Solved

Creating Exchange 2007 Receive connector

Posted on 2012-04-10
6
499 Views
Last Modified: 2012-07-24
We have Exchange 2007 configured as single server. We are moving from an in house spam filtering device to a hosted spam solution.  The hosted spam solution will receive all mail externally and then in turn forward to our Exchange server/Network.  I have created a new Receive Connector and added the IP of the internal network card on the firewall as allowed to relay. I have also set as anonymous access. When I test the setup by unchecking the Anonymous access on my Default Receive Connector and save all settings, mail flow stops.  I need to know what the best steps are to configure a new receive connector for mail coming from my firewall and not have anonymous access enabled on the default Receive Connector. I don't want the server open for anyone to send from with the default connector.
0
Comment
Question by:webfullcircle
  • 3
  • 3
6 Comments
 
LVL 14

Expert Comment

by:isaman07
ID: 37829433
Your internet facing receive connector must have anonymous access allowed, or else, you will never-ever receive emails from the internet. This is not a security hole, it is like that by design and not only for Microsoft, but any other platform. Having anonymous access, does not mean you are open relay.
Now if you want to tighten, in your case you can and you should, because you will receive incoming emails only through your spamfiltering provider, then on your firewall, create a rule that accepts smtp connection only from your prividers IP and that smtp port is redirected to your exchange. Doing this will minimize any security breach.
0
 
LVL 1

Author Comment

by:webfullcircle
ID: 37829485
isaman07  - I like the firewall approach. One additional note. I have setup a new receive connector to only allow inbound email from the router (added IP of internal interface of router only to allow for relay). This receive connector has Anon Access enabled. I then disable Anon Access  on the Default Receive Connector and that is where in bound email stops. My question is this normal or is there a step I am missing.
0
 
LVL 14

Expert Comment

by:isaman07
ID: 37829610
As i explained, this is normal, YOU MUST HAVE ANONYMOUS ACCESS enabled at all times. or the other approach, if you have a spam filtering appliance or mail forwarder in front of your exchange server, then yes you can configure your appliance to relay to your exchange using a username and password, then you can disable the anonymous access, since all incoming emails will go through your appliance. In your case, if  you follow the firewall approach, you are more than safe TRUST ME on that.
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 14

Accepted Solution

by:
isaman07 earned 350 total points
ID: 37829625
OOOps, forgot to say, you don't need to create a new receive connector, just leave the default one as it is (with anonymous enabled), your firewall will take care of the rest.
0
 
LVL 1

Author Comment

by:webfullcircle
ID: 37829698
thanks isaman07.  Let me test this out and will update the Question!
0
 
LVL 1

Author Closing Comment

by:webfullcircle
ID: 38219112
This was the actual solution. We created a separate connector.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
how to add IIS SMTP to handle application/Scanner relays into office 365.

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question