Exchange 2010 relay settings
I have two Exchange 2010 SP3 CAS servers. They are front-ended by several load balancers. In front of that we have a spam and a/v appliance that filters e-mail first for inbound and outbound. This morning I noticed that Internet mail was going out, but not coming in. The load balancers did not report any errors with connectivity. The spam appliance reported that it could not send messages to Exchange as no resources were available on the Exchange side. Looking at the CAS servers, I saw entries in the app logs: receive connected relay server_name rejected an incoming connection from IP address x.x.x.x. The maximum number of connections per source (20) for th is connector has been reached by this source IP address. I restarted CAS servers and they started to accept mail again, although I do see that message again. I know I can change this via the MaxInboundConnectionPerSource and MaxInboundConnectionPercentagePerSource. But I'd really like to know how to properly troubleshoot this. The relay connectors on the server are limited to specific IP addresses such as our copiers, notification systems, and the load balancers. The App log referred specifically to the IP of the primary load balancer. Other than enabling verbose logging on that connector, how else would one troubleshoot this? Thanks, Tom --- To manage subscriptions click here: or send an email to with the body: unsubscribe exchangelist
RE: Exchange 2010 relay settings
Your load balancer is reporting their address instead of the source IP address. That might be something you want to change. Otherwise, I'm not sure why you think you have a problem? It sounds as if you are just getting a lot of email. From: Tom Miller [mailto:tominyorkt...@gmail.com] Sent: Tuesday, May 14, 2013 1:03 PM To: MS-Exchange Admin Issues Subject: Exchange 2010 relay settings I have two Exchange 2010 SP3 CAS servers. They are front-ended by several load balancers. In front of that we have a spam and a/v appliance that filters e-mail first for inbound and outbound. This morning I noticed that Internet mail was going out, but not coming in. The load balancers did not report any errors with connectivity. The spam appliance reported that it could not send messages to Exchange as no resources were available on the Exchange side. Looking at the CAS servers, I saw entries in the app logs: receive connected relay server_name rejected an incoming connection from IP address x.x.x.x. The maximum number of connections per source (20) for th is connector has been reached by this source IP address. I restarted CAS servers and they started to accept mail again, although I do see that message again. I know I can change this via the MaxInboundConnectionPerSource and MaxInboundConnectionPercentagePerSource. But I'd really like to know how to properly troubleshoot this. The relay connectors on the server are limited to specific IP addresses such as our copiers, notification systems, and the load balancers. The App log referred specifically to the IP of the primary load balancer. Other than enabling verbose logging on that connector, how else would one troubleshoot this? Thanks, Tom --- To manage subscriptions click here: or send an email to with the body: unsubscribe exchangelist --- To manage subscriptions click here: or send an email to with the body: unsubscribe exchangelist
Re: Issue with load balancers, relay, autodiscover
First error message is normal, it is because of the way the test is done, it first try an autodiscover test with your domain name in the URL. If your domain is contoso it will try first Autodiscover to https://contoso.com/autodiscover/autodiscover.xlmhttps://mycompany.com/autodiscover/autodiscover.xlm I get the same error myself but autodiscover works fine from outside. On Wed, Feb 20, 2013 at 12:36 PM, Tom Miller tmil...@sfgtrust.com wrote: This past weekend I inserted two Barracuda load balancers into my Exchange 2010 environment. With a few exceptions, they seems to be working well. ** ** I need some suggestions from the list on a few things: ** ** External autodiscover is failing, then succeeding. In the log when I get test connection, I see this: ** ** Autodiscover to https://mycompany.com/autodiscover/autodiscover.xlmfailed (0x800c203) Autodiscover to https://autodiscover.mycompany.com/autodiscover/autodiscover.xml starting* *** GetLastError = 0; httpStatus=200 Autodiscover to https://autodiscover.mycompany.com/autodiscover/autodiscover.xml succeeded ** ** Any ideas on this one? ** ** The second issue I have is relay. I have a relay for our various environmental, copiers, BusinessObject systems, and other equipment/systems. That worked fine with I used Windows NLB on the CAS servers. Now that I’m using the load balancers, the relay works only for internal recipients. If a relay is destined for external e-mail addresses, it fails. This is particularly an issue for our BusinessObjects systems, which send out reports to non-internal addresses. Any thoughts on this one? ** ** Thanks, Tom --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Issue with load balancers, relay, autodiscover
Thanks! I'm back to Exchange after years away from it so this is still new(ish) to me. Tom From: Alexander Rose [mailto:arose...@gmail.com] Sent: Wednesday, February 20, 2013 8:32 AM To: MS-Exchange Admin Issues Subject: Re: Issue with load balancers, relay, autodiscover First error message is normal, it is because of the way the test is done, it first try an autodiscover test with your domain name in the URL. If your domain is contoso it will try first Autodiscover to https://contoso.com/autodiscover/autodiscover.xlmhttps://mycompany.com/autodiscover/autodiscover.xlm I get the same error myself but autodiscover works fine from outside. On Wed, Feb 20, 2013 at 12:36 PM, Tom Miller tmil...@sfgtrust.commailto:tmil...@sfgtrust.com wrote: This past weekend I inserted two Barracuda load balancers into my Exchange 2010 environment. With a few exceptions, they seems to be working well. I need some suggestions from the list on a few things: External autodiscover is failing, then succeeding. In the log when I get test connection, I see this: Autodiscover to https://mycompany.com/autodiscover/autodiscover.xlm failed (0x800c203) Autodiscover to https://autodiscover.mycompany.com/autodiscover/autodiscover.xml starting GetLastError = 0; httpStatus=200 Autodiscover to https://autodiscover.mycompany.com/autodiscover/autodiscover.xml succeeded Any ideas on this one? The second issue I have is relay. I have a relay for our various environmental, copiers, BusinessObject systems, and other equipment/systems. That worked fine with I used Windows NLB on the CAS servers. Now that I'm using the load balancers, the relay works only for internal recipients. If a relay is destined for external e-mail addresses, it fails. This is particularly an issue for our BusinessObjects systems, which send out reports to non-internal addresses. Any thoughts on this one? Thanks, Tom --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
Re: Issue with load balancers, relay, autodiscover
How is your receive connector configured for relaying (Authentication and Permission Groups) ? On Wed, Feb 20, 2013 at 3:17 PM, Tom Miller tmil...@sfgtrust.com wrote: Thanks! I'm back to Exchange after years away from it so this is still new(ish) to me. ** ** Tom ** ** *From:* Alexander Rose [mailto:arose...@gmail.com] *Sent:* Wednesday, February 20, 2013 8:32 AM *To:* MS-Exchange Admin Issues *Subject:* Re: Issue with load balancers, relay, autodiscover ** ** First error message is normal, it is because of the way the test is done, it first try an autodiscover test with your domain name in the URL. If your domain is contoso it will try first Autodiscover to https://contoso.com/autodiscover/autodiscover.xlmhttps://mycompany.com/autodiscover/autodiscover.xlm I get the same error myself but autodiscover works fine from outside. On Wed, Feb 20, 2013 at 12:36 PM, Tom Miller tmil...@sfgtrust.com wrote: This past weekend I inserted two Barracuda load balancers into my Exchange 2010 environment. With a few exceptions, they seems to be working well.** ** I need some suggestions from the list on a few things: External autodiscover is failing, then succeeding. In the log when I get test connection, I see this: Autodiscover to https://mycompany.com/autodiscover/autodiscover.xlmfailed (0x800c203) Autodiscover to https://autodiscover.mycompany.com/autodiscover/autodiscover.xml starting* *** GetLastError = 0; httpStatus=200 Autodiscover to https://autodiscover.mycompany.com/autodiscover/autodiscover.xml succeeded Any ideas on this one? The second issue I have is relay. I have a relay for our various environmental, copiers, BusinessObject systems, and other equipment/systems. That worked fine with I used Windows NLB on the CAS servers. Now that I’m using the load balancers, the relay works only for internal recipients. If a relay is destined for external e-mail addresses, it fails. This is particularly an issue for our BusinessObjects systems, which send out reports to non-internal addresses. Any thoughts on this one? Thanks, Tom --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist ** ** --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Issue with load balancers, relay, autodiscover
Exchange servers and anonymous users. Only specific IP addresses are permitted however. From: Alexander Rose [mailto:arose...@gmail.com] Sent: Wednesday, February 20, 2013 10:27 AM To: MS-Exchange Admin Issues Subject: Re: Issue with load balancers, relay, autodiscover How is your receive connector configured for relaying (Authentication and Permission Groups) ? On Wed, Feb 20, 2013 at 3:17 PM, Tom Miller tmil...@sfgtrust.commailto:tmil...@sfgtrust.com wrote: Thanks! I'm back to Exchange after years away from it so this is still new(ish) to me. Tom From: Alexander Rose [mailto:arose...@gmail.commailto:arose...@gmail.com] Sent: Wednesday, February 20, 2013 8:32 AM To: MS-Exchange Admin Issues Subject: Re: Issue with load balancers, relay, autodiscover First error message is normal, it is because of the way the test is done, it first try an autodiscover test with your domain name in the URL. If your domain is contoso it will try first Autodiscover to https://contoso.com/autodiscover/autodiscover.xlmhttps://mycompany.com/autodiscover/autodiscover.xlm I get the same error myself but autodiscover works fine from outside. On Wed, Feb 20, 2013 at 12:36 PM, Tom Miller tmil...@sfgtrust.commailto:tmil...@sfgtrust.com wrote: This past weekend I inserted two Barracuda load balancers into my Exchange 2010 environment. With a few exceptions, they seems to be working well. I need some suggestions from the list on a few things: External autodiscover is failing, then succeeding. In the log when I get test connection, I see this: Autodiscover to https://mycompany.com/autodiscover/autodiscover.xlm failed (0x800c203) Autodiscover to https://autodiscover.mycompany.com/autodiscover/autodiscover.xml starting GetLastError = 0; httpStatus=200 Autodiscover to https://autodiscover.mycompany.com/autodiscover/autodiscover.xml succeeded Any ideas on this one? The second issue I have is relay. I have a relay for our various environmental, copiers, BusinessObject systems, and other equipment/systems. That worked fine with I used Windows NLB on the CAS servers. Now that I'm using the load balancers, the relay works only for internal recipients. If a relay is destined for external e-mail addresses, it fails. This is particularly an issue for our BusinessObjects systems, which send out reports to non-internal addresses. Any thoughts on this one? Thanks, Tom --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Issue with load balancers, relay, autodiscover
And the second issue is because the apparently source IP address of your servers has changed; your relay configuration is now incorrect. You either need to the do the filtering at the LB or direct the internal users to the internal (BEHIND the LB) addresses. From: Alexander Rose [mailto:arose...@gmail.com] Sent: Wednesday, February 20, 2013 8:32 AM To: MS-Exchange Admin Issues Subject: Re: Issue with load balancers, relay, autodiscover First error message is normal, it is because of the way the test is done, it first try an autodiscover test with your domain name in the URL. If your domain is contoso it will try first Autodiscover to https://contoso.com/autodiscover/autodiscover.xlmhttps://mycompany.com/autodiscover/autodiscover.xlm I get the same error myself but autodiscover works fine from outside. On Wed, Feb 20, 2013 at 12:36 PM, Tom Miller tmil...@sfgtrust.commailto:tmil...@sfgtrust.com wrote: This past weekend I inserted two Barracuda load balancers into my Exchange 2010 environment. With a few exceptions, they seems to be working well. I need some suggestions from the list on a few things: External autodiscover is failing, then succeeding. In the log when I get test connection, I see this: Autodiscover to https://mycompany.com/autodiscover/autodiscover.xlm failed (0x800c203) Autodiscover to https://autodiscover.mycompany.com/autodiscover/autodiscover.xml starting GetLastError = 0; httpStatus=200 Autodiscover to https://autodiscover.mycompany.com/autodiscover/autodiscover.xml succeeded Any ideas on this one? The second issue I have is relay. I have a relay for our various environmental, copiers, BusinessObject systems, and other equipment/systems. That worked fine with I used Windows NLB on the CAS servers. Now that I'm using the load balancers, the relay works only for internal recipients. If a relay is destined for external e-mail addresses, it fails. This is particularly an issue for our BusinessObjects systems, which send out reports to non-internal addresses. Any thoughts on this one? Thanks, Tom --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
Spam relay problem
What steps should I take to troubleshoot this type of relay? That source IP is not ours. X-ASG-Debug-ID: 1359697244-058e841d914e4a30001-uhLaEQ Received: from biblio (lvelizy-156-45-11-122.w80-11.abo.wanadoo.fr [80.11.32.122]) by securemail1.brgeneral.org with ESMTP id etJOQQqUPhHTkKXN for vacacu2ped...@gmail.com; Thu, 31 Jan 2013 23:40:44 -0600 (CST) X-Barracuda-Envelope-From: ad...@brgeneral.org X-Barracuda-Apparent-*Source-IP: 80.11.32.122 *MIME-Version: 1.0 From: ad...@brgeneral.org To: vacacu2ped...@gmail.com Date: 1 Feb 2013 06:49:58 +0100 Subject: 69.2.47.143 X-Barracuda-Connect: lvelizy-156-45-11-122.w80-11.abo.wanadoo.fr[80.11.32.122] X-Barracuda-Start-Time: 1359697244 X-Barracuda-URL: http://securemail1.brgeneral.org:8000/cgi-mod/mark.cgi X-Barracuda-Orig-Rcpt: vacacu2ped...@gmail.com X-ASG-Orig-Subj: 69.2.47.143 X-Virus-Scanned: by bsmtpd at brgeneral.org X-Barracuda-Spam-Score: 0.14 X-Barracuda-Spam-Status: No, SCORE=0.14 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=9.0 tests=MISSING_MID, NO_REAL_NAME X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.2.121486 Rule breakdown below pts rule name description -- -- 0.14 MISSING_MID Missing Message-Id: header 0.00 NO_REAL_NAME From: does not include a real name Running Barracuda Spam/Email filter appliances and Exchange 2010 SP1 -- T. Todd Lemmiksoo --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Spam relay problem
You are brgeneral and this hit your system there? If that is correct I don't see that as a relay, I see it as someone spoofing your 'from' address space. Very common. If you want to stop your Cuda from accepting this kind of email you want to look at the 'sender spoof' setting in your Cuda. But be aware a lot of so called legit email will spoof your from address. For example amazon.com order confirmations do, or at least used to last time I looked. From: Todd Lemmiksoo [mailto:tlemmik...@gmail.com] Sent: Monday, February 04, 2013 10:14 AM To: MS-Exchange Admin Issues Subject: Spam relay problem What steps should I take to troubleshoot this type of relay? That source IP is not ours. X-ASG-Debug-ID: 1359697244-058e841d914e4a30001-uhLaEQ Received: from biblio (lvelizy-156-45-11-122.w80-11.abo.wanadoo.frhttp://lvelizy-156-45-11-122.w80-11.abo.wanadoo.fr [80.11.32.122]) by securemail1.brgeneral.orghttp://securemail1.brgeneral.org with ESMTP id etJOQQqUPhHTkKXN for vacacu2ped...@gmail.commailto:vacacu2ped...@gmail.com; Thu, 31 Jan 2013 23:40:44 -0600 (CST) X-Barracuda-Envelope-From: ad...@brgeneral.orgmailto:ad...@brgeneral.org X-Barracuda-Apparent-Source-IP: 80.11.32.122 MIME-Version: 1.0 From: ad...@brgeneral.orgmailto:ad...@brgeneral.org To: vacacu2ped...@gmail.commailto:vacacu2ped...@gmail.com Date: 1 Feb 2013 06:49:58 +0100 Subject: 69.2.47.143 X-Barracuda-Connect: lvelizy-156-45-11-122.w80-11.abo.wanadoo.frhttp://lvelizy-156-45-11-122.w80-11.abo.wanadoo.fr[80.11.32.122] X-Barracuda-Start-Time: 1359697244 X-Barracuda-URL: http://securemail1.brgeneral.org:8000/cgi-mod/mark.cgi X-Barracuda-Orig-Rcpthttp://securemail1.brgeneral.org:8000/cgi-mod/mark.cgiX-Barracuda-Orig-Rcpt: vacacu2ped...@gmail.commailto:vacacu2ped...@gmail.com X-ASG-Orig-Subj: 69.2.47.143 X-Virus-Scanned: by bsmtpd at brgeneral.orghttp://brgeneral.org X-Barracuda-Spam-Score: 0.14 X-Barracuda-Spam-Status: No, SCORE=0.14 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=9.0 tests=MISSING_MID, NO_REAL_NAME X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.2.121486 Rule breakdown below pts rule name description -- -- 0.14 MISSING_MID Missing Message-Id: header 0.00 NO_REAL_NAME From: does not include a real name Running Barracuda Spam/Email filter appliances and Exchange 2010 SP1 -- T. Todd Lemmiksoo --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
Re: Prevent open relay
Understood, thanks guys On Sat, Jan 26, 2013 at 3:37 PM, Peter Johnson johnson.pet...@gmail.comwrote: By definition an open relay is an SMTP server that will accept and forward on email for domains for which it is not responsible. By default any Exchange Server post 2000 will be not be an open relay by default IIRC correctly. If u have an antispam service in the cloud and your edge device/firewall is configured to only SMTP from your provided IP addresses a default receive connector should be fine. On 26 Jan 2013, at 13:20, Alexander Rose arose...@gmail.com wrote: Hi, Just wondering how would one prevent being an open relay yet still be able to receive emails from most domains (hotmail, gmail,...) without any configuration? How would you need to configure your receive connectors, i just realize i did not have to worry about it as we receive our emails from an online anti-spam provider so we just allow its set of IPs, but for a shop that receives directly emails from outside whether or not you have an edge server? --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
