Solved

Allow large internal emails, while keeping external emails limited in Exchange 2010

Posted on 2014-11-21
6
103 Views
Last Modified: 2015-01-28
Greetings,

I'm in the final stages of completing the transition from Exchange 2003 to Exchange 2010.  Both still co-exist at the moment.  In our environment, we do a lot of scanning to email.  We do not allow relaying, so all this email is internal.  Up to this weekend, we had no limit to how big the files could be (as some get very large <100MB or more>).  We had an issue this weekend with some of our internal mail on the 2003 server getting hung in queue.  This resulted in the deletion of the Internet connector on the 2003 server, the recreation of the routing group connectors, and the addition of a receive connector.  All are at default settings, which is 10240K.  I'm fine with restricting incoming mail from external sources to 10MB, but I want to be able to receive large internal emails.

Do I just create another custom receive connector for SMPT (25) and reduce the remote IP range to my internal networks, and then expand the allowed size?  I just don't want to add a connector and then have my other Internet receive connector to stop working.  I don't think it will, but would like to confirm with you experts that have done this before.

Thank you,

Jeremy
0
Comment
Question by:Jer
6 Comments
 
LVL 12

Expert Comment

by:David Paris Vicente
ID: 40458726
You dont need to create new connectors

You can achieve that by:
For the external , you can try the following:

Get-SendConnector | Set-SendConnector –MaxMessageSize xxMB

 Get-ReceiveConnector | Set-ReceiveConnector –MaxMessageSize xxxMB

Open in new window


For the internal, you can try the following:

Set-TransportConfig -MaxReceiveSize 

 Set-TransportConfig -MaxSendSize

Open in new window



Hope it helps

Regards
0
 
LVL 24

Assisted Solution

by:VB ITS
VB ITS earned 250 total points
ID: 40458827
Do I just create another custom receive connector for SMPT (25) and reduce the remote IP range to my internal networks, and then expand the allowed size?
If you don't want to affect the size limit of external emails then yes, this is the way to go. I usually create a new connector and allow anonymous authentication to it, I find this makes life easier but you need to make sure you lock down access to it to only grant access to your printers.

In the Exchange Management Console expand Server ConfigurationHub Transport > click New Receive Connector...  in the Actions pane on the right > give your connector a name such as "Anonymous Internal Relay" or something along those lines > select Custom > in the Local Network setting window remove the default All Available IPv4 entry then add in the IP address of the server > in the Remote Network Settings window remove the default 0.0.0.0-255.255.255.255 entry then add in the IP addresses of your printers > finish off the wizard > right click on the newly created connector > Properties > modify the Maximum message size in the General tab as desired> go to the Permissions Groups tab > tick Anonymous usersOK

Next we have to run this command in the Exchange Management Shell and you're good to go:
Get-ReceiveConnector "Anonymous Relay Connector" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"

Open in new window

Make sure you configure your printers to use the new 2010 server for their SMTP server.
0
 
LVL 3

Author Comment

by:Jer
ID: 40458907
VB ITS,

Unless I'm missing something, your suggestion is going to allow the copiers to actually send to external email addresses (domains), correct?  I don't want the copiers to be able to send to external address, just internal.  It is generally the expectation that users email scans to themselves to confirm accuracy, and then email it to the external party as themselves.

Currently, all our copiers are pointing to the IP of our Exchange 2003 server.  The plan is to add that IP to the new Exchange 2010 upon decommission of the Exchange 2003 server.

So, I'm just looking to ensure large email traffic for all internal emails (users and copiers), while preventing copiers from sending outside our organization and preventing incoming emails from external organizations from being over 10MB.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 24

Expert Comment

by:VB ITS
ID: 40458993
Unless I'm missing something, your suggestion is going to allow the copiers to actually send to external email addresses (domains), correct?  I don't want the copiers to be able to send to external address, just internal.
Well technically copiers will be able to send to whatever email address users specify the device to send to using this new Receive Connector, be it internal or external addresses. Your users would have to actually manually specify an external address to do this though (i.e. go to the copier itself and manually type in an external email address). From what I've seen from my time as an systems admin, this very very rarely ever happens. Users generally select their email address from the copier's address book (providing you have set this up) then send off the scan.
0
 
LVL 31

Accepted Solution

by:
Gareth Gudger earned 250 total points
ID: 40461247
If you don't want copiers to relay externally then just leave off the last part that VB ITS specified. Then the relay will only work for internal addresses and not external. So if you don't want users to send to an external address, just don't apply this PowerShell cmdlet.

Get-ReceiveConnector "Anonymous Relay Connector" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"

Open in new window

0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40461337
Oh yes, of course Gareth! Very good point. It's been such a long time since I started looking into creating these anonymous relay connectors that I completely forgot what the Ms-Exch-SMTP-Accept-Any-Recipient permission actually does. Thanks for pointing that out mate.

@Jer, Gareth's comment above is 100% correct. The ms-Exch-SMTP-Accept-Any-Recipient permission is what will allow the receive connector to relay to external addresses. If you leave the command out, only messages that are addressed to recipients in your accepted domains list will be accepted by the connector.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video discusses moving either the default database or any database to a new volume.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now