Allow relay internally only

I have a connector setup on my exchange server that we use for internal devices to relay..printers..scanners and so on. These devices connected to our relay server (20082r with smtp installed) which then makes the connection to exchange. Is there a way I can configure either of them to allow relay to only domains my exch org is responsible for?
LVL 6
Smith and AndersenAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Adam BrownSr Solutions ArchitectCommented:
I wrote a blog on the subject of internal email relay here: http://acbrownit.wordpress.com/2012/05/02/exchange-2010-relaying-how-to-use-it-how-to-turn-it-off/

Basically you would set up a receive connector that accepts unauthenticated email and set up the IPs it receives from to be only those on your internal network, or only specific IPs that represent devices or apps that need unauthenticated relaying. This, of course, assumes you are using Exchange 2007+.
0
pcmghouseCommented:
Usually doamins are controlled by the send connectors, i.e, your smtp relay server.

There should be a possiblity of adding remote domains. Check this for reference
: http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/41207a4d-9536-4e7f-9865-2b14ef677fb6.mspx?mfr=true
0
Smith and AndersenAuthor Commented:
Thanks for the info guys. My relay is secured and configured properly.
What I am trying to do is have it setup so that relaying can be used internally only.
ie: if someone scans to email it will only send to domains my exchange org is responsible for.
I have been asked to secure this more as someone tried scanning a sensitive document and sending to a gmail account<can I prevent this?
0
vSolutionsITCommented:
Yes, you can prevent it.
Receive connectors are used to control the relaying. Run below command and check ms-Exch-SMTP-Accept-Any-Recipient is not enabled on any of the receive connector.

Get-ReceiveConnector yourconnectorname | get-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights

"ms-Exch-SMTP-Accept-Any-Recipient " permission allows the session to relay messages through this connector. If this permission isn't granted, only messages that are addressed to recipients in accepted domains are accepted by this connector. By default this permission is not enabled on any receive connector. If it is enabled then that connector can be used to relay emails to outside domains.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.