SLIGHTLY OFF TOPIC: IP list allowed to relay on IIS 2k3
I have a client who has an Exchange 2003 org behind two IIS servers that act as the SMTP front-end outbound - in other words, the Exchange org, and various other servers in their AD, relay across the two IIS servers - which are Windows server 2003. It's a fairly large company, and they have a few thousand IPs allowed to relay. The problem is - over the years, one of the relay servers has about 1500 IPs, where the other (Sadly) has close to 1900 listed as allowed to relay. In Windows 2003, scripting is not very user friendly (at least to me, whose limit is hacking away at Powershell.) We have found a VB script that appears to copy out the IP addresses, and has allowed us to get the IPs from each server and compare them in Excel spreadsheets. My issue is - using the same script to import the results of merging those IP addresses back into IIS sort of appears to work; but no IPs ever show up in the GUI. - If you use the script t pull the IPs out, you see a list of IPs, but the GUI (IIS / SMTP/ Relay button) shows as blank. I need the list to show to satisfy my client. What am I doing wrong? Note - we tried a reboot, iisreset, etc. http://blogs.msdn.com/b/vijaysk/archive/2009/05/07/setting-smtp-relayiplist-from-a-script.aspx is a link to the script we're trying to use. Any suggestions greatly appreciated! Russ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: SLIGHTLY OFF TOPIC: IP list allowed to relay on IIS 2k3
I _think_ this worked on IIS SMTP. But that was a long long time ago now... http://support.microsoft.com/kb/935635 If that doesn't work, using the metabase explorer is going to be the way to do it... -Original Message- From: Russ Patterson [mailto:rus...@gmail.com] Sent: Wednesday, September 19, 2012 11:06 AM To: MS-Exchange Admin Issues Subject: SLIGHTLY OFF TOPIC: IP list allowed to relay on IIS 2k3 I have a client who has an Exchange 2003 org behind two IIS servers that act as the SMTP front-end outbound - in other words, the Exchange org, and various other servers in their AD, relay across the two IIS servers - which are Windows server 2003. It's a fairly large company, and they have a few thousand IPs allowed to relay. The problem is - over the years, one of the relay servers has about 1500 IPs, where the other (Sadly) has close to 1900 listed as allowed to relay. In Windows 2003, scripting is not very user friendly (at least to me, whose limit is hacking away at Powershell.) We have found a VB script that appears to copy out the IP addresses, and has allowed us to get the IPs from each server and compare them in Excel spreadsheets. My issue is - using the same script to import the results of merging those IP addresses back into IIS sort of appears to work; but no IPs ever show up in the GUI. - If you use the script t pull the IPs out, you see a list of IPs, but the GUI (IIS / SMTP/ Relay button) shows as blank. I need the list to show to satisfy my client. What am I doing wrong? Note - we tried a reboot, iisreset, etc. http://blogs.msdn.com/b/vijaysk/archive/2009/05/07/setting-smtp-relayiplist-from-a-script.aspx is a link to the script we're trying to use. Any suggestions greatly appreciated! Russ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Allow SMTP relay for authenticated account
Below are the configs of a totally default Client Servername receive connector. Anyone with a mailbox is allowed to use the connector (that is the Permissions Group tab). On the Authentication tab, if you want to support plaintext authentication, then uncheck the box after Offer Basic authentication only after... Is that what you want? Or am I missing something? [cid:image001.png@01CCECA1.5E7F42B0] [cid:image002.png@01CCECA1.5E7F42B0] From: Robert Peterson [mailto:robert.peter...@prin.edu] Sent: Wednesday, February 15, 2012 11:59 PM To: MS-Exchange Admin Issues Subject: RE: Allow SMTP relay for authenticated account Michael, Are you saying the default Client servername receive connector should allow already an authenticated user to use SMTP to relay to an external domain? I do notice the settings within that connector, are set to offer Basic Authentication only but only after starting TLS. Thanks again, Robert From: Michael B. Smith [mailto:mich...@smithcons.com]mailto:[mailto:mich...@smithcons.com] Sent: Wednesday, February 15, 2012 9:56 PM To: MS-Exchange Admin Issues Subject: RE: Allow SMTP relay for authenticated account That is the default behavior through the Client servername receive connector. From: Robert Peterson [mailto:robert.peter...@prin.edu] Sent: Wednesday, February 15, 2012 10:25 PM To: MS-Exchange Admin Issues Subject: Allow SMTP relay for authenticated account Google'ing still seems to come up short. I see the need but no answers. Now that were at Exchange 2010 SP2, I still cannot see how to allow a device or application to send SMTP mail through Exchange when destined for an external domain. I am able to allow by IP addresses within the Hub Transport Relay Connector, but I would really like to allow via an authenticated account. Any ideas? Thank you, Robert --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelistinline: image001.pnginline: image002.png
RE: Allow SMTP relay for authenticated account
That is the default behavior through the Client servername receive connector. From: Robert Peterson [mailto:robert.peter...@prin.edu] Sent: Wednesday, February 15, 2012 10:25 PM To: MS-Exchange Admin Issues Subject: Allow SMTP relay for authenticated account Google'ing still seems to come up short. I see the need but no answers. Now that were at Exchange 2010 SP2, I still cannot see how to allow a device or application to send SMTP mail through Exchange when destined for an external domain. I am able to allow by IP addresses within the Hub Transport Relay Connector, but I would really like to allow via an authenticated account. Any ideas? Thank you, Robert --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Allow SMTP relay for authenticated account
Michael, Are you saying the default Client servername receive connector should allow already an authenticated user to use SMTP to relay to an external domain? I do notice the settings within that connector, are set to offer Basic Authentication only but only after starting TLS. Thanks again, Robert From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, February 15, 2012 9:56 PM To: MS-Exchange Admin Issues Subject: RE: Allow SMTP relay for authenticated account That is the default behavior through the Client servername receive connector. From: Robert Peterson [mailto:robert.peter...@prin.edu] Sent: Wednesday, February 15, 2012 10:25 PM To: MS-Exchange Admin Issues Subject: Allow SMTP relay for authenticated account Google'ing still seems to come up short. I see the need but no answers. Now that were at Exchange 2010 SP2, I still cannot see how to allow a device or application to send SMTP mail through Exchange when destined for an external domain. I am able to allow by IP addresses within the Hub Transport Relay Connector, but I would really like to allow via an authenticated account. Any ideas? Thank you, Robert --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Slow Relay through Exchange
Be careful what you ask for. I have seen this setting put multiple hub servers on their knees, when the value was dropped below 15. The default being 30, the customer saw an increase in performance when the delay was dropped to 15 and demanded to have it dropped to 5. Well they got what they asked for in spades. If you run multi role servers I would keep a close eye. M From: Greg Sweers [mailto:gswe...@acts360.com] Sent: Thursday, December 08, 2011 2:09 PM To: MS-Exchange Admin Issues Subject: Slow Relay through Exchange Just thought I would post, for awhile now we have a 3rd part app that relays off an internal mail server for delivering student report cards, billings, etc.. Since upgrading to Exchange 2010 the relay speed was like 5% of what it was. Everything pointed to the throttling policy but I was unable to find anything, including posting to this list quite some time ago about it. This was the command that returned it to normal speed. Apparently Exchange 2010 will notify you is delivery was successful with a certain time frame. Set-ReceiveConnector Connector Name -MaxAcknowledgementDelay 0 My users are so happy that they are offering to buy me Christmas gifts this year. Now that's happy people. J Greg Sweers CEO http://www.acts360.com/ ACTS360.com P.O. Box 1193 Brandon, FL 33509 813-657-0849 Office 813-758-6850 Cell 813-341-1270 Fax --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Slow Relay through Exchange
Its not a large site. Less than 250 users. Sending out not more than a few thousand every week. I will keep an eye out though, thx for the advice. Greg Sweers CEO ACTS360.comhttp://www.acts360.com/ P.O. Box 1193 Brandon, FL 33509 813-657-0849 Office 813-758-6850 Cell 813-341-1270 Fax From: Matt Moore [mailto:mattmoore...@hotmail.com] Sent: Thursday, December 08, 2011 6:54 PM To: MS-Exchange Admin Issues Subject: RE: Slow Relay through Exchange Be careful what you ask for. I have seen this setting put multiple hub servers on their knees, when the value was dropped below 15. The default being 30, the customer saw an increase in performance when the delay was dropped to 15 and demanded to have it dropped to 5. Well they got what they asked for in spades. If you run multi role servers I would keep a close eye. M From: Greg Sweers [mailto:gswe...@acts360.com]mailto:[mailto:gswe...@acts360.com] Sent: Thursday, December 08, 2011 2:09 PM To: MS-Exchange Admin Issues Subject: Slow Relay through Exchange Just thought I would post, for awhile now we have a 3rd part app that relays off an internal mail server for delivering student report cards, billings, etc.. Since upgrading to Exchange 2010 the relay speed was like 5% of what it was. Everything pointed to the throttling policy but I was unable to find anything, including posting to this list quite some time ago about it. This was the command that returned it to normal speed. Apparently Exchange 2010 will notify you is delivery was successful with a certain time frame. Set-ReceiveConnector Connector Name -MaxAcknowledgementDelay 0 My users are so happy that they are offering to buy me Christmas gifts this year... Now that's happy people. :) Greg Sweers CEO ACTS360.comhttp://www.acts360.com/ P.O. Box 1193 Brandon, FL 33509 813-657-0849 Office 813-758-6850 Cell 813-341-1270 Fax --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
Re: Configuring relay question on E2K7
Yes John W. Cook Systems Administrator Partnership for Strong Families - Original Message - From: Wayne Dueck [mailto:wayne.l.du...@state.or.us] Sent: Thursday, October 06, 2011 10:25 AM To: MS-Exchange Admin Issues exchangelist@lyris.sunbelt-software.com Subject: re: Configuring relay question on E2K7 Can you telnet from the XP box to port 25 on the Exchange box? -Wayne --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Configuring relay question on E2K7
What SMTP logging level is set for the receive connector? If it is logging and nothing is showing up then no connection is being made. In which case I'd think firewall/anti virus? I've had problems before with some clients relating to GSSAPI, although for the life of me I can't remember what! Usually i'd say delve into the SMTP recieve logs and see where it is failing. But if you really can't see anything in the logs then it's being blocked or sending incorrectly. Nick From: John Cook [john.c...@pfsf.org] Sent: 05 October 2011 19:13 To: MS-Exchange Admin Issues Subject: Configuring relay question on E2K7 Scenario – E2K7 SP2, separate CAS and HT servers, 3rd party application (it sends an email every so often to a specified address) via SMTP running on XP SP3 We were given this XP/scanner setup to send specific data picked up by the scanner to a specific address for compliance. The application monitoring software reports “no valid recipient specified” each time it attempts to send data. This never shows up in the SMTP logs on the Exchange server. The static IP of the XP machine is allowed to relay and the account has normal email rights. Does anyone have any ideas? TIA John Cook CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist This electronic message contains information from CACI International Inc or subsidiary companies, which may be confidential, proprietary, privileged or otherwise protected from disclosure. The information is intended to be used solely by the recipient(s) named above. If you are not an intended recipient, be aware that any review, disclosure, copying, distribution or use of this transmission or its contents is prohibited. If you have received this transmission in error, please notify us immediately at postmas...@caci.co.uk Viruses: Although we have taken steps to ensure that this e-mail and attachments are free from any virus, we advise that in keeping with good computing practice the recipient should ensure they are actually virus free. CACI Limited. Registered in England Wales. Registration No. 1649776. CACI House, Avonmore Road, London, W14 8TS. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
Configuring relay question on E2K7
Scenario - E2K7 SP2, separate CAS and HT servers, 3rd party application (it sends an email every so often to a specified address) via SMTP running on XP SP3 We were given this XP/scanner setup to send specific data picked up by the scanner to a specific address for compliance. The application monitoring software reports no valid recipient specified each time it attempts to send data. This never shows up in the SMTP logs on the Exchange server. The static IP of the XP machine is allowed to relay and the account has normal email rights. Does anyone have any ideas? TIA John Cook CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
Exchange 2007, new receive connector setup for relay only works for a short time
I set up a new receive connector on the hub transport (no edge transport). to relay for an internal app server. It listens on port 587 and is set to accept mail only from the app server IP address I gave the connector anonymous permission and used the Exchange management shell to give the new connector permission to relay. It worked for a while last night and then refused connections. I then ran Ghostmail on the app server. When sending through the new connector I get a 550 5.7.1 client was not authenticated. Rebooted the Exchange server this morning. No mail is being sent from the app server. I was able to send mail with Ghostmail through the new receive connector. About an hour later I tried to send mail and get 550 5.7.1 client was not authenticated. Any suggestions appreciated. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Exchange 2007, new receive connector setup for relay only works for a short time
Check out this article http://blogs.technet.com/b/exchange/archive/2006/12/28/3397620.aspx Date: Fri, 2 Sep 2011 13:13:31 -0400 Subject: Exchange 2007, new receive connector setup for relay only works for a short time From: hgedr...@gmail.com To: exchangelist@lyris.sunbelt-software.com I set up a new receive connector on the hub transport (no edge transport). to relay for an internal app server. It listens on port 587 and is set to accept mail only from the app server IP address I gave the connector anonymous permission and used the Exchange management shell to give the new connector permission to relay. It worked for a while last night and then refused connections. I then ran Ghostmail on the app server. When sending through the new connector I get a 550 5.7.1 client was not authenticated. Rebooted the Exchange server this morning. No mail is being sent from the app server. I was able to send mail with Ghostmail through the new receive connector. About an hour later I tried to send mail and get 550 5.7.1 client was not authenticated. Any suggestions appreciated. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
Re: Exchange 2007, new receive connector setup for relay only works for a short time
Thanks, I tried that after doing what I described and still the same deal where it works for a while and throws the 530.5.7.1 client was not authenticated. I also found that if I disable/enable the new receive connector via the management console it will again handle mail for over an hour. Then I tried deleting the new connector and creating a new connector via the management shell from another MS article using a different name for the connector: PS] C:\New-ReceiveConnector -Name svr4 relay -Usage Custom -AuthMechanism ExternalAuthoritative -PermissionGroups ExchangeServers -Bindings 192.168.5.100 :587 -RemoteIpRanges 192.168.5.111 That will handle mail for over an hour and then 530.5.7.1 client was not authenticated. I can disable/enable the connector as I described and it will work for over an hour. On Fri, Sep 2, 2011 at 4:34 PM, Garfield Babb gsb...@hotmail.com wrote: Check out this article http://blogs.technet.com/b/exchange/archive/2006/12/28/3397620.aspx -- Date: Fri, 2 Sep 2011 13:13:31 -0400 Subject: Exchange 2007, new receive connector setup for relay only works for a short time From: hgedr...@gmail.com To: exchangelist@lyris.sunbelt-software.com I set up a new receive connector on the hub transport (no edge transport). to relay for an internal app server. It listens on port 587 and is set to accept mail only from the app server IP address I gave the connector anonymous permission and used the Exchange management shell to give the new connector permission to relay. It worked for a while last night and then refused connections. I then ran Ghostmail on the app server. When sending through the new connector I get a 550 5.7.1 client was not authenticated. Rebooted the Exchange server this morning. No mail is being sent from the app server. I was able to send mail with Ghostmail through the new receive connector. About an hour later I tried to send mail and get 550 5.7.1 client was not authenticated. Any suggestions appreciated. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: not permitted to relay...
