rdropp
asked on
Selective relay for MS Exchange 2003
Hi All,
I have a Exchange 2003 front/back end setup and I have a requirement that we allow external members of a distribution list to send to everyone in the dist. list, even other external members. That's relaying, so I'm trying to figure out a way to allow this to happen and not make both of my Exchange servers open relays.
My testing so far indicates that making the internal server an open relay doesn't work because the external server refuses to relay the external recipients. I don't want to make the external server an open relay because we'll get blacklisted.
Does anyone have ideas on how to solve this problem?
I have a Exchange 2003 front/back end setup and I have a requirement that we allow external members of a distribution list to send to everyone in the dist. list, even other external members. That's relaying, so I'm trying to figure out a way to allow this to happen and not make both of my Exchange servers open relays.
My testing so far indicates that making the internal server an open relay doesn't work because the external server refuses to relay the external recipients. I don't want to make the external server an open relay because we'll get blacklisted.
Does anyone have ideas on how to solve this problem?
ASKER
Unfortunately, they are at large external instutitutions and universitites. I don't think I can reliably identify a single IP address or even a range for their email servers and authentication is also not feasible either.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It's a good point and helped solve the problem. The issue was that the expansion server was left as the default "any server in the organization", and we had the accept messages field set to "from everyone" . The problem is that the front end server is both faster and locked down, so it did most of the expanding and rejects all mail from non-internal addresses. Setting the expansion server to the internal server fixed the problem, since it can access the dist list and see that it's not relaying (as you correctly point out).
I've also reset the accept messages field to the distribution list only, so that it's less likely to become a mini spam vector.
Thanks!
I've also reset the accept messages field to the distribution list only, so that it's less likely to become a mini spam vector.
Thanks!
ASKER
It was a thoughtful question and suggestion that led me to the solution, even though it didn't directly solve it. I really appreciate it.
Another solution is to get them authenticated in your domain and select on your connector that only authenticated users can relay.
Good Luck