Build a website from the ground up by first learning the fundamentals of HTML5 and CSS3, the two popular programming languages used to present content online. HTML deals with fonts, colors, graphics, and hyperlinks, while CSS describes how HTML elements are to be displayed.
Block External Users sending to Internal Distribution List
Hi Experts,
I have set our Exchange 2010 SP3 to prevent external users to send to our internal Distribution List. In fact, the default is to Require that all senders are authenticated under Message Delivery Restrictions. However, this isn't working at the moment. I also have tried to create Transport Rules with the condition for messages outside the organization destined to members of a certain DL forward to a moderator. This works fine if the email is emailed directly to the DL email address itself but if the email is sent directly to the email address of an individual user it will be quarantined for approval which is not really what we want. Any ideas what's causing this?
I have set our Exchange 2010 SP3 to prevent external users to send to our internal Distribution List. In fact, the default is to Require that all senders are authenticated under Message Delivery Restrictions. However, this isn't working at the moment. I also have tried to create Transport Rules with the condition for messages outside the organization destined to members of a certain DL forward to a moderator. This works fine if the email is emailed directly to the DL email address itself but if the email is sent directly to the email address of an individual user it will be quarantined for approval which is not really what we want. Any ideas what's causing this?
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
The "Require that all senders are authenticated" isn't working which means external emails are getting through if an external user sends to the DL itself.
Setting up a transport rule it seems that it is working fine like you've oveserved BUT just would like to block the DL@test.com and not on the user level email address i.e. user1@test.com
Setting up a transport rule it seems that it is working fine like you've oveserved BUT just would like to block the DL@test.com and not on the user level email address i.e. user1@test.com
Hi Akhater, Yes external users such as Hotmail, yahoo etc.
The "Require that all senders......" should just do the job by blocking incoming emails directly destined to the DL email address but still allows emails send individually to internal emails.
The "Require that all senders......" should just do the job by blocking incoming emails directly destined to the DL email address but still allows emails send individually to internal emails.
Can you test with a new dl? Create a brand new dl don't change anything in it's config, add to it a couple of users and email the dl from Hotmail / yahoo
I should have indicated that on my Default connector I don't have that (Externally Secured) selected as I don't want my server to become a relay.
Looking at the connectors it allows incoming emails alright but the behaviour of not allowing unauthenticated (external) users to send to internal DL isn't working which is really the problem.
Looking at the connectors it allows incoming emails alright but the behaviour of not allowing unauthenticated (external) users to send to internal DL isn't working which is really the problem.
Name : Default XXXXXXXXXXXXXX
AuthMechanism : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
Name : Client XXXXXXXXXXXXXX
AuthMechanism : Tls, Integrated, BasicAuth, BasicAuthRequireTLS
Name : Application Relay
AuthMechanism : Tls, ExternalAuthoritative
AuthMechanism : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
Name : Client XXXXXXXXXXXXXX
AuthMechanism : Tls, Integrated, BasicAuth, BasicAuthRequireTLS
Name : Application Relay
AuthMechanism : Tls, ExternalAuthoritative
OK so we have "Application Relay" that has "ExternalAuthoritative" enabled
how do you receive emails from outside ?
you have an anti-spam / relay that delivers emails to Exchange ?
Get-ReceiveConnector "Application Relay" | fl name,*authmec*,RemoteIPRan
what is the output of that ?
how do you receive emails from outside ?
you have an anti-spam / relay that delivers emails to Exchange ?
Get-ReceiveConnector "Application Relay" | fl name,*authmec*,RemoteIPRan
what is the output of that ?
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
The application relay only allows internal network to relay to our exchange - this is mainly outgoing. So this is not the issue.
We do have Sophos Virtual Email Filter. Spoken to the guys but was advised that it's got nothing to do with the filter.
We do have Sophos Virtual Email Filter. Spoken to the guys but was advised that it's got nothing to do with the filter.
Get-ReceiveConnector "Application Relay" | fl name,*authmec*,RemoteIPRan
please run this and make sure that the SoPhos ip address is not in the RemoteIPRanges
please run this and make sure that the SoPhos ip address is not in the RemoteIPRanges
ok can I ask you to create a new Receive connector with just the IP of sophos keep everything default just allow Anonymous on it and test again ?
Hi Akhater,
I am tempted to restart the server at this stage before proceeding. I will provide update on any improvements - hopefully.
I am tempted to restart the server at this stage before proceeding. I will provide update on any improvements - hopefully.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange
From novice to tech pro — start learning today.
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - Outlook 2007 Ad… 147 lessons
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - Outlook 2007 Ba… 238 lessons
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - Outlook 2007 Inte… 188 lessons
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - Outlook 2013 Par… 191 lessons
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - Outlook 2013 Par… 139 lessons
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - Outlook 2016 Par… 211 lessons
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - Outlook 2016 Par… 175 lessons
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.
1) you send from outside to the email address of the DL the email gets rejects (that's what should happen)
2) you created a transport rule to ask for moderation if an email is sent from outside the org to a user in a specific DL and this is what is happening no ?
" Require that all senders are authenticated" means that emails sent TO THE DL will not get accepted and not to its members . if you want no one to send an email to the members change your transport rule to
1) email sender is form outside the organization
2) recipient is member of specific DL
3) Reject the message with the enhanced status code
that should cover you