The user is sending via HTML. Exchange is forwarding to a smarthost we have that handles outgoing SMTP. We do have message tracking and it does indicate it was forwarded to our smart house via smtp.. Jimmy From: Orland, Kathleen [mailto:korl...@rogers.com] Sent: Monday, August 08, 2011 2:22 PM To: MS-Exchange Admin Issues Subject: RE: not permitted to relay... Is the user sending in plain text, rich text, or HTML? Have you enabled message tracking? From: Jimmy Tran [mailto:jt...@teachtci.com] Sent: Monday, August 08, 2011 5:12 PM To: MS-Exchange Admin Issues Subject: not permitted to relay... Hi All, I have one specific user who gets the sl.teachtci.com #5.5.0 smtp;550-sl.teachtci.com [216.0.71.76] is currently not permitted to relay through error. I sent a few test emails and the recipient was able to get them ok. This sounds like the recipients' mail servers could be blocking that particular user? Does anyone have any suggestions I could try. I don't think this is an issue on my end. We are on Exchange 2003. Thanks, Jimmy --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
Re: not permitted to relay...
This is not an Exchange issue. If the email made it to the smart host and was rejected during transmission from the smart host to the recipient's mail server, then it's something else. If you put in the entire reject message from the recipient's mail server, you'll have a better chance of finding out what the cause is. The ESMTP code 5.5.0 should come with a sub-code that tells you more specifically what the problem is, which could be, among other things, that the recipient's mailbox is full, or unavailable, or something else entirely. As a help, here's a decent page listing some of the codes and what they mean: http://www.google.com/support/appsecurity/bin/answer.py?hl=enanswer=134416 Kurt On Tue, Aug 9, 2011 at 08:27, Jimmy Tran jt...@teachtci.com wrote: The user is sending via HTML. Exchange is forwarding to a smarthost we have that handles outgoing SMTP. We do have message tracking and it does indicate it was forwarded to our smart house via smtp.. Jimmy From: Orland, Kathleen [mailto:korl...@rogers.com] Sent: Monday, August 08, 2011 2:22 PM To: MS-Exchange Admin Issues Subject: RE: not permitted to relay... Is the user sending in plain text, rich text, or HTML? Have you enabled message tracking? From: Jimmy Tran [mailto:jt...@teachtci.com] Sent: Monday, August 08, 2011 5:12 PM To: MS-Exchange Admin Issues Subject: not permitted to relay... Hi All, I have one specific user who gets the “sl.teachtci.com #5.5.0 smtp;550-sl.teachtci.com [216.0.71.76] is currently not permitted to relay through” error. I sent a few test emails and the recipient was able to get them ok. This sounds like the recipients’ mail servers could be blocking that particular user? Does anyone have any suggestions I could try. I don’t think this is an issue on my end. We are on Exchange 2003. Thanks, Jimmy --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: not permitted to relay...
This is the exact error I got in the bounce back “sl.teachtci.com #5.5.0 smtp;550-sl.teachtci.com [216.0.71.76] is currently not permitted to relay through” From your link, the 550 would mean the mailbox is unavailable. How could that be when I was able to send the email through? Could me be a DNS issue on the recipients' end? It sounds like I'm in the clear here and the recipient needs to get their side fixed? Jimmy -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, August 09, 2011 3:35 PM To: MS-Exchange Admin Issues Subject: Re: not permitted to relay... This is not an Exchange issue. If the email made it to the smart host and was rejected during transmission from the smart host to the recipient's mail server, then it's something else. If you put in the entire reject message from the recipient's mail server, you'll have a better chance of finding out what the cause is. The ESMTP code 5.5.0 should come with a sub-code that tells you more specifically what the problem is, which could be, among other things, that the recipient's mailbox is full, or unavailable, or something else entirely. As a help, here's a decent page listing some of the codes and what they mean: http://www.google.com/support/appsecurity/bin/answer.py?hl=enanswer=134416 Kurt On Tue, Aug 9, 2011 at 08:27, Jimmy Tran jt...@teachtci.com wrote: The user is sending via HTML. Exchange is forwarding to a smarthost we have that handles outgoing SMTP. We do have message tracking and it does indicate it was forwarded to our smart house via smtp.. Jimmy From: Orland, Kathleen [mailto:korl...@rogers.com] Sent: Monday, August 08, 2011 2:22 PM To: MS-Exchange Admin Issues Subject: RE: not permitted to relay... Is the user sending in plain text, rich text, or HTML? Have you enabled message tracking? From: Jimmy Tran [mailto:jt...@teachtci.com] Sent: Monday, August 08, 2011 5:12 PM To: MS-Exchange Admin Issues Subject: not permitted to relay... Hi All, I have one specific user who gets the “sl.teachtci.com #5.5.0 smtp;550-sl.teachtci.com [216.0.71.76] is currently not permitted to relay through” error. I sent a few test emails and the recipient was able to get them ok. This sounds like the recipients’ mail servers could be blocking that particular user? Does anyone have any suggestions I could try. I don’t think this is an issue on my end. We are on Exchange 2003. Thanks, Jimmy --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
Re: not permitted to relay...
It sounds like there is an MX record set up for the domain you're trying to send to (say it's xyz.com), only the mail server at the corresponding IP address is saying, xyz.com? I don't accept mail for that domain. /bounce Probably not you or your smarthost's problem, provided the rest of your outbound mail is working fine. On Aug 9, 2011, at 6:10 PM, Jimmy Tran jt...@teachtci.com wrote: This is the exact error I got in the bounce back “sl.teachtci.com #5.5.0 smtp;550-sl.teachtci.com [216.0.71.76] is currently not permitted to relay through” From your link, the 550 would mean the mailbox is unavailable. How could that be when I was able to send the email through? Could me be a DNS issue on the recipients' end? It sounds like I'm in the clear here and the recipient needs to get their side fixed? Jimmy -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, August 09, 2011 3:35 PM To: MS-Exchange Admin Issues Subject: Re: not permitted to relay... This is not an Exchange issue. If the email made it to the smart host and was rejected during transmission from the smart host to the recipient's mail server, then it's something else. If you put in the entire reject message from the recipient's mail server, you'll have a better chance of finding out what the cause is. The ESMTP code 5.5.0 should come with a sub-code that tells you more specifically what the problem is, which could be, among other things, that the recipient's mailbox is full, or unavailable, or something else entirely. As a help, here's a decent page listing some of the codes and what they mean: http://www.google.com/support/appsecurity/bin/answer.py?hl=enanswer=134416 Kurt On Tue, Aug 9, 2011 at 08:27, Jimmy Tran jt...@teachtci.com wrote: The user is sending via HTML. Exchange is forwarding to a smarthost we have that handles outgoing SMTP. We do have message tracking and it does indicate it was forwarded to our smart house via smtp.. Jimmy From: Orland, Kathleen [mailto:korl...@rogers.com] Sent: Monday, August 08, 2011 2:22 PM To: MS-Exchange Admin Issues Subject: RE: not permitted to relay... Is the user sending in plain text, rich text, or HTML? Have you enabled message tracking? From: Jimmy Tran [mailto:jt...@teachtci.com] Sent: Monday, August 08, 2011 5:12 PM To: MS-Exchange Admin Issues Subject: not permitted to relay... Hi All, I have one specific user who gets the “sl.teachtci.com #5.5.0 smtp;550-sl.teachtci.com [216.0.71.76] is currently not permitted to relay through” error. I sent a few test emails and the recipient was able to get them ok. This sounds like the recipients’ mail servers could be blocking that particular user? Does anyone have any suggestions I could try. I don’t think this is an issue on my end. We are on Exchange 2003. Thanks, Jimmy --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist This e-mail and any files transmitted with it are confidential, are intended solely for the use of the addressee, and may be legally privileged. If you have received this e-mail in error, please notify the sender immediately; disclosing, copying, distributing, or taking any action in reliance on the contents of this information is strictly prohibited. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
Re: not permitted to relay...
Yup. Sounds like it isn't your problem. It's unlikely to be a DNS issue - it's more likely to be a fault in their internal MTA infrastructure. Assume that they, like you, are using a mail gateway, including inbound functionality, probably for spam/virus filtering. If that's the case, they've got a problem with it, and it's also incorrectly configured. The problem could be almost anything, but the incorrect configuration would be that they don't validate recipients during the ESMTP conversation. Instead, it is likely that they receive a message, evaluate it, try to pass it to their internal mail server, and when that has a problem the gateway generates the 5.5.0 error message and bounces the message. There are other possible causes, but that's what I'd put my money on. Kurt On Tue, Aug 9, 2011 at 16:08, Jimmy Tran jt...@teachtci.com wrote: This is the exact error I got in the bounce back “sl.teachtci.com #5.5.0 smtp;550-sl.teachtci.com [216.0.71.76] is currently not permitted to relay through” From your link, the 550 would mean the mailbox is unavailable. How could that be when I was able to send the email through? Could me be a DNS issue on the recipients' end? It sounds like I'm in the clear here and the recipient needs to get their side fixed? Jimmy -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, August 09, 2011 3:35 PM To: MS-Exchange Admin Issues Subject: Re: not permitted to relay... This is not an Exchange issue. If the email made it to the smart host and was rejected during transmission from the smart host to the recipient's mail server, then it's something else. If you put in the entire reject message from the recipient's mail server, you'll have a better chance of finding out what the cause is. The ESMTP code 5.5.0 should come with a sub-code that tells you more specifically what the problem is, which could be, among other things, that the recipient's mailbox is full, or unavailable, or something else entirely. As a help, here's a decent page listing some of the codes and what they mean: http://www.google.com/support/appsecurity/bin/answer.py?hl=enanswer=134416 Kurt On Tue, Aug 9, 2011 at 08:27, Jimmy Tran jt...@teachtci.com wrote: The user is sending via HTML. Exchange is forwarding to a smarthost we have that handles outgoing SMTP. We do have message tracking and it does indicate it was forwarded to our smart house via smtp.. Jimmy From: Orland, Kathleen [mailto:korl...@rogers.com] Sent: Monday, August 08, 2011 2:22 PM To: MS-Exchange Admin Issues Subject: RE: not permitted to relay... Is the user sending in plain text, rich text, or HTML? Have you enabled message tracking? From: Jimmy Tran [mailto:jt...@teachtci.com] Sent: Monday, August 08, 2011 5:12 PM To: MS-Exchange Admin Issues Subject: not permitted to relay... Hi All, I have one specific user who gets the “sl.teachtci.com #5.5.0 smtp;550-sl.teachtci.com [216.0.71.76] is currently not permitted to relay through” error. I sent a few test emails and the recipient was able to get them ok. This sounds like the recipients’ mail servers could be blocking that particular user? Does anyone have any suggestions I could try. I don’t think this is an issue on my end. We are on Exchange 2003. Thanks, Jimmy --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: not permitted to relay...
