access enabled on the default Receive Connector. I don't want the server open for anyone to send from with the default connector.
0
webfullcircle
Asked:
webfullcircle
  • 3
  • 3
1 Solution
 
isaman07Commented:
Your internet facing receive connector must have anonymous access allowed, or else, you will never-ever receive emails from the internet. This is not a security hole, it is like that by design and not only for Microsoft, but any other platform. Having anonymous access, does not mean you are open relay.
Now if you want to tighten, in your case you can and you should, because you will receive incoming emails only through your spamfiltering provider, then on your firewall, create a rule that accepts smtp connection only from your prividers IP and that smtp port is redirected to your exchange. Doing this will minimize any security breach.
0
 
webfullcircleAuthor Commented:
isaman07  - I like the firewall approach. One additional note. I have setup a new receive connector to only allow inbound email from the router (added IP of internal interface of router only to allow for relay). This receive connector has Anon Access enabled. I then disable Anon Access  on the Default Receive Connector and that is where in bound email stops. My question is this normal or is there a step I am missing.
0
 
isaman07Commented:
As i explained, this is normal, YOU MUST HAVE ANONYMOUS ACCESS enabled at all times. or the other approach, if you have a spam filtering appliance or mail forwarder in front of your exchange server, then yes you can configure your appliance to relay to your exchange using a username and password, then you can disable the anonymous access, since all incoming emails will go through your appliance. In your case, if  you follow the firewall approach, you are more than safe TRUST ME on that.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
isaman07Commented:
OOOps, forgot to say, you don't need to create a new receive connector, just leave the default one as it is (with anonymous enabled), your firewall will take care of the rest.
0
 
webfullcircleAuthor Commented:
thanks isaman07.  Let me test this out and will update the Question!
0
 
webfullcircleAuthor Commented:
This was the actual solution. We created a separate connector.
0

Featured Post

Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now