You don't have to use CDR notation when listing IP ranges. You can input 10.1.1.1-10.255.255.255 and that would work as well.
If your DMZ is up to snuff and you allow anonymous smtp, you still risk internal exploits from desktop users utilizing you as a relay (some risk involved, but easy to monitor). -troy -----Original Message----- From: Brown, Larry [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 04, 2008 7:37 AM To: MS-Exchange Admin Issues Subject: Anonymous Relay Issues E2007 SP1, CCR. Separate Hubs and CCR servers...Edge servers on a DMZ. We have a server application called Stakeout that users pull data from to a desktop client. The user can then send reports/data via SMTP from the client. Although all of the emails say they are From: StakeOut@<domain>.com <mailto:[EMAIL PROTECTED]> , the sending IP address is pulled from the client PC. Since all of our networked PC's pull their address from DHCP it's kind of impossible to put individual IP addresses in the Receive mail from remote servers in Anonymous Relay Properties. So...I though about putting in the DHCP ranges for the PC's...but it will only allow me to add a range of 10.x.x.1/32. If I try to make the range any larger I get: The CIDR length xx is greater than the maximum of 32 for an IPv4 address. Etc. So THAT doesn't work. Transport rules don't take effect until an email has been accepted by the Anonymous relay...do they? So I don't think that's the answer. Does anyone have any ideas? Am I missing something simple with the IP ranges? How big a risk would we run if we disabled the Anonymous relay so that it just accepts all anonymous SMTP email? This assumes, of course, that our DMZ is up to snuff...blocking anything externally that doesn't come from the Edge servers... Larry C. Brown LAN/WAN CS Support Dayton Power & Light (937)-331-4922 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~