Great. Thanks to everyone who contributed. I'll go bug the other admin now! Jimmy -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, August 09, 2011 5:34 PM To: MS-Exchange Admin Issues Subject: Re: not permitted to relay... Yup. Sounds like it isn't your problem. It's unlikely to be a DNS issue - it's more likely to be a fault in their internal MTA infrastructure. Assume that they, like you, are using a mail gateway, including inbound functionality, probably for spam/virus filtering. If that's the case, they've got a problem with it, and it's also incorrectly configured. The problem could be almost anything, but the incorrect configuration would be that they don't validate recipients during the ESMTP conversation. Instead, it is likely that they receive a message, evaluate it, try to pass it to their internal mail server, and when that has a problem the gateway generates the 5.5.0 error message and bounces the message. There are other possible causes, but that's what I'd put my money on. Kurt On Tue, Aug 9, 2011 at 16:08, Jimmy Tran jt...@teachtci.com wrote: This is the exact error I got in the bounce back “sl.teachtci.com #5.5.0 smtp;550-sl.teachtci.com [216.0.71.76] is currently not permitted to relay through” From your link, the 550 would mean the mailbox is unavailable. How could that be when I was able to send the email through? Could me be a DNS issue on the recipients' end? It sounds like I'm in the clear here and the recipient needs to get their side fixed? Jimmy -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, August 09, 2011 3:35 PM To: MS-Exchange Admin Issues Subject: Re: not permitted to relay... This is not an Exchange issue. If the email made it to the smart host and was rejected during transmission from the smart host to the recipient's mail server, then it's something else. If you put in the entire reject message from the recipient's mail server, you'll have a better chance of finding out what the cause is. The ESMTP code 5.5.0 should come with a sub-code that tells you more specifically what the problem is, which could be, among other things, that the recipient's mailbox is full, or unavailable, or something else entirely. As a help, here's a decent page listing some of the codes and what they mean: http://www.google.com/support/appsecurity/bin/answer.py?hl=enanswer=134416 Kurt On Tue, Aug 9, 2011 at 08:27, Jimmy Tran jt...@teachtci.com wrote: The user is sending via HTML. Exchange is forwarding to a smarthost we have that handles outgoing SMTP. We do have message tracking and it does indicate it was forwarded to our smart house via smtp.. Jimmy From: Orland, Kathleen [mailto:korl...@rogers.com] Sent: Monday, August 08, 2011 2:22 PM To: MS-Exchange Admin Issues Subject: RE: not permitted to relay... Is the user sending in plain text, rich text, or HTML? Have you enabled message tracking? From: Jimmy Tran [mailto:jt...@teachtci.com] Sent: Monday, August 08, 2011 5:12 PM To: MS-Exchange Admin Issues Subject: not permitted to relay... Hi All, I have one specific user who gets the “sl.teachtci.com #5.5.0 smtp;550-sl.teachtci.com [216.0.71.76] is currently not permitted to relay through” error. I sent a few test emails and the recipient was able to get them ok. This sounds like the recipients’ mail servers could be blocking that particular user? Does anyone have any suggestions I could try. I don’t think this is an issue on my end. We are on Exchange 2003. Thanks, Jimmy --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
not permitted to relay...
Hi All, I have one specific user who gets the sl.teachtci.com #5.5.0 smtp;550-sl.teachtci.com [216.0.71.76] is currently not permitted to relay through error. I sent a few test emails and the recipient was able to get them ok. This sounds like the recipients' mail servers could be blocking that particular user? Does anyone have any suggestions I could try. I don't think this is an issue on my end. We are on Exchange 2003. Thanks, Jimmy --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: not permitted to relay...
Is the user sending in plain text, rich text, or HTML? Have you enabled message tracking? From: Jimmy Tran [mailto:jt...@teachtci.com] Sent: Monday, August 08, 2011 5:12 PM To: MS-Exchange Admin Issues Subject: not permitted to relay... Hi All, I have one specific user who gets the sl.teachtci.com #5.5.0 smtp;550-sl.teachtci.com [216.0.71.76] is currently not permitted to relay through error. I sent a few test emails and the recipient was able to get them ok. This sounds like the recipients' mail servers could be blocking that particular user? Does anyone have any suggestions I could try. I don't think this is an issue on my end. We are on Exchange 2003. Thanks, Jimmy --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
Re: URGENT: You do not have permission to send to this recipient smtp;550 5.7.1 Unable to relay for
The server generating our NDRs is either one of the three Front-End looking at message tracking the NDRs is sent just after the categorizer process emails. I have enabled SMTP logging and received the following error: Event Type: Error Event Source: MSExchangeTransport Event Category: SMTP Protocol Event ID: 7010 Date: 6/7/2011 Time: 8:45:15 AM User: N/A Computer: B1 Description: This is an SMTP protocol log for virtual server ID 1, connection #3583. The client at 150.7.5.65 sent a xexch50 command, and the SMTP server responded with 504 Need to authenticate first . The full command sent was xexch50 1020 2. This will probably cause the connection to fail. For more information, click http://www.microsoft.com/contentredirect.asp. In ESM Access Control is configured to accept Anonymous Access for authentication on the SMTP Virtual Server (Resolve anonymous email is checked too) plus Integrated Authentication. On Mon, Jun 6, 2011 at 8:24 PM, Orland, Kathleen korl...@rogers.com wrote: From the NDR you gets back obviously there’s a server that is generating the NDR. Is it your server issuing the SMTP unable to relay response or is it an external server that is causing your server to generate the NDR? Message tracking / protocol logging can help you track down what IP address is issuing the SMTP response and why. *From:* Al Rose [mailto:arose...@gmail.com] *Sent:* 06 June 2011 10:34 *To:* MS-Exchange Admin Issues *Subject:* URGENT: You do not have permission to send to this recipient smtp;550 5.7.1 Unable to relay for Hi, Exchange 2003 SP2, clients Outlook 2003 All of a sudden all emails in our ORG generate NDRs: You do not have permission to send to this recipient smtp;550 5.7.1 Unable to relay for u...@acme.com Havent touched config in Exchange, but tried to restart SMTP service on all front end servers and do the following fix: select your virtual smtp server and right click then options. if you have 2 virtual servers choose the one that connects to the outside. go to access tab and click on relay. choose only that list make sure you untick the autorize relay to autenticated computers check box. click on the users button and check both check boxes for authenticated users. Any ideas? --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
Re: URGENT: You do not have permission to send to this recipient smtp;550 5.7.1 Unable to relay for
Turned out to be a smarthost issue. We use a DNS name as smart host, the DNS record points to four servers. Only one of the three is working correctly so we pointed to the ip address as a temp fix. Thanks everyone for feedback and support, much appreciated. On Tue, Jun 7, 2011 at 8:49 AM, Al Rose arose...@gmail.com wrote: The server generating our NDRs is either one of the three Front-End looking at message tracking the NDRs is sent just after the categorizer process emails. I have enabled SMTP logging and received the following error: Event Type: Error Event Source: MSExchangeTransport Event Category: SMTP Protocol Event ID: 7010 Date: 6/7/2011 Time: 8:45:15 AM User: N/A Computer: B1 Description: This is an SMTP protocol log for virtual server ID 1, connection #3583. The client at 150.7.5.65 sent a xexch50 command, and the SMTP server responded with 504 Need to authenticate first . The full command sent was xexch50 1020 2. This will probably cause the connection to fail. For more information, click http://www.microsoft.com/contentredirect.asp. In ESM Access Control is configured to accept Anonymous Access for authentication on the SMTP Virtual Server (Resolve anonymous email is checked too) plus Integrated Authentication. On Mon, Jun 6, 2011 at 8:24 PM, Orland, Kathleen korl...@rogers.comwrote: From the NDR you gets back obviously there’s a server that is generating the NDR. Is it your server issuing the SMTP unable to relay response or is it an external server that is causing your server to generate the NDR? Message tracking / protocol logging can help you track down what IP address is issuing the SMTP response and why. *From:* Al Rose [mailto:arose...@gmail.com] *Sent:* 06 June 2011 10:34 *To:* MS-Exchange Admin Issues *Subject:* URGENT: You do not have permission to send to this recipient smtp;550 5.7.1 Unable to relay for Hi, Exchange 2003 SP2, clients Outlook 2003 All of a sudden all emails in our ORG generate NDRs: You do not have permission to send to this recipient smtp;550 5.7.1 Unable to relay for u...@acme.com Havent touched config in Exchange, but tried to restart SMTP service on all front end servers and do the following fix: select your virtual smtp server and right click then options. if you have 2 virtual servers choose the one that connects to the outside. go to access tab and click on relay. choose only that list make sure you untick the autorize relay to autenticated computers check box. click on the users button and check both check boxes for authenticated users. Any ideas? --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: URGENT: You do not have permission to send to this recipient smtp;550 5.7.1 Unable to relay for
You don't have to touch relay settings at all if the client machines are all Outlook MAPI clients (instead of POP3/IMAP/SMTP). What server is generating the NDR? Are you using a smart host? If so, have you checked it is still able to relay email for your server? Simon. -- Simon Butler MVP: Exchange, MCSE Sembee Ltd. e: si...@sembee.co.uk w: http://www.sembee.co.uk/ w: http://exchange.sembee.info/ w: http://blog.sembee.co.uk/ Need cheap certificates for Exchange, compatible with the iPhone? http://CertificatesForExchange.com/http://certificatesforexchange.com/ for certificates from just $26.99. Need a domain for your certificate? http://DomainsForExchange.net/http://domainsforexchange.net/ Exchange Resources: http://exbpa.com/ From: Al Rose [mailto:arose...@gmail.com] Sent: 06 June 2011 15:34 To: MS-Exchange Admin Issues Subject: URGENT: You do not have permission to send to this recipient smtp;550 5.7.1 Unable to relay for Hi, Exchange 2003 SP2, clients Outlook 2003 All of a sudden all emails in our ORG generate NDRs: You do not have permission to send to this recipient smtp;550 5.7.1 Unable to relay for u...@acme.commailto:u...@acme.com Havent touched config in Exchange, but tried to restart SMTP service on all front end servers and do the following fix: select your virtual smtp server and right click then options. if you have 2 virtual servers choose the one that connects to the outside. go to access tab and click on relay. choose only that list make sure you untick the autorize relay to autenticated computers check box. click on the users button and check both check boxes for authenticated users. Any ideas? --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: URGENT: You do not have permission to send to this recipient smtp;550 5.7.1 Unable to relay for
Exchange 2003? Do these errors include internal e-mails? Have you changed the recipient policy and perhaps inadvertently removed your internal domain? I've had this happen to a customer before in a past life :) Is the exchange system perhaps no longer authoritative for the internal domain name? Regards [cid:image001.jpg@01CC2482.7AA5B3D0] Peter Johnson I.T Architect United Kingdom: +44 1285 658542 South Africa: +27 11 252 1100 Swaziland: +268 2442 7000 Fax:+27 11 974 7130 Mobile: +2783 306 0019 peter.john...@peterstow.com www.peterstow.comhttp://www.peterstow.com This email message (including attachments) contains information which may be confidential and/or legally privileged. Unless you are the intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the message or from any attachments that were sent with this email, and If you have received this email message in error, please advise the sender by email, and delete the message. Unauthorised disclosure and/or use of information contained in this email may result in civil and criminal liability. Everything in this e-mail and attachments relating to the official business of Peterstow Aquapower is proprietary to the company. Caution should be observed in placing any reliance upon any information contained in this e-mail, which is not intended to be a representation or inducement to make any decision in relation to Peterstow Aquapower. Any decision taken based on the information provided in this e-mail, should only be made after consultation with appropriate legal, regulatory, tax, technical, business, investment, financial, and accounting advisors. Neither the sender of the e-mail, nor Peterstow Aquapower shall be liable to any party for any direct, indirect or consequential damages, including, without limitation, loss of profit, interruption of business or loss of information, data or software or otherwise. The e-mail address of the sender may not be used, copied, sold, disclosed or incorporated into any database or mailing list for spamming and/or other marketing purposes without the prior consent of Peterstow Aquapower. No warranties are created or implied that an employee of Peterstow Aquapower and/or a contractor of Peterstow Aquapower is authorized to create and send this e-mail. [cid:image002.jpg@01CC2482.7AA5B3D0] From: Al Rose [mailto:arose...@gmail.com] Sent: 06 June 2011 07:07 PM To: MS-Exchange Admin Issues Subject: Re: URGENT: You do not have permission to send to this recipient smtp;550 5.7.1 Unable to relay for We are indeed using a smart host, i contacted the admin for this one and they said everything is OK... I reverted back the relay settings to what they were. Relay Restrictions: Only the list below (empty list) Box checked Allow all computers which succesfully authenticate to relay Still NDRs To see i have disabled Antigen SMTP scan but no luck On Mon, Jun 6, 2011 at 6:11 PM, Simon Butler si...@sembee.co.ukmailto:si...@sembee.co.uk wrote: You don't have to touch relay settings at all if the client machines are all Outlook MAPI clients (instead of POP3/IMAP/SMTP). What server is generating the NDR? Are you using a smart host? If so, have you checked it is still able to relay email for your server? Simon. -- Simon Butler MVP: Exchange, MCSE Sembee Ltd. e: si...@sembee.co.ukmailto:si...@sembee.co.uk w: http://www.sembee.co.uk/ w: http://exchange.sembee.info/ w: http://blog.sembee.co.uk/ Need cheap certificates for Exchange, compatible with the iPhone? http://CertificatesForExchange.com/http://certificatesforexchange.com/ for certificates from just $26.99. Need a domain for your certificate? http://DomainsForExchange.net/http://domainsforexchange.net/ Exchange Resources: http://exbpa.com/ From: Al Rose [mailto:arose...@gmail.commailto:arose...@gmail.com] Sent: 06 June 2011 15:34 To: MS-Exchange Admin Issues Subject: URGENT: You do not have permission to send to this recipient smtp;550 5.7.1 Unable to relay for Hi, Exchange 2003 SP2, clients Outlook 2003 All of a sudden all emails in our ORG generate NDRs: You do not have permission to send to this recipient smtp;550 5.7.1 Unable to relay for u...@acme.commailto:u...@acme.com Havent touched config in Exchange, but tried to restart SMTP service on all front end servers and do the following fix: select your virtual smtp server and right click then options. if you have 2 virtual servers choose the one that connects to the outside. go to access tab and click on relay. choose only that list make sure you untick the autorize relay to autenticated computers check box. click on the users button and check both check boxes for authenticated users. Any ideas? --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe
RE: URGENT: You do not have permission to send to this recipient smtp;550 5.7.1 Unable to relay for
