Solved

Creating Exchange 2007 Receive connector

Posted on 2012-04-10
6
501 Views
Last Modified: 2012-07-24
We have Exchange 2007 configured as single server. We are moving from an in house spam filtering device to a hosted spam solution.  The hosted spam solution will receive all mail externally and then in turn forward to our Exchange server/Network.  I have created a new Receive Connector and added the IP of the internal network card on the firewall as allowed to relay. I have also set as anonymous access. When I test the setup by unchecking the Anonymous access on my Default Receive Connector and save all settings, mail flow stops.  I need to know what the best steps are to configure a new receive connector for mail coming from my firewall and not have anonymous access enabled on the default Receive Connector. I don't want the server open for anyone to send from with the default connector.
0
Comment
Question by:webfullcircle
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 14

Expert Comment

by:isaman07
ID: 37829433
Your internet facing receive connector must have anonymous access allowed, or else, you will never-ever receive emails from the internet. This is not a security hole, it is like that by design and not only for Microsoft, but any other platform. Having anonymous access, does not mean you are open relay.
Now if you want to tighten, in your case you can and you should, because you will receive incoming emails only through your spamfiltering provider, then on your firewall, create a rule that accepts smtp connection only from your prividers IP and that smtp port is redirected to your exchange. Doing this will minimize any security breach.
0
 
LVL 1

Author Comment

by:webfullcircle
ID: 37829485
isaman07  - I like the firewall approach. One additional note. I have setup a new receive connector to only allow inbound email from the router (added IP of internal interface of router only to allow for relay). This receive connector has Anon Access enabled. I then disable Anon Access  on the Default Receive Connector and that is where in bound email stops. My question is this normal or is there a step I am missing.
0
 
LVL 14

Expert Comment

by:isaman07
ID: 37829610
As i explained, this is normal, YOU MUST HAVE ANONYMOUS ACCESS enabled at all times. or the other approach, if you have a spam filtering appliance or mail forwarder in front of your exchange server, then yes you can configure your appliance to relay to your exchange using a username and password, then you can disable the anonymous access, since all incoming emails will go through your appliance. In your case, if  you follow the firewall approach, you are more than safe TRUST ME on that.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 14

Accepted Solution

by:
isaman07 earned 350 total points
ID: 37829625
OOOps, forgot to say, you don't need to create a new receive connector, just leave the default one as it is (with anonymous enabled), your firewall will take care of the rest.
0
 
LVL 1

Author Comment

by:webfullcircle
ID: 37829698
thanks isaman07.  Let me test this out and will update the Question!
0
 
LVL 1

Author Closing Comment

by:webfullcircle
ID: 38219112
This was the actual solution. We created a separate connector.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question