OK, in your bunch of telnet tests below, you demonstrated that mail delivery from any domain including your own, to a valid e-mail address at your own domain, succeeds. That's assuming that t...@domain.com is a valid e-mail address.
And that's pretty much the way e-mail works. If you want to block inbound mail mail coming from a particular sender's domain, you use sender filtering and just put "@domain.com" in the sender filtering list. Yes, that could be a problem for your same-domain.com users who authenticate to deliver mail using SMTP (and presumably retrieve mail using POP3 or IMAP). The solution to that is, don't use POP/IMAP/SMTP for your remote users. Use RPC/https or OWA. So now you can sender-filter e-mail from anyone that comes in from @same-domain.com The answer to your specific question, to only do sender filtering for unauthenticated senders, is, you can't get there from here. Carl From: gro...@beachcomp.com [mailto:gro...@beachcomp.com] Sent: Wednesday, July 07, 2010 8:43 PM To: MS-Exchange Admin Issues Subject: RE: Open relay... Kind of Anyone with any ideas? Appreciate it! From: gro...@beachcomp.com [mailto:gro...@beachcomp.com] Sent: Tuesday, July 06, 2010 3:52 PM To: MS-Exchange Admin Issues Subject: RE: Open relay... Kind of So.. how do I tell it that unless the user is authenticated, do not accept from @samedomain.com? From: Chris Boller [mailto:ch...@mahoola.com] Sent: Tuesday, July 06, 2010 2:59 PM To: MS-Exchange Admin Issues Subject: RE: Open relay... Kind of That's right, out of the box you can deliver mail to any exchange 2003 server and as long as it's in the accepted domain list it will deliver regardless of the mail from:<> CB _____ From: gro...@beachcomp.com [gro...@beachcomp.com] Sent: 06 July 2010 19:49 To: MS-Exchange Admin Issues Subject: Open relay... Kind of Hi all, Having one of those days. Just noticed our exchange server doing something funky and wondered if I was missing something. Using an Exchange 2003 machine, and for some reason it's allowing local to local e-mail remotely and w/o authentication. What am I missing here? Here's a telnet session from a REMOTE machine: 220 Server.Domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.46 75 ready at Tue, 6 Jul 2010 14:35:41 -0400 HELO 250 Server.Domain.com Hello [208.00.00.99] MAIL FROM:t...@domain.com 250 2.1.0 t...@domain.com....sender OK RCPT TO:t...@domain.com DATA 250 2.1.5 t...@domain.com 354 Start mail input; end with <CRLF>.<CRLF> TEST . 250 2.6.0 <serverox7nyekzgzuny00000...@server.domain.com> Queued mail for delivery 220 Server.Domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.46 75 ready at Tue, 6 Jul 2010 14:42:21 -0400 HELO 250 Server.Domain.com Hello [208.00.00.99] MAIL FROM:t...@domain.com 250 2.1.0 t...@domain.com....sender OK RCPT TO:t...@test.com 550 5.7.1 Unable to relay for t...@test.com 220 Server.Domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.46 75 ready at Tue, 6 Jul 2010 14:43:39 -0400 HELO 250 Server.Domain.com Hello [208.00.00.99] MAIL FROM:t...@test.com 250 2.1.0 t...@test.com....sender OK RCPT TO:t...@test.com 550 5.7.1 Unable to relay for t...@test.com 220 Server.Domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.46 75 ready at Tue, 6 Jul 2010 14:45:37 -0400 HELO 250 Server.Domain.com Hello [208.00.00.99] MAIL FROM 501 5.5.4 Unrecognized parameter MAIL FROM:t...@test.com 250 2.1.0 t...@test.com....sender OK RCPT TO:t...@domain.com 250 2.1.5 t...@domain.com DATA 354 Start mail input; end with <CRLF>.<CRLF> TEST . 250 2.6.0 <serverfraqbc8wsa1xv00000...@server.domain.com> Queued mail for delivery Thanks for your input.