Have you tried restarting the routing engine? Maybe the routing tables are hosed. From: Al Rose [mailto:arose...@gmail.com] Sent: Monday, June 06, 2011 1:00 PM To: MS-Exchange Admin Issues Subject: Re: URGENT: You do not have permission to send to this recipient smtp;550 5.7.1 Unable to relay for These errors include internal emails indeed. I have checked the recipient policies and nothing changed, i can still see the domain name listed. Thank you On Mon, Jun 6, 2011 at 7:46 PM, Peter Johnson peter.john...@peterstow.commailto:peter.john...@peterstow.com wrote: Exchange 2003? Do these errors include internal e-mails? Have you changed the recipient policy and perhaps inadvertently removed your internal domain? I've had this happen to a customer before in a past life :) Is the exchange system perhaps no longer authoritative for the internal domain name? Regards [Description: C:\Users\ptjohnson\AppData\Roaming\Microsoft\Signatures\peterstow logo2.jpg] Peter Johnson I.T Architect United Kingdom: +44 1285 658542 South Africa: +27 11 252 1100 Swaziland: +268 2442 7000 Fax:+27 11 974 7130 Mobile: +2783 306 0019 peter.john...@peterstow.commailto:peter.john...@peterstow.com www.peterstow.comhttp://www.peterstow.com This email message (including attachments) contains information which may be confidential and/or legally privileged. Unless you are the intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the message or from any attachments that were sent with this email, and If you have received this email message in error, please advise the sender by email, and delete the message. Unauthorised disclosure and/or use of information contained in this email may result in civil and criminal liability. Everything in this e-mail and attachments relating to the official business of Peterstow Aquapower is proprietary to the company. Caution should be observed in placing any reliance upon any information contained in this e-mail, which is not intended to be a representation or inducement to make any decision in relation to Peterstow Aquapower. Any decision taken based on the information provided in this e-mail, should only be made after consultation with appropriate legal, regulatory, tax, technical, business, investment, financial, and accounting advisors. Neither the sender of the e-mail, nor Peterstow Aquapower shall be liable to any party for any direct, indirect or consequential damages, including, without limitation, loss of profit, interruption of business or loss of information, data or software or otherwise. The e-mail address of the sender may not be used, copied, sold, disclosed or incorporated into any database or mailing list for spamming and/or other marketing purposes without the prior consent of Peterstow Aquapower. No warranties are created or implied that an employee of Peterstow Aquapower and/or a contractor of Peterstow Aquapower is authorized to create and send this e-mail. [Description: C:\Users\ptjohnson\AppData\Roaming\Microsoft\Signatures\environment2.jpg] From: Al Rose [mailto:arose...@gmail.commailto:arose...@gmail.com] Sent: 06 June 2011 07:07 PM To: MS-Exchange Admin Issues Subject: Re: URGENT: You do not have permission to send to this recipient smtp;550 5.7.1 Unable to relay for We are indeed using a smart host, i contacted the admin for this one and they said everything is OK... I reverted back the relay settings to what they were. Relay Restrictions: Only the list below (empty list) Box checked Allow all computers which succesfully authenticate to relay Still NDRs To see i have disabled Antigen SMTP scan but no luck On Mon, Jun 6, 2011 at 6:11 PM, Simon Butler si...@sembee.co.ukmailto:si...@sembee.co.uk wrote: You don't have to touch relay settings at all if the client machines are all Outlook MAPI clients (instead of POP3/IMAP/SMTP). What server is generating the NDR? Are you using a smart host? If so, have you checked it is still able to relay email for your server? Simon. -- Simon Butler MVP: Exchange, MCSE Sembee Ltd. e: si...@sembee.co.ukmailto:si...@sembee.co.uk w: http://www.sembee.co.uk/ w: http://exchange.sembee.info/ w: http://blog.sembee.co.uk/ Need cheap certificates for Exchange, compatible with the iPhone? http://CertificatesForExchange.com/http://certificatesforexchange.com/ for certificates from just $26.99. Need a domain for your certificate? http://DomainsForExchange.net/http://domainsforexchange.net/ Exchange Resources: http://exbpa.com/ From: Al Rose [mailto:arose...@gmail.commailto:arose...@gmail.com] Sent: 06 June 2011 15:34 To: MS-Exchange Admin Issues Subject: URGENT: You do not have permission to send to this recipient smtp;550 5.7.1 Unable to relay for Hi, Exchange 2003 SP2, clients Outlook 2003 All of a sudden all emails in our ORG generate NDRs: You do not have permission to send to this recipient smtp;550 5.7.1 Unable to relay for u
RE: URGENT: You do not have permission to send to this recipient smtp;550 5.7.1 Unable to relay for
From the NDR you gets back obviously there's a server that is generating the NDR. Is it your server issuing the SMTP unable to relay response or is it an external server that is causing your server to generate the NDR? Message tracking / protocol logging can help you track down what IP address is issuing the SMTP response and why. From: Al Rose [mailto:arose...@gmail.com] Sent: 06 June 2011 10:34 To: MS-Exchange Admin Issues Subject: URGENT: You do not have permission to send to this recipient smtp;550 5.7.1 Unable to relay for Hi, Exchange 2003 SP2, clients Outlook 2003 All of a sudden all emails in our ORG generate NDRs: You do not have permission to send to this recipient smtp;550 5.7.1 Unable to relay for u...@acme.com Havent touched config in Exchange, but tried to restart SMTP service on all front end servers and do the following fix: select your virtual smtp server and right click then options. if you have 2 virtual servers choose the one that connects to the outside. go to access tab and click on relay. choose only that list make sure you untick the autorize relay to autenticated computers check box. click on the users button and check both check boxes for authenticated users. Any ideas? --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
Re: RE: Allow SMTP relay by Group membership?
Ooo, please tell me more. I'm facing the same scenario, (only we're under 2007 for the moment - migration to 2010 is in the works). We have a team of recruiters who use a hosted app called Sendouts. There is a client for the app that is installed locally and needs to be able to send smtp mail from the workstations where it is installed. I'd rather not have to manage static IP Addresses and associated transport rules if I don't have to. Thanks, Jonathan A+, MCSA, MCSE Thumb-typed from my HTC Droid Incredible (and yes, it really is) on the Verizon network. Please excuse brevity and any misspellings. On May 23, 2011 8:31 PM, Michael B. Smith mich...@smithcons.com wrote: I haven't tried this, so don't hold me to it - but I think you could manage this with a transport rule. It might take two working together, but I think you could make it happen. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Robert Peterson [mailto:robert.peter...@prin.edu] Sent: Monday, May 23, 2011 6:20 PM To: MS-Exchange Admin Issues Subject: Allow SMTP relay by Group membership? Currently within Exchange 2010, we do not allow anonymous relaying of mail to the outside except from specific internal IPs via the Relay Connector. The problem I have is a network application being used that attempts to send mail from the local workstation via an SMTP tool from within the fat client of this application. The mail is attempting to send from the local workstation. If I add the IP of the workstation to the allowed IP list, I am sure Exchange will relay the mail just fine. But I don't relish the idea of managing static IPs for these multiple machines, across various subnets. Is there a way to allow relaying via an AD group membership, either for the machine or user? Thanks for any ideas, Robert --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto: listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
Allow SMTP relay by Group membership?
Currently within Exchange 2010, we do not allow anonymous relaying of mail to the outside except from specific internal IPs via the Relay Connector. The problem I have is a network application being used that attempts to send mail from the local workstation via an SMTP tool from within the fat client of this application. The mail is attempting to send from the local workstation. If I add the IP of the workstation to the allowed IP list, I am sure Exchange will relay the mail just fine. But I don't relish the idea of managing static IPs for these multiple machines, across various subnets. Is there a way to allow relaying via an AD group membership, either for the machine or user? Thanks for any ideas, Robert --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Allow SMTP relay by Group membership?
I haven't tried this, so don't hold me to it - but I think you could manage this with a transport rule. It might take two working together, but I think you could make it happen. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Robert Peterson [mailto:robert.peter...@prin.edu] Sent: Monday, May 23, 2011 6:20 PM To: MS-Exchange Admin Issues Subject: Allow SMTP relay by Group membership? Currently within Exchange 2010, we do not allow anonymous relaying of mail to the outside except from specific internal IPs via the Relay Connector. The problem I have is a network application being used that attempts to send mail from the local workstation via an SMTP tool from within the fat client of this application. The mail is attempting to send from the local workstation. If I add the IP of the workstation to the allowed IP list, I am sure Exchange will relay the mail just fine. But I don't relish the idea of managing static IPs for these multiple machines, across various subnets. Is there a way to allow relaying via an AD group membership, either for the machine or user? Thanks for any ideas, Robert --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
Re: Fixing Exchange 2007 server that might be hijacked or used as a relay and has been blacklisted
This error is actually coming from Comcast's email servers when I try to send an email to our company from Comast. From: Richard Stovall rich...@gmail.com To: MS-Exchange Admin Issues exchangelist@lyris.sunbelt-software.com Sent: Tue, April 26, 2011 10:23:12 PM Subject: Re: Fixing Exchange 2007 server that might be hijacked or used as a relay and has been blacklisted I've never used Zimbra. (It looks like you do.) How is your edge-facing Zimbra instance determining what internal addresses are viable? On Tue, Apr 26, 2011 at 11:18 PM, Don Kuhlman drkuhl...@yahoo.com wrote: Yep Richard - you're undestanding perfectly - outside parties - say usern...@comcast.net can't send to the company Comcast's email immediately generates a huge error that I can't even copy and paste. I did type the major parts of it and they are pasted below with email and company.com being substituted out, etc. This worked about a week ago(no problems sending from comcast to our domain). At first I thought something had changed at Comcast. I googled the SCC-1203 and SCC-1204 codes along with the error text below and it led me to Comcast's forum. That in turn led me to posts saying the target email address was not on a secure server or that the target domain was not allowed to be sent to, which then led me to search for blacklisting and I found the domain blacklisted on two sites, which I went to and manually asked them to remove us by putting our external email server ip address into the forms on the blacklist sites. However, just trying it now from Comcast still causes it to fail immediately with this error. Since I orginally thought it was a Comcast issue because I hadn't heard about any other failures from other domains sending to us (hitachi, etc.), I opened a case with Comcast. They are supposed to be investigating which maybe they can enlighten me too ;) Thanks! Don K Message not sent; The following addresses were not accepted: {0} SCC-1203 Message not sent; The following addresses were not accepted: email@company.comSCC-1204 method: SendMsgRequest msg: Invalid address: em...@company.comcom.zimbra.cs.mailbox.MailSender$SafeSendFailedException: code: mail.SEND_ABORTED_ADDRESS_FAILURE detail: soap:Sender trace: btp00l0-121808:1303873522184:a35c69230074fa82 request: Body: { From: Richard Stovall rich...@gmail.com To: MS-Exchange Admin Issues exchangelist@lyris.sunbelt-software.com Sent: Tue, April 26, 2011 9:07:34 PM Subject: Re: Fixing Exchange 2007 server that might be hijacked or used as a relay and has been blacklisted Blacklisting, as I typically understand it, means that you can't send to the other party. What you're describing, unless I misunderstand, is a situation where outside parties are unable to send to you. What are the exact (full text) errors you received from Comcast when testing? On Tue, Apr 26, 2011 at 9:30 PM, Don Kuhlman drkuhl...@yahoo.com wrote: Hi folks. This is probably a very basic question for the Exchange gurus...I'm trying to support of an exchange 2007 server (on SBS 2008) and found that it looks like we're being blacklisted by certain sites. Internal users were reporting that they couldn't receive emails from outside customers using comcast.net, and hitachi among others. I tried to send to emails internally from comcast and was also getting errors that we were being blocked or not allowed from comcast. I ran some scans from different sites such as http://www.mxtoolbox.com/SuperTool.aspx that show if you're blacklisted and found a couple instances where we were. I've been trying to find a way (internally from the server logs or firewall logs) to see if the Exchange 2007 server was hijacked or is being used as a relay. I'm not sure what to look for as traffic patterns on the firewall so that I can set rules to block this, nor what I might want to try initially on the server to protect it. I looked (googled) for how to test for blacklisting and all I'm finding is sites that tell you how to request you be removed temporarily from a blacklist or how to test your ip for blacklist status. Are there good sites that I can study to find out from the server's perspective or how to make sure it's not being used maliciously for relaying or spamming or some sites that tell me how to lock it down or verify it's okay (not to mention getting it permanently off the blacklists) ? Thanks! Don K --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums
RE: Fixing Exchange 2007 server that might be hijacked or used as a relay and has been blacklisted
Ran into this at my last %company%. Unfortunately, you will have to hound Comcast for help. I wasn't involved directly, so, sorry I can't give you any details. I just remember a co-worker bitching about dealing with Comcast. Don Guyer Windows Systems Engineer RIM Operations Engineering Distributed - A Team, Tier 2 Enterprise Technology Group Fiserv don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com http://www.fiserv.com/ From: Don Kuhlman [mailto:drkuhl...@yahoo.com] Sent: Wednesday, April 27, 2011 8:10 AM To: MS-Exchange Admin Issues Subject: Re: Fixing Exchange 2007 server that might be hijacked or used as a relay and has been blacklisted This error is actually coming from Comcast's email servers when I try to send an email to our company from Comast. From: Richard Stovall rich...@gmail.com To: MS-Exchange Admin Issues exchangelist@lyris.sunbelt-software.com Sent: Tue, April 26, 2011 10:23:12 PM Subject: Re: Fixing Exchange 2007 server that might be hijacked or used as a relay and has been blacklisted I've never used Zimbra. (It looks like you do.) How is your edge-facing Zimbra instance determining what internal addresses are viable? On Tue, Apr 26, 2011 at 11:18 PM, Don Kuhlman drkuhl...@yahoo.com wrote: Yep Richard - you're undestanding perfectly - outside parties - say usern...@comcast.net mailto:usern...@comcast.net can't send to the company Comcast's email immediately generates a huge error that I can't even copy and paste. I did type the major parts of it and they are pasted below with email and company.com http://company.com/ being substituted out, etc. This worked about a week ago(no problems sending from comcast to our domain). At first I thought something had changed at Comcast. I googled the SCC-1203 and SCC-1204 codes along with the error text below and it led me to Comcast's forum. That in turn led me to posts saying the target email address was not on a secure server or that the target domain was not allowed to be sent to, which then led me to search for blacklisting and I found the domain blacklisted on two sites, which I went to and manually asked them to remove us by putting our external email server ip address into the forms on the blacklist sites. However, just trying it now from Comcast still causes it to fail immediately with this error. Since I orginally thought it was a Comcast issue because I hadn't heard about any other failures from other domains sending to us (hitachi, etc.), I opened a case with Comcast. They are supposed to be investigating which maybe they can enlighten me too ;) Thanks! Don K Message not sent; The following addresses were not accepted: {0} SCC-1203 Message not sent; The following addresses were not accepted: em...@company.com mailto:em...@company.com SCC-1204 method: SendMsgRequest msg:Invalid address: em...@company.com mailto:em...@company.com com.zimbra.cs http://com.zimbra.cs.mailbox.ma/ .mailbox.MailSender$SafeSendFailedException: code: mail.SEND_ABORTED_ADDRESS_FAILURE detail: soap:Sender trace: btp00l0-121808:1303873522184:a35c69230074fa82 request: Body: { From: Richard Stovall rich...@gmail.com To: MS-Exchange Admin Issues exchangelist@lyris.sunbelt-software.com Sent: Tue, April 26, 2011 9:07:34 PM Subject: Re: Fixing Exchange 2007 server that might be hijacked or used as a relay and has been blacklisted Blacklisting, as I typically understand it, means that you can't send to the other party. What you're describing, unless I misunderstand, is a situation where outside parties are unable to send to you. What are the exact (full text) errors you received from Comcast when testing? On Tue, Apr 26, 2011 at 9:30 PM, Don Kuhlman drkuhl...@yahoo.com wrote: Hi folks. This is probably a very basic question for the Exchange gurus...I'm trying to support of an exchange 2007 server (on SBS 2008) and found that it looks like we're being blacklisted by certain sites. Internal users were reporting that they couldn't receive emails from outside customers using comcast.net http://comcast.net/ , and hitachi among others. I tried to send to emails internally from comcast and was also getting errors that we were being blocked or not allowed from comcast. I ran some scans from different sites such as http://www.mxtoolbox.com/SuperTool.aspx that show if you're blacklisted and found a couple instances where we were. I've been trying to find a way (internally from the server logs or firewall logs) to see if the Exchange 2007 server was hijacked or is being used as a relay. I'm not sure what to look for as traffic patterns on the firewall so that I can set rules to block this, nor what I might want to try initially on the server to protect it. I looked (googled) for how to test for blacklisting and all I'm finding is sites that tell you how to request you be removed
