Here's the same problem from a different perspective:
I can create a receive connector linked to a send connector so that all the email that comes in on the recieive connector has to go out on that linked send connector - but any other email bound for the namespace on that send connector can also go out that connector. What I need to do is create a receive connector linked to a send connector so that ONLY the email that comes in on that receive connector can go out on that linked send connector. ________________________________ From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 08, 2008 3:44 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2007 routing puzzle. Does your remote MTA support AUTH? Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Campbell, Rob [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 08, 2008 4:36 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2007 routing puzzle. I've looked at the permission model, and the permissions on the send connectors all seem to involve authentication of the receiving MTA. Maybe I'm not reading the documentation right, but it seems like you can only apply permissions based on the sender to receive connectors. ________________________________ From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 08, 2008 3:21 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2007 routing puzzle. Oh. Duh. You can use get/set/remove-adpermission on the connector. Those do work. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Campbell, Rob [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 08, 2008 4:06 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2007 routing puzzle. I think I might have come closer to getting it to work under E2K3. There at least you could create an SMTP connector, and control who could send through it. In 2007, there doesn't seem to be any access control on the send connectors. If it's there, it's available to use for any email to that address space. There doesn't seem to be any mechanism to apply any kind of sender-based filtering on what goes to that connector. ________________________________ From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 08, 2008 2:45 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2007 routing puzzle. I don't think you can do this the way you want. I don't think any released version of Exchange could. You need another set of HT's or Edges in there. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Campbell, Rob [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 08, 2008 11:28 AM To: MS-Exchange Admin Issues Subject: Exchange 2007 routing puzzle. I have a situation where I need to send all outbound email from an Exchange 2007 Hub Transport server to a third party MTA for examination and processing (encryption) before it goes on to the internet. The current configuration is a HT server on the internal network, and a pair of Edge servers in the DMZ.. I'd like to be able to have the HT send all outbound mail to this MTA and then have it returned to the Hub Transport server from there, and then onto the Edge servers for delivery. That eliminates the need for more firewall rules, gives me better message tracking in Exchange, and hopefully reduces the potential for mail loops. I can set up a new Send Connector with an address space of * and point it at the third party MTA, and I can set up a new Receive Connector linked to the existing Send Connector going to the Edge server for delivery. What I can't seem find a way to do is force the HT to use the Send Connector going to the third party MTA before sending the returned mail to the Edge servers. I can set a higher cost on the Edge send connector so that it will prefer to use the third party MTA connector, but that's about it. There just doesn't seem to be any way to control routing to a particular Send Connector except by address space. If I can't get this to work, it means I have to configure additional Receive Connectors on the Edge servers, punch more holes in the firewall, get SSL set up between the Edge server and that third party (Linux) box, and have to switch to the third part MTA for message tracking of internet email. Anybody know a way to control routing to a Send Connector? ************************************************************************ ************************** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ************************************************************************ ************************** ************************************************************************ ************************** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ************************************************************************ ************************** ************************************************************************ ************************** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ************************************************************************ ************************** ************************************************************************************************** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ************************************************************************************************** ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~