Exchange 2010 anonymous send capability

Hello, I've noticed some odd behavior with my Exchange 2010 box. I was configuring email notifications for my antivirus and virtual machine backup servers and I noticed that my mail server no longer requires authentication to send those alert messages. Essentially all I have to do now is specifiy the Exchange ip address and the recipient email addresses and they'll go through the mail server without prompting for a valid username and password. I'd really like to change this behavior, but I'm not sure where to start. I believe I have all the correct authentication requirments, but I'm not 100% sure. Any help would be greatly appreciated! Thank you!
jmchristyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

BelushiLomaxCommented:
Did you create a service account for those (AV and BU) or are you logging on as Administrator and configuring them? You can check your "Manage Send As Permissions" attribute on the mailbox to see if anything jumps out there. If you are logged on as the user sending the email or that user has an AD acct and an Exchange box with service acct credentials running on the app you are setting up, you shouldnt see the authentication.
0
jmchristyAuthor Commented:
For the AV I am logged on as the service account which does have the exchange credentials, however, the BU VM device isn't even on the domain. That's the part that confused me. It's a linux based device, not authenticated to the domain. The AV software's authentication is SQL based, so that isn't actually using AD credentials either.
0
Preston GrantTAC III EngineerCommented:
jm that only sounds like a problem if your actually relaying mail through the server anonymously. If the alerts are coming from another self-contained system,(like postie for example) to an internal exchange email address, thats fine.

Take a look at your Receive Connecters under Server Configuration > Hub Transport

go to properties > Permission groups of your "Client <servername>" connecter (Assuming you have a default installation and naming scheme here)

Make sure anonymous is NOT checked here. Typically you'd only have "Exchange Users" enabled on this connector

Anonymous should only be checked on your default connector (So you can receive external mail) and on another connector designated for relaying, that only allows specific clients inside your network
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

jmchristyAuthor Commented:
I do have the default install and Anonymous is checked on one of my recieve connectors (Default). I have two defaults: Client and Default. Default has Anonymous, Exchange Users, Exchange Servers, and Legacy Exchange Servers checked. on Client I only have Exchange Users checked. So, it appears that both are configured correctly. Neither alert system is self contained that I know of. Is there a way to check if my server is relaying mail anonymously since I'm not 100% sure that my two alert systems are self-contained?
0
jmchristyAuthor Commented:
I just went through mxtoolbox and checkor against my MX record and both said that Open Relay was not allowed. Should I assume that I would have no issues internally?
0
Preston GrantTAC III EngineerCommented:
if MXtoolbox says your good your definitely ok from the outside. To verify the inside is secure open a telnet session from one of your LAN computers

telnet <mailservername> 25
helo <internaldomainname>
mail from:<you@yourdomain.com>
rcpt to: <someone@externaldomain.com>


You should get 550 5.7.1 Unable to relay

If you do your all set
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jmchristyAuthor Commented:
That's what I got! It looks like I'm all set on both ends. Thank you for your continued help!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.