Re: Fixing Exchange 2007 server that might be hijacked or used as a relay and has been blacklisted
2 questions at this piont: 1) Can you post the entire error message? 2) Do you use Zimbra? On Wed, Apr 27, 2011 at 8:10 AM, Don Kuhlman drkuhl...@yahoo.com wrote: This error is actually coming from Comcast's email servers when I try to send an email to our company from Comast. -- *From:* Richard Stovall rich...@gmail.com *To:* MS-Exchange Admin Issues exchangelist@lyris.sunbelt-software.com *Sent:* Tue, April 26, 2011 10:23:12 PM *Subject:* Re: Fixing Exchange 2007 server that might be hijacked or used as a relay and has been blacklisted I've never used Zimbra. (It looks like you do.) How is your edge-facing Zimbra instance determining what internal addresses are viable? On Tue, Apr 26, 2011 at 11:18 PM, Don Kuhlman drkuhl...@yahoo.com wrote: Yep Richard - you're undestanding perfectly - outside parties - say usern...@comcast.net usern...@comcast.net can't send to the company Comcast's email immediately generates a huge error that I can't even copy and paste. I did type the major parts of it and they are pasted below with email and company.com being substituted out, etc. This worked about a week ago(no problems sending from comcast to our domain). At first I thought something had changed at Comcast. I googled the SCC-1203 and SCC-1204 codes along with the error text below and it led me to Comcast's forum. That in turn led me to posts saying the target email address was not on a secure server or that the target domain was not allowed to be sent to, which then led me to search for blacklisting and I found the domain blacklisted on two sites, which I went to and manually asked them to remove us by putting our external email server ip address into the forms on the blacklist sites. However, just trying it now from Comcast still causes it to fail immediately with this error. Since I orginally thought it was a Comcast issue because I hadn't heard about any other failures from other domains sending to us (hitachi, etc.), I opened a case with Comcast. They are supposed to be investigating which maybe they can enlighten me too ;) Thanks! Don K Message not sent; The following addresses were not accepted: {0} SCC-1203 Message not sent; The following addresses were not accepted: em...@company.com SCC-1204 method: SendMsgRequest msg:Invalid address: em...@company.com com.zimbra.cshttp://com.zimbra.cs.mailbox.ma/ .mailbox.MailSender$SafeSendFailedException: code: mail.SEND_ABORTED_ADDRESS_FAILURE detail: soap:Sender trace: btp00l0-121808:1303873522184:a35c69230074fa82 request: Body: { -- *From:* Richard Stovall rich...@gmail.com *To:* MS-Exchange Admin Issues exchangelist@lyris.sunbelt-software.com *Sent:* Tue, April 26, 2011 9:07:34 PM *Subject:* Re: Fixing Exchange 2007 server that might be hijacked or used as a relay and has been blacklisted Blacklisting, as I typically understand it, means that you can't send to the other party. What you're describing, unless I misunderstand, is a situation where outside parties are unable to send to you. What are the exact (full text) errors you received from Comcast when testing? On Tue, Apr 26, 2011 at 9:30 PM, Don Kuhlman drkuhl...@yahoo.comwrote: Hi folks. This is probably a very basic question for the Exchange gurus...I'm trying to support of an exchange 2007 server (on SBS 2008) and found that it looks like we're being blacklisted by certain sites. Internal users were reporting that they couldn't receive emails from outside customers using comcast.net, and hitachi among others. I tried to send to emails internally from comcast and was also getting errors that we were being blocked or not allowed from comcast. I ran some scans from different sites such as http://www.mxtoolbox.com/SuperTool.aspx that show if you're blacklisted and found a couple instances where we were. I've been trying to find a way (internally from the server logs or firewall logs) to see if the Exchange 2007 server was hijacked or is being used as a relay. I'm not sure what to look for as traffic patterns on the firewall so that I can set rules to block this, nor what I might want to try initially on the server to protect it. I looked (googled) for how to test for blacklisting and all I'm finding is sites that tell you how to request you be removed temporarily from a blacklist or how to test your ip for blacklist status. Are there good sites that I can study to find out from the server's perspective or how to make sure it's not being used maliciously for relaying or spamming or some sites that tell me how to lock it down or verify it's okay (not to mention getting it permanently off the blacklists) ? Thanks! Don K --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
Fixing Exchange 2007 server that might be hijacked or used as a relay and has been blacklisted
Hi folks. This is probably a very basic question for the Exchange gurus...I'm trying to support of an exchange 2007 server (on SBS 2008) and found that it looks like we're being blacklisted by certain sites. Internal users were reporting that they couldn't receive emails from outside customers using comcast.net, and hitachi among others. I tried to send to emails internally from comcast and was also getting errors that we were being blocked or not allowed from comcast. I ran some scans from different sites such as http://www.mxtoolbox.com/SuperTool.aspx that show if you're blacklisted and found a couple instances where we were. I've been trying to find a way (internally from the server logs or firewall logs) to see if the Exchange 2007 server was hijacked or is being used as a relay. I'm not sure what to look for as traffic patterns on the firewall so that I can set rules to block this, nor what I might want to try initially on the server to protect it. I looked (googled) for how to test for blacklisting and all I'm finding is sites that tell you how to request you be removed temporarily from a blacklist or how to test your ip for blacklist status. Are there good sites that I can study to find out from the server's perspective or how to make sure it's not being used maliciously for relaying or spamming or some sites that tell me how to lock it down or verify it's okay (not to mention getting it permanently off the blacklists) ? Thanks! Don K --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
Re: Fixing Exchange 2007 server that might be hijacked or used as a relay and has been blacklisted
Blacklisting, as I typically understand it, means that you can't send to the other party. What you're describing, unless I misunderstand, is a situation where outside parties are unable to send to you. What are the exact (full text) errors you received from Comcast when testing? On Tue, Apr 26, 2011 at 9:30 PM, Don Kuhlman drkuhl...@yahoo.com wrote: Hi folks. This is probably a very basic question for the Exchange gurus...I'm trying to support of an exchange 2007 server (on SBS 2008) and found that it looks like we're being blacklisted by certain sites. Internal users were reporting that they couldn't receive emails from outside customers using comcast.net, and hitachi among others. I tried to send to emails internally from comcast and was also getting errors that we were being blocked or not allowed from comcast. I ran some scans from different sites such as http://www.mxtoolbox.com/SuperTool.aspx that show if you're blacklisted and found a couple instances where we were. I've been trying to find a way (internally from the server logs or firewall logs) to see if the Exchange 2007 server was hijacked or is being used as a relay. I'm not sure what to look for as traffic patterns on the firewall so that I can set rules to block this, nor what I might want to try initially on the server to protect it. I looked (googled) for how to test for blacklisting and all I'm finding is sites that tell you how to request you be removed temporarily from a blacklist or how to test your ip for blacklist status. Are there good sites that I can study to find out from the server's perspective or how to make sure it's not being used maliciously for relaying or spamming or some sites that tell me how to lock it down or verify it's okay (not to mention getting it permanently off the blacklists) ? Thanks! Don K --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
Re: Fixing Exchange 2007 server that might be hijacked or used as a relay and has been blacklisted
If there are end user computers that are behind the same Internet/firewall, make sure you don't have a zombified pc sending out spam on behalf of some botnet. In my experience, that's a more likely source of bad outbound traffic that gets you put on blacklists. For a start, check outbound traffic at your firewall for any SMTP originating from a box other than the Exchange server. On Apr 26, 2011, at 8:30 PM, Don Kuhlman drkuhl...@yahoo.commailto:drkuhl...@yahoo.com wrote: Hi folks. This is probably a very basic question for the Exchange gurus...I'm trying to support of an exchange 2007 server (on SBS 2008) and found that it looks like we're being blacklisted by certain sites. Internal users were reporting that they couldn't receive emails from outside customers using comcast.nethttp://comcast.net, and hitachi among others. I tried to send to emails internally from comcast and was also getting errors that we were being blocked or not allowed from comcast. I ran some scans from different sites such as http://www.mxtoolbox.com/SuperTool.aspx http://www.mxtoolbox.com/SuperTool.aspx that show if you're blacklisted and found a couple instances where we were. I've been trying to find a way (internally from the server logs or firewall logs) to see if the Exchange 2007 server was hijacked or is being used as a relay. I'm not sure what to look for as traffic patterns on the firewall so that I can set rules to block this, nor what I might want to try initially on the server to protect it. I looked (googled) for how to test for blacklisting and all I'm finding is sites that tell you how to request you be removed temporarily from a blacklist or how to test your ip for blacklist status. Are there good sites that I can study to find out from the server's perspective or how to make sure it's not being used maliciously for relaying or spamming or some sites that tell me how to lock it down or verify it's okay (not to mention getting it permanently off the blacklists) ? Thanks! Don K --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ http://lyris.sunbelt-software.com/read/my_forums/ or send an email to mailto:listmana...@lyris.sunbeltsoftware.com listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist This e-mail and any files transmitted with it are confidential, are intended solely for the use of the addressee, and may be legally privileged. If you have received this e-mail in error, please notify the sender immediately; disclosing, copying, distributing, or taking any action in reliance on the contents of this information is strictly prohibited. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
Re: Fixing Exchange 2007 server that might be hijacked or used as a relay and has been blacklisted
Yep Richard - you're undestanding perfectly - outside parties - say usern...@comcast.net can't send to the company Comcast's email immediately generates a huge error that I can't even copy and paste. I did type the major parts of it and they are pasted below with email and company.com being substituted out, etc. This worked about a week ago(no problems sending from comcast to our domain). At first I thought something had changed at Comcast. I googled the SCC-1203 and SCC-1204 codes along with the error text below and it led me to Comcast's forum. That in turn led me to posts saying the target email address was not on a secure server or that the target domain was not allowed to be sent to, which then led me to search for blacklisting and I found the domain blacklisted on two sites, which I went to and manually asked them to remove us by putting our external email server ip address into the forms on the blacklist sites. However, just trying it now from Comcast still causes it to fail immediately with this error. Since I orginally thought it was a Comcast issue because I hadn't heard about any other failures from other domains sending to us (hitachi, etc.), I opened a case with Comcast. They are supposed to be investigating which maybe they can enlighten me too ;) Thanks! Don K Message not sent; The following addresses were not accepted: {0} SCC-1203 Message not sent; The following addresses were not accepted: email@company.comSCC-1204 method: SendMsgRequest msg: Invalid address: em...@company.comcom.zimbra.cs.mailbox.MailSender$SafeSendFailedException: code: mail.SEND_ABORTED_ADDRESS_FAILURE detail: soap:Sender trace: btp00l0-121808:1303873522184:a35c69230074fa82 request: Body: { From: Richard Stovall rich...@gmail.com To: MS-Exchange Admin Issues exchangelist@lyris.sunbelt-software.com Sent: Tue, April 26, 2011 9:07:34 PM Subject: Re: Fixing Exchange 2007 server that might be hijacked or used as a relay and has been blacklisted Blacklisting, as I typically understand it, means that you can't send to the other party. What you're describing, unless I misunderstand, is a situation where outside parties are unable to send to you. What are the exact (full text) errors you received from Comcast when testing? On Tue, Apr 26, 2011 at 9:30 PM, Don Kuhlman drkuhl...@yahoo.com wrote: Hi folks. This is probably a very basic question for the Exchange gurus...I'm trying to support of an exchange 2007 server (on SBS 2008) and found that it looks like we're being blacklisted by certain sites. Internal users were reporting that they couldn't receive emails from outside customers using comcast.net, and hitachi among others. I tried to send to emails internally from comcast and was also getting errors that we were being blocked or not allowed from comcast. I ran some scans from different sites such as http://www.mxtoolbox.com/SuperTool.aspx that show if you're blacklisted and found a couple instances where we were. I've been trying to find a way (internally from the server logs or firewall logs) to see if the Exchange 2007 server was hijacked or is being used as a relay. I'm not sure what to look for as traffic patterns on the firewall so that I can set rules to block this, nor what I might want to try initially on the server to protect it. I looked (googled) for how to test for blacklisting and all I'm finding is sites that tell you how to request you be removed temporarily from a blacklist or how to test your ip for blacklist status. Are there good sites that I can study to find out from the server's perspective or how to make sure it's not being used maliciously for relaying or spamming or some sites that tell me how to lock it down or verify it's okay (not to mention getting it permanently off the blacklists) ? Thanks! Don K --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
Re: Fixing Exchange 2007 server that might be hijacked or used as a relay and has been blacklisted
