Solved

Allow relay internally only

Posted on 2014-03-03
4
170 Views
Last Modified: 2014-03-12
I have a connector setup on my exchange server that we use for internal devices to relay..printers..scanners and so on. These devices connected to our relay server (20082r with smtp installed) which then makes the connection to exchange. Is there a way I can configure either of them to allow relay to only domains my exch org is responsible for?
0
Comment
Question by:smithandandersen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 41

Expert Comment

by:Adam Brown
ID: 39901957
I wrote a blog on the subject of internal email relay here: http://acbrownit.wordpress.com/2012/05/02/exchange-2010-relaying-how-to-use-it-how-to-turn-it-off/

Basically you would set up a receive connector that accepts unauthenticated email and set up the IPs it receives from to be only those on your internal network, or only specific IPs that represent devices or apps that need unauthenticated relaying. This, of course, assumes you are using Exchange 2007+.
0
 
LVL 4

Expert Comment

by:pcmghouse
ID: 39902823
Usually doamins are controlled by the send connectors, i.e, your smtp relay server.

There should be a possiblity of adding remote domains. Check this for reference
: http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/41207a4d-9536-4e7f-9865-2b14ef677fb6.mspx?mfr=true
0
 
LVL 6

Author Comment

by:smithandandersen
ID: 39902947
Thanks for the info guys. My relay is secured and configured properly.
What I am trying to do is have it setup so that relaying can be used internally only.
ie: if someone scans to email it will only send to domains my exchange org is responsible for.
I have been asked to secure this more as someone tried scanning a sensitive document and sending to a gmail account<can I prevent this?
0
 
LVL 8

Accepted Solution

by:
vSolutionsIT earned 250 total points
ID: 39911216
Yes, you can prevent it.
Receive connectors are used to control the relaying. Run below command and check ms-Exch-SMTP-Accept-Any-Recipient is not enabled on any of the receive connector.

Get-ReceiveConnector yourconnectorname | get-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights

"ms-Exch-SMTP-Accept-Any-Recipient " permission allows the session to relay messages through this connector. If this permission isn't granted, only messages that are addressed to recipients in accepted domains are accepted by this connector. By default this permission is not enabled on any receive connector. If it is enabled then that connector can be used to relay emails to outside domains.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question