Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5852
  • Last Modified:

Trying to figure out the best way to setup a noreply for network applications and devices

Hi, I am trying to development a simple, but managable way to setup a noreply email address for devices and applications that require a SMTP server to forward non-reply email messages to users.

How do you go about this in your environment?

I saw this article and wondering if I should do that?
http://social.technet.microsoft.com/Forums/en-US/exchangesvradmin/thread/722cd183-ddfe-4d56-ba92-f319ebd79d98/


I have Exchange 2010 Enterprise at the moment.


Just wondering.

Thanks in advance.
0
rsnellman
Asked:
rsnellman
  • 6
  • 5
  • 4
2 Solutions
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Are you saying that a Application sends an email to users and you dont want them to respond or if they do they should get a DND message ? If so you can play with Disclaimer for Message in the first place and Transport rule for any responses.

- Rancy
0
 
rsnellmanAuthor Commented:
Yes, we have some applications that deal with students that will send out a generic message or other type email messages that I wish for them not to be able to respond to or if they do it looks like it went thru but really didn't.  I would rather have no bounce back emails if they attempt to reply, because that will just cause more headaches than it is worth.

Also, I just ran across this forum posting talking about just setting the noreply account to receive 0 size messages so as no messages get thru, but would that cause bounce backs to the sender?

http://forums.serverwatch.com/showthread.php?18021-Creating-No-Reply-Email-Account

Thanks.
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
But this is a Mailbox they are using to send emails but your Server itself is doing that ..... so again i dont think its possible normally but you can create a Transport rule that would say that any email sent to Application@mydomain.com or Device@mydomain.com should be sent to Noreply mailbox.

- Rancy
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
rsnellmanAuthor Commented:
Actually, at the moment the "noreply" account is just an AD account, it doesn't have the email features attached to it yet.  However, if I need to attach an Exchange mailbox to it then I will.  I have done this in the past where I just let the admins enter noreply@domain.com address as from then I would create a relay connector for that specific device (server) that application is sending from so it passes thru, now I am thinking it might be more secure if I require a username and password for authentication rather than adding it to the relay connector.  That way the address never existing and everything was fine, but now I am thinking more secure and credentials is the better way to go.  Right?
0
 
Simon Butler (Sembee)ConsultantCommented:
The simple solution to this is to just create a group with no members. You can send as the group if you really need to. For outbound, authenticate against another account.

Simon.
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
now I am thinking it might be more secure if I require a username and password for authentication rather than adding it to the relay connector -- I do agree with this point

That way the address never existing and everything was fine, but now I am thinking more secure and credentials is the better way to go.  Right? -- Yes

- Rancy
0
 
rsnellmanAuthor Commented:
So, if I require credentials for the applications to send thru my Exchange 2010 server than a distro group wouldn't work, right?

So, I am on the right track about setting up a "noreply" AD account add an Exchange mailbox to it then create a transport rule that deletes any messages coming in for that "noreply" email account, correct?
0
 
Simon Butler (Sembee)ConsultantCommented:
The sending address and the account used for authentication have no connection to each other. If this is pure SMTP then you just need to authenticate with a valid account, nothing more.

Simon.
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
I wouldnt go for a DL why not use a Mailbox and clean it once you dont need data and you can also check on emails you want to :)

Yes you can but depends as you want to really configure.

- Rancy
0
 
rsnellmanAuthor Commented:
OK, I apologize, but I want to make sure I understand you correctly.  Any AD account will do that resides on the same domain as the Exchange server, whether it has an Exchange mailbox attached to it or not, right?

So, if I create a "noreply" AD account then I can just use that rather than using an account that has an Exchange mailbox with it, right?


Sorry, just want to make sure I understand this completely, because once I start down this road I am going to go back thru all these applications and require them to authenticate before sending emails thru my Exchange box.

Thanks.
0
 
Simon Butler (Sembee)ConsultantCommented:
You need somewhere for the email to go, so it isn't rejected by Exchange.
What I have done for other clients is setup an account for each application - so the account is named after the application. Then it is obvious what it is for. That account is then used to authenticate against Exchange.

You can get very clever with the permissions and lock down a connector to allow only specific accounts to use the relay. User a group and then you only have to set the permissions once - an account gets abused, dump the acocunt, create a new one, add to the group.

Simon.
0
 
rsnellmanAuthor Commented:
Sembee2,
Could you elaborate for me on this technique?  I don't think I am following you.  Where does the email go?  You are saying create a distro group based on the application name using it?  Then create an account within that group to be used purely for authentication?

Sorry it has been a long day and hard to think much more.
0
 
Simon Butler (Sembee)ConsultantCommented:
No, you create a group with no members. Call it noreply and with the email address of noreply@domain.com

When your application sends its emails out, it sends from the noreply@example.com address. If the group has no members then it becomes a black hole, the email is just dropped.

What I was referring to was securing the Receive Connector that is being used to allow relaying. What you don't want to do is allow any account to relay. However to allow relaying through Exchange for an application you have to make changes. Instead of making those changes to the generic system, you can grant the permission to a group.

Then create an account for each application to use for authentication. against Exchange, so that you can control it. I have seen a single account used for lots of applications in the past, which is fine until a password change is required and then you have to chase around lots of applications ot change the password.

This article is for Exchange 2007, but applies to Exchange 2010 as well:
http://blogs.technet.com/b/exchange/archive/2006/12/28/3397620.aspx

Simon.
0
 
rsnellmanAuthor Commented:
Simon,
Thanks for the clarification.

Does it matter where I create the Receive Connector group for Exchange?  Does it need to be under Microsoft Exchange Security Group OU?  


What attributes does the group need? Universal? Security?  


Just trying to figure out how the custom receive connector relay knows to apply to the custom group.

Thanks again.
0
 
Simon Butler (Sembee)ConsultantCommented:
No, it doesn't matter where the group is created.
It will need to be Universal Security group as it is being used for permissions.

Simon.
0

Featured Post

Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

  • 6
  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now