I've never used Zimbra. (It looks like you do.) How is your edge-facing Zimbra instance determining what internal addresses are viable? On Tue, Apr 26, 2011 at 11:18 PM, Don Kuhlman drkuhl...@yahoo.com wrote: Yep Richard - you're undestanding perfectly - outside parties - say usern...@comcast.net usern...@comcast.net can't send to the company Comcast's email immediately generates a huge error that I can't even copy and paste. I did type the major parts of it and they are pasted below with email and company.com being substituted out, etc. This worked about a week ago(no problems sending from comcast to our domain). At first I thought something had changed at Comcast. I googled the SCC-1203 and SCC-1204 codes along with the error text below and it led me to Comcast's forum. That in turn led me to posts saying the target email address was not on a secure server or that the target domain was not allowed to be sent to, which then led me to search for blacklisting and I found the domain blacklisted on two sites, which I went to and manually asked them to remove us by putting our external email server ip address into the forms on the blacklist sites. However, just trying it now from Comcast still causes it to fail immediately with this error. Since I orginally thought it was a Comcast issue because I hadn't heard about any other failures from other domains sending to us (hitachi, etc.), I opened a case with Comcast. They are supposed to be investigating which maybe they can enlighten me too ;) Thanks! Don K Message not sent; The following addresses were not accepted: {0} SCC-1203 Message not sent; The following addresses were not accepted: em...@company.com SCC-1204 method: SendMsgRequest msg:Invalid address: em...@company.comcom.zimbra.cs.mailbox.MailSender$SafeSendFailedException: code: mail.SEND_ABORTED_ADDRESS_FAILURE detail: soap:Sender trace: btp00l0-121808:1303873522184:a35c69230074fa82 request: Body: { -- *From:* Richard Stovall rich...@gmail.com *To:* MS-Exchange Admin Issues exchangelist@lyris.sunbelt-software.com *Sent:* Tue, April 26, 2011 9:07:34 PM *Subject:* Re: Fixing Exchange 2007 server that might be hijacked or used as a relay and has been blacklisted Blacklisting, as I typically understand it, means that you can't send to the other party. What you're describing, unless I misunderstand, is a situation where outside parties are unable to send to you. What are the exact (full text) errors you received from Comcast when testing? On Tue, Apr 26, 2011 at 9:30 PM, Don Kuhlman drkuhl...@yahoo.com wrote: Hi folks. This is probably a very basic question for the Exchange gurus...I'm trying to support of an exchange 2007 server (on SBS 2008) and found that it looks like we're being blacklisted by certain sites. Internal users were reporting that they couldn't receive emails from outside customers using comcast.net, and hitachi among others. I tried to send to emails internally from comcast and was also getting errors that we were being blocked or not allowed from comcast. I ran some scans from different sites such as http://www.mxtoolbox.com/SuperTool.aspx that show if you're blacklisted and found a couple instances where we were. I've been trying to find a way (internally from the server logs or firewall logs) to see if the Exchange 2007 server was hijacked or is being used as a relay. I'm not sure what to look for as traffic patterns on the firewall so that I can set rules to block this, nor what I might want to try initially on the server to protect it. I looked (googled) for how to test for blacklisting and all I'm finding is sites that tell you how to request you be removed temporarily from a blacklist or how to test your ip for blacklist status. Are there good sites that I can study to find out from the server's perspective or how to make sure it's not being used maliciously for relaying or spamming or some sites that tell me how to lock it down or verify it's okay (not to mention getting it permanently off the blacklists) ? Thanks! Don K --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Receive Connector for Relay
I don't think you can. They changed the permission model for connectors in Exchange 2007 (it carries over to 2010), and that kind of user-level access isn't configurable any more. In E2003 you could also do source based routing by setting user-level permissions on send connectors, and you can't do that anymore, either. From: Sam Cayze [mailto:sca...@gmail.com] Sent: Monday, January 24, 2011 12:44 PM To: MS-Exchange Admin Issues Subject: Receive Connector for Relay I need to setup a receive connector on my Exch 2010 box for a mailer program. I want to set it up so it only allows traffic from IP on port 25000, from 1 authenticated user (RelayUser), and requires ntlm security, has to be able to relay to internal and external domains. Nothing else. I haven't found any good articles on how to do this and I'm afraid the connectors I have tried building are not as locked down as I wish. Any guidance for me? I'm guessing a lot of these would need to be done through PS, since checking the checkboxes are not granular enough - but struggling to find the right commands... Thanks! -Sam --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ** --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Receive Connector for Relay
I see. But I have seen this command referenced in this article: http://msexchangeteam.com/archive/2006/12/28/432013.aspx Get-ReceiveConnector CRM Application | Add-ADPermission -User NT AUTHORITY\ANONYMOUS LOGON -ExtendedRights ms-Exch-SMTP-Accept-Any-Recipient Still can't quite get the connector working. I guess I'd be ok with allowing any user to relay, as long as the password is not sent in clear text. From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net] Sent: Monday, January 24, 2011 12:54 PM To: MS-Exchange Admin Issues Subject: RE: Receive Connector for Relay I don't think you can. They changed the permission model for connectors in Exchange 2007 (it carries over to 2010), and that kind of user-level access isn't configurable any more. In E2003 you could also do source based routing by setting user-level permissions on send connectors, and you can't do that anymore, either. From: Sam Cayze [mailto:sca...@gmail.com] Sent: Monday, January 24, 2011 12:44 PM To: MS-Exchange Admin Issues Subject: Receive Connector for Relay I need to setup a receive connector on my Exch 2010 box for a mailer program. I want to set it up so it only allows traffic from IP on port 25000, from 1 authenticated user (RelayUser), and requires ntlm security, has to be able to relay to internal and external domains. Nothing else. I haven't found any good articles on how to do this and I'm afraid the connectors I have tried building are not as locked down as I wish. Any guidance for me? I'm guessing a lot of these would need to be done through PS, since checking the checkboxes are not granular enough - but struggling to find the right commands. Thanks! -Sam --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ** --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Receive Connector for Relay
How did you create the receive-connector? Because yes, that should work (assuming you loaded a certificate for ssl to work against. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Sam Cayze [mailto:sca...@gmail.com] Sent: Monday, January 24, 2011 2:06 PM To: MS-Exchange Admin Issues Subject: RE: Receive Connector for Relay I see. But I have seen this command referenced in this article: http://msexchangeteam.com/archive/2006/12/28/432013.aspx Get-ReceiveConnector CRM Application | Add-ADPermission -User NT AUTHORITY\ANONYMOUS LOGON -ExtendedRights ms-Exch-SMTP-Accept-Any-Recipient Still can't quite get the connector working. I guess I'd be ok with allowing any user to relay, as long as the password is not sent in clear text. From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net] Sent: Monday, January 24, 2011 12:54 PM To: MS-Exchange Admin Issues Subject: RE: Receive Connector for Relay I don't think you can. They changed the permission model for connectors in Exchange 2007 (it carries over to 2010), and that kind of user-level access isn't configurable any more. In E2003 you could also do source based routing by setting user-level permissions on send connectors, and you can't do that anymore, either. From: Sam Cayze [mailto:sca...@gmail.com] Sent: Monday, January 24, 2011 12:44 PM To: MS-Exchange Admin Issues Subject: Receive Connector for Relay I need to setup a receive connector on my Exch 2010 box for a mailer program. I want to set it up so it only allows traffic from IP on port 25000, from 1 authenticated user (RelayUser), and requires ntlm security, has to be able to relay to internal and external domains. Nothing else. I haven't found any good articles on how to do this and I'm afraid the connectors I have tried building are not as locked down as I wish. Any guidance for me? I'm guessing a lot of these would need to be done through PS, since checking the checkboxes are not granular enough - but struggling to find the right commands... Thanks! -Sam --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ** --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Receive Connector for Relay
I just keep getting 550 5.7.1 Client does not have permissions to send as this sender Even for internal mail. What's the command to get a PS list for ALL setting on a receive connector, even the extended rights? From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Monday, January 24, 2011 1:23 PM To: MS-Exchange Admin Issues Subject: RE: Receive Connector for Relay How did you create the receive-connector? Because yes, that should work (assuming you loaded a certificate for ssl to work against. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Sam Cayze [mailto:sca...@gmail.com] Sent: Monday, January 24, 2011 2:06 PM To: MS-Exchange Admin Issues Subject: RE: Receive Connector for Relay I see. But I have seen this command referenced in this article: http://msexchangeteam.com/archive/2006/12/28/432013.aspx Get-ReceiveConnector CRM Application | Add-ADPermission -User NT AUTHORITY\ANONYMOUS LOGON -ExtendedRights ms-Exch-SMTP-Accept-Any-Recipient Still can't quite get the connector working. I guess I'd be ok with allowing any user to relay, as long as the password is not sent in clear text. From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net] Sent: Monday, January 24, 2011 12:54 PM To: MS-Exchange Admin Issues Subject: RE: Receive Connector for Relay I don't think you can. They changed the permission model for connectors in Exchange 2007 (it carries over to 2010), and that kind of user-level access isn't configurable any more. In E2003 you could also do source based routing by setting user-level permissions on send connectors, and you can't do that anymore, either. From: Sam Cayze [mailto:sca...@gmail.com] Sent: Monday, January 24, 2011 12:44 PM To: MS-Exchange Admin Issues Subject: Receive Connector for Relay I need to setup a receive connector on my Exch 2010 box for a mailer program. I want to set it up so it only allows traffic from IP on port 25000, from 1 authenticated user (RelayUser), and requires ntlm security, has to be able to relay to internal and external domains. Nothing else. I haven't found any good articles on how to do this and I'm afraid the connectors I have tried building are not as locked down as I wish. Any guidance for me? I'm guessing a lot of these would need to be done through PS, since checking the checkboxes are not granular enough - but struggling to find the right commands. Thanks! -Sam --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ** --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Receive Connector for Relay
Get-receiveconnector name | fl Get-adPermission name | fl * The second one will probably be pretty large. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Sam Cayze [mailto:sca...@gmail.com] Sent: Monday, January 24, 2011 2:57 PM To: MS-Exchange Admin Issues Subject: RE: Receive Connector for Relay I just keep getting 550 5.7.1 Client does not have permissions to send as this sender Even for internal mail. What's the command to get a PS list for ALL setting on a receive connector, even the extended rights? From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Monday, January 24, 2011 1:23 PM To: MS-Exchange Admin Issues Subject: RE: Receive Connector for Relay How did you create the receive-connector? Because yes, that should work (assuming you loaded a certificate for ssl to work against. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Sam Cayze [mailto:sca...@gmail.com] Sent: Monday, January 24, 2011 2:06 PM To: MS-Exchange Admin Issues Subject: RE: Receive Connector for Relay I see. But I have seen this command referenced in this article: http://msexchangeteam.com/archive/2006/12/28/432013.aspx Get-ReceiveConnector CRM Application | Add-ADPermission -User NT AUTHORITY\ANONYMOUS LOGON -ExtendedRights ms-Exch-SMTP-Accept-Any-Recipient Still can't quite get the connector working. I guess I'd be ok with allowing any user to relay, as long as the password is not sent in clear text. From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net] Sent: Monday, January 24, 2011 12:54 PM To: MS-Exchange Admin Issues Subject: RE: Receive Connector for Relay I don't think you can. They changed the permission model for connectors in Exchange 2007 (it carries over to 2010), and that kind of user-level access isn't configurable any more. In E2003 you could also do source based routing by setting user-level permissions on send connectors, and you can't do that anymore, either. From: Sam Cayze [mailto:sca...@gmail.com] Sent: Monday, January 24, 2011 12:44 PM To: MS-Exchange Admin Issues Subject: Receive Connector for Relay I need to setup a receive connector on my Exch 2010 box for a mailer program. I want to set it up so it only allows traffic from IP on port 25000, from 1 authenticated user (RelayUser), and requires ntlm security, has to be able to relay to internal and external domains. Nothing else. I haven't found any good articles on how to do this and I'm afraid the connectors I have tried building are not as locked down as I wish. Any guidance for me? I'm guessing a lot of these would need to be done through PS, since checking the checkboxes are not granular enough - but struggling to find the right commands... Thanks! -Sam --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ** --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Receive Connector for Relay
Everything looks as it should, and I'm sure my app allows ntlm. What is the enableauthgssapi property? Seems to be related to ntlm, but I can't find anything on it. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Monday, January 24, 2011 1:59 PM To: MS-Exchange Admin Issues Subject: RE: Receive Connector for Relay Get-receiveconnector name | fl Get-adPermission name | fl * The second one will probably be pretty large. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Sam Cayze [mailto:sca...@gmail.com] Sent: Monday, January 24, 2011 2:57 PM To: MS-Exchange Admin Issues Subject: RE: Receive Connector for Relay I just keep getting 550 5.7.1 Client does not have permissions to send as this sender Even for internal mail. What's the command to get a PS list for ALL setting on a receive connector, even the extended rights? From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Monday, January 24, 2011 1:23 PM To: MS-Exchange Admin Issues Subject: RE: Receive Connector for Relay How did you create the receive-connector? Because yes, that should work (assuming you loaded a certificate for ssl to work against. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Sam Cayze [mailto:sca...@gmail.com] Sent: Monday, January 24, 2011 2:06 PM To: MS-Exchange Admin Issues Subject: RE: Receive Connector for Relay I see. But I have seen this command referenced in this article: http://msexchangeteam.com/archive/2006/12/28/432013.aspx Get-ReceiveConnector CRM Application | Add-ADPermission -User NT AUTHORITY\ANONYMOUS LOGON -ExtendedRights ms-Exch-SMTP-Accept-Any-Recipient Still can't quite get the connector working. I guess I'd be ok with allowing any user to relay, as long as the password is not sent in clear text. From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net] Sent: Monday, January 24, 2011 12:54 PM To: MS-Exchange Admin Issues Subject: RE: Receive Connector for Relay I don't think you can. They changed the permission model for connectors in Exchange 2007 (it carries over to 2010), and that kind of user-level access isn't configurable any more. In E2003 you could also do source based routing by setting user-level permissions on send connectors, and you can't do that anymore, either. From: Sam Cayze [mailto:sca...@gmail.com] Sent: Monday, January 24, 2011 12:44 PM To: MS-Exchange Admin Issues Subject: Receive Connector for Relay I need to setup a receive connector on my Exch 2010 box for a mailer program. I want to set it up so it only allows traffic from IP on port 25000, from 1 authenticated user (RelayUser), and requires ntlm security, has to be able to relay to internal and external domains. Nothing else. I haven't found any good articles on how to do this and I'm afraid the connectors I have tried building are not as locked down as I wish. Any guidance for me? I'm guessing a lot of these would need to be done through PS, since checking the checkboxes are not granular enough - but struggling to find the right commands. Thanks! -Sam --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ** --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read
RE: Receive Connector for Relay
