Solved

Allow relay internally only

Posted on 2014-03-03
4
156 Views
Last Modified: 2014-03-12
I have a connector setup on my exchange server that we use for internal devices to relay..printers..scanners and so on. These devices connected to our relay server (20082r with smtp installed) which then makes the connection to exchange. Is there a way I can configure either of them to allow relay to only domains my exch org is responsible for?
0
Comment
Question by:smithandandersen
4 Comments
 
LVL 38

Expert Comment

by:Adam Brown
Comment Utility
I wrote a blog on the subject of internal email relay here: http://acbrownit.wordpress.com/2012/05/02/exchange-2010-relaying-how-to-use-it-how-to-turn-it-off/

Basically you would set up a receive connector that accepts unauthenticated email and set up the IPs it receives from to be only those on your internal network, or only specific IPs that represent devices or apps that need unauthenticated relaying. This, of course, assumes you are using Exchange 2007+.
0
 
LVL 4

Expert Comment

by:pcmghouse
Comment Utility
Usually doamins are controlled by the send connectors, i.e, your smtp relay server.

There should be a possiblity of adding remote domains. Check this for reference
: http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/41207a4d-9536-4e7f-9865-2b14ef677fb6.mspx?mfr=true
0
 
LVL 6

Author Comment

by:smithandandersen
Comment Utility
Thanks for the info guys. My relay is secured and configured properly.
What I am trying to do is have it setup so that relaying can be used internally only.
ie: if someone scans to email it will only send to domains my exchange org is responsible for.
I have been asked to secure this more as someone tried scanning a sensitive document and sending to a gmail account<can I prevent this?
0
 
LVL 8

Accepted Solution

by:
vSolutionsIT earned 250 total points
Comment Utility
Yes, you can prevent it.
Receive connectors are used to control the relaying. Run below command and check ms-Exch-SMTP-Accept-Any-Recipient is not enabled on any of the receive connector.

Get-ReceiveConnector yourconnectorname | get-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights

"ms-Exch-SMTP-Accept-Any-Recipient " permission allows the session to relay messages through this connector. If this permission isn't granted, only messages that are addressed to recipients in accepted domains are accepted by this connector. By default this permission is not enabled on any receive connector. If it is enabled then that connector can be used to relay emails to outside domains.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now