Looks good to me, yet still no luck. Get-receiveconnector web02 relay | fl * PSComputerName : .corp.rollouts.com RunspaceId : 1edd476e-595b-43d8-9537-b2afcaff6962 AuthMechanism : Integrated Banner : BinaryMimeEnabled : True Bindings: {0.0.0.0:2500} ChunkingEnabled : True DefaultDomain : DeliveryStatusNotificationEnabled : True EightBitMimeEnabled : True BareLinefeedRejectionEnabled: False DomainSecureEnabled : False EnhancedStatusCodesEnabled : True LongAddressesEnabled: False OrarEnabled : False SuppressXAnonymousTls : False AdvertiseClientSettings : False Fqdn: mail.rollouts.com Comment : Enabled : True ConnectionTimeout : 00:10:00 ConnectionInactivityTimeout : 00:05:00 MessageRateLimit: unlimited MessageRateSource : IPAddress MaxInboundConnection: 5000 MaxInboundConnectionPerSource : 20 MaxInboundConnectionPercentagePerSource : 2 MaxHeaderSize : 64 KB (65,536 bytes) MaxHopCount : 60 MaxLocalHopCount: 12 MaxLogonFailures: 3 MaxMessageSize : 10 MB (10,485,760 bytes) MaxProtocolErrors : 5 MaxRecipientsPerMessage : 200 PermissionGroups: AnonymousUsers, ExchangeUsers, Custom PipeliningEnabled : True ProtocolLoggingLevel: None RemoteIPRanges : {xx.xx.xx.248-xx.xx.xx.248} RequireEHLODomain : False RequireTLS : False EnableAuthGSSAPI: False ExtendedProtectionPolicy: None LiveCredentialEnabled : False TlsDomainCapabilities : {} Server : SizeEnabled : Enabled TarpitInterval : 00:00:05 MaxAcknowledgementDelay : 00:00:30 AdminDisplayName: ExchangeVersion : 0.1 (8.0.535.0) Name: WEB02 Relay DistinguishedName : CN=WEB02 Relay,CN=SMTP Receive Connectors,CN=Protocols,CN=MAIL02,CN=Servers,C N=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN =ROLLOUTS INCORPORATED,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC= corp,DC=rollouts,DC=com Identity: MAIL02\WEB02 Relay Guid: 875753c9-f73e-4040-a0cc-cecddf1f7978 ObjectCategory : corp.rollouts.com/Configuration/Schema/ms-Exch-Smtp-Receive-Connector ObjectClass : {top, msExchSmtpReceiveConnector} WhenChanged : 1/24/2011 1:58:51 PM WhenCreated : 1/24/2011 1:01:40 PM WhenChangedUTC : 1/24/2011 7:58:51 PM WhenCreatedUTC : 1/24/2011 7:01:40 PM OrganizationId : OriginatingServer : xxx.corp.rollouts.com IsValid : True From: Sam Cayze [mailto:sca...@gmail.com] Sent: Monday, January 24, 2011 2:20 PM To: MS-Exchange Admin Issues Subject: RE: Receive Connector for Relay Everything looks as it should, and I'm sure my app allows ntlm. What is the enableauthgssapi property? Seems to be related to ntlm, but I can't find anything on it. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Monday, January 24, 2011 1:59 PM To: MS-Exchange Admin Issues Subject: RE: Receive Connector for Relay Get-receiveconnector name | fl Get-adPermission name | fl * The second one will probably be pretty large. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Sam Cayze [mailto:sca...@gmail.com] Sent: Monday, January 24, 2011 2:57 PM To: MS-Exchange Admin Issues Subject: RE: Receive Connector for Relay I just keep getting 550 5.7.1 Client does not have permissions to send as this sender Even for internal mail. What's the command to get a PS list for ALL setting on a receive connector, even the extended rights
Allow Relay over VPN Connection
We are working with a company that says they may need to use our Exchange server (2007 SP1) as a relay to send mail to our internal users only. I thought if they were sending to internal users there would not be a need for a relay. We have several devices (copier, etc) on our network that can send messages to internal users that do not need a relay configured. Is this a security/spam risk issue? Thanks Brent --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Allow Relay over VPN Connection
Doesn’t sound right to me. It wouldn't happen to be a marketing company, would it? -Original Message- From: Brent Zalewski [mailto:bzalew...@comcast.net] Sent: Friday, January 14, 2011 9:55 AM To: MS-Exchange Admin Issues Subject: Allow Relay over VPN Connection We are working with a company that says they may need to use our Exchange server (2007 SP1) as a relay to send mail to our internal users only. I thought if they were sending to internal users there would not be a need for a relay. We have several devices (copier, etc) on our network that can send messages to internal users that do not need a relay configured. Is this a security/spam risk issue? Thanks Brent --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Allow Relay over VPN Connection
No, we are working with them to archive users email. Someone at our company wants to have reports emailed to them once a month on certain activity. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
Re: Allow Relay over VPN Connection
Get more specifics. We work with a company that provides job applicant tracking services. All e-mail communications from the hosted service appeared to come from our domain. As a result, we preferred that those communications originated from our environment, so we allowed them to relay off a DMZ based mail gateway. - Sean On Fri, Jan 14, 2011 at 7:29 AM, Brent Zalewski bzalew...@comcast.netwrote: No, we are working with them to archive users email. Someone at our company wants to have reports emailed to them once a month on certain activity. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Allow Relay over VPN Connection
Sounds like they want to send to you using your domain as the from. So you will want an exception for domain spoofing. That is not really a relay, it is an exception to a common practice of not accepting email from the outside world that uses your domain as the from. Personally, I would tell them to pound salt and not use your domain as the from because it defeats the purpose of from address's, NDR's and all that. From: Brent Zalewski [bzalew...@comcast.net] Sent: Friday, January 14, 2011 11:29 AM To: MS-Exchange Admin Issues Subject: RE: Allow Relay over VPN Connection No, we are working with them to archive users email. Someone at our company wants to have reports emailed to them once a month on certain activity. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Allow Relay over VPN Connection
We recommend that they use an accurate sender but use Sent on Behalf of: in the From: and a Reply To: From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Friday, January 14, 2011 8:48 AM To: MS-Exchange Admin Issues Subject: Re: Allow Relay over VPN Connection Get more specifics. We work with a company that provides job applicant tracking services. All e-mail communications from the hosted service appeared to come from our domain. As a result, we preferred that those communications originated from our environment, so we allowed them to relay off a DMZ based mail gateway. - Sean On Fri, Jan 14, 2011 at 7:29 AM, Brent Zalewski bzalew...@comcast.netmailto:bzalew...@comcast.net wrote: No, we are working with them to archive users email. Someone at our company wants to have reports emailed to them once a month on certain activity. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
oracle/sql app relay through 2010 receive connector
In the final stages of tearing down a 2003/2010 coexistence ... there's a legacy SQL app that used to relay through 2003, sending plaintext credentials (u...@domain.commailto:u...@domain.com, password visible in the script). It's a legit mailbox on the Exchange system, it's on the custom connector I built to listen on port 25 internally from the specific VLAN it sits on ... I've flipped the settings on the connector to allow and relay for anonymous from that IP range, but in this case I may need to let it still authenticate that user with the plaintext. I fiddled with it a bit yesterday, and can't get it to fly ... not certain if I'm bonking my head against the same issue as dealing with plaintext in POP3/IMAP (-logintype PlainTextLogin) or if I'm dancing around another problem. Still works through 2003, but I can't get their same code to work through 2010. I thought maybe they needed to change the script to use domain\user instead of u...@domain.commailto:u...@domain.com, but trialerror failed there. Am I wrong in thinking it's the plaintext issue, or am I just missing the obvious? Rick --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: oracle/sql app relay through 2010 receive connector
You generally need to use 587 Client connector instead of the 25 Default connector. Have you tried that? Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Rick Berry [mailto:rbe...@elevativenetworks.com] Sent: Wednesday, January 05, 2011 11:49 AM To: MS-Exchange Admin Issues Subject: oracle/sql app relay through 2010 receive connector In the final stages of tearing down a 2003/2010 coexistence ... there's a legacy SQL app that used to relay through 2003, sending plaintext credentials (u...@domain.commailto:u...@domain.com, password visible in the script). It's a legit mailbox on the Exchange system, it's on the custom connector I built to listen on port 25 internally from the specific VLAN it sits on ... I've flipped the settings on the connector to allow and relay for anonymous from that IP range, but in this case I may need to let it still authenticate that user with the plaintext. I fiddled with it a bit yesterday, and can't get it to fly ... not certain if I'm bonking my head against the same issue as dealing with plaintext in POP3/IMAP (-logintype PlainTextLogin) or if I'm dancing around another problem. Still works through 2003, but I can't get their same code to work through 2010. I thought maybe they needed to change the script to use domain\user instead of u...@domain.commailto:u...@domain.com, but trialerror failed there. Am I wrong in thinking it's the plaintext issue, or am I just missing the obvious? Rick --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: oracle/sql app relay through 2010 receive connector
I built a new '25' connector explicitly for this ... not sure I can get them to recode to talk to 587, but I'll throw that option on the trial-and-error pile. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, January 05, 2011 12:17 PM To: MS-Exchange Admin Issues Subject: RE: oracle/sql app relay through 2010 receive connector You generally need to use 587 Client connector instead of the 25 Default connector. Have you tried that? Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Rick Berry [mailto:rbe...@elevativenetworks.com] Sent: Wednesday, January 05, 2011 11:49 AM To: MS-Exchange Admin Issues Subject: oracle/sql app relay through 2010 receive connector In the final stages of tearing down a 2003/2010 coexistence ... there's a legacy SQL app that used to relay through 2003, sending plaintext credentials (u...@domain.commailto:u...@domain.com, password visible in the script). It's a legit mailbox on the Exchange system, it's on the custom connector I built to listen on port 25 internally from the specific VLAN it sits on ... I've flipped the settings on the connector to allow and relay for anonymous from that IP range, but in this case I may need to let it still authenticate that user with the plaintext. I fiddled with it a bit yesterday, and can't get it to fly ... not certain if I'm bonking my head against the same issue as dealing with plaintext in POP3/IMAP (-logintype PlainTextLogin) or if I'm dancing around another problem. Still works through 2003, but I can't get their same code to work through 2010. I thought maybe they needed to change the script to use domain\user instead of u...@domain.commailto:u...@domain.com, but trialerror failed there. Am I wrong in thinking it's the plaintext issue, or am I just missing the obvious? Rick --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: oracle/sql app relay through 2010 receive connector
Oh! That's different. Did you give it relay permissions after you created it? (That would require a PowerShell cmd.) Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Rick Berry [mailto:rbe...@elevativenetworks.com] Sent: Wednesday, January 05, 2011 12:22 PM To: MS-Exchange Admin Issues Subject: RE: oracle/sql app relay through 2010 receive connector I built a new '25' connector explicitly for this ... not sure I can get them to recode to talk to 587, but I'll throw that option on the trial-and-error pile. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, January 05, 2011 12:17 PM To: MS-Exchange Admin Issues Subject: RE: oracle/sql app relay through 2010 receive connector You generally need to use 587 Client connector instead of the 25 Default connector. Have you tried that? Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Rick Berry [mailto:rbe...@elevativenetworks.com] Sent: Wednesday, January 05, 2011 11:49 AM To: MS-Exchange Admin Issues Subject: oracle/sql app relay through 2010 receive connector In the final stages of tearing down a 2003/2010 coexistence ... there's a legacy SQL app that used to relay through 2003, sending plaintext credentials (u...@domain.commailto:u...@domain.com, password visible in the script). It's a legit mailbox on the Exchange system, it's on the custom connector I built to listen on port 25 internally from the specific VLAN it sits on ... I've flipped the settings on the connector to allow and relay for anonymous from that IP range, but in this case I may need to let it still authenticate that user with the plaintext. I fiddled with it a bit yesterday, and can't get it to fly ... not certain if I'm bonking my head against the same issue as dealing with plaintext in POP3/IMAP (-logintype PlainTextLogin) or if I'm dancing around another problem. Still works through 2003, but I can't get their same code to work through 2010. I thought maybe they needed to change the script to use domain\user instead of u...@domain.commailto:u...@domain.com, but trialerror failed there. Am I wrong in thinking it's the plaintext issue, or am I just missing the obvious? Rick --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: oracle/sql app relay through 2010 receive connector
Yep, I issued the get-receiveconnector my connector name | Add-ADpermission -user blah blah blah -extendedrights MS-Exch-SMTP-Accept-Any-Recipient If that's what you mean. Did the same for ntauthority\anon on the custom connector. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, January 05, 2011 12:23 PM To: MS-Exchange Admin Issues Subject: RE: oracle/sql app relay through 2010 receive connector Oh! That's different. Did you give it relay permissions after you created it? (That would require a PowerShell cmd.) Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Rick Berry [mailto:rbe...@elevativenetworks.com] Sent: Wednesday, January 05, 2011 12:22 PM To: MS-Exchange Admin Issues Subject: RE: oracle/sql app relay through 2010 receive connector I built a new '25' connector explicitly for this ... not sure I can get them to recode to talk to 587, but I'll throw that option on the trial-and-error pile. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, January 05, 2011 12:17 PM To: MS-Exchange Admin Issues Subject: RE: oracle/sql app relay through 2010 receive connector You generally need to use 587 Client connector instead of the 25 Default connector. Have you tried that? Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Rick Berry [mailto:rbe...@elevativenetworks.com] Sent: Wednesday, January 05, 2011 11:49 AM To: MS-Exchange Admin Issues Subject: oracle/sql app relay through 2010 receive connector In the final stages of tearing down a 2003/2010 coexistence ... there's a legacy SQL app that used to relay through 2003, sending plaintext credentials (u...@domain.commailto:u...@domain.com, password visible in the script). It's a legit mailbox on the Exchange system, it's on the custom connector I built to listen on port 25 internally from the specific VLAN it sits on ... I've flipped the settings on the connector to allow and relay for anonymous from that IP range, but in this case I may need to let it still authenticate that user with the plaintext. I fiddled with it a bit yesterday, and can't get it to fly ... not certain if I'm bonking my head against the same issue as dealing with plaintext in POP3/IMAP (-logintype PlainTextLogin) or if I'm dancing around another problem. Still works through 2003, but I can't get their same code to work through 2010. I thought maybe they needed to change the script to use domain\user instead of u...@domain.commailto:u...@domain.com, but trialerror failed there. Am I wrong in thinking it's the plaintext issue, or am I just missing the obvious? Rick --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: oracle/sql app relay through 2010 receive connector
Well, then I guess I'd turn logging to verbose for the connector and see what the log files has to say. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Rick Berry [mailto:rbe...@elevativenetworks.com] Sent: Wednesday, January 05, 2011 1:15 PM To: MS-Exchange Admin Issues Subject: RE: oracle/sql app relay through 2010 receive connector Yep, I issued the get-receiveconnector my connector name | Add-ADpermission -user blah blah blah -extendedrights MS-Exch-SMTP-Accept-Any-Recipient If that's what you mean. Did the same for ntauthority\anon on the custom connector. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, January 05, 2011 12:23 PM To: MS-Exchange Admin Issues Subject: RE: oracle/sql app relay through 2010 receive connector Oh! That's different. Did you give it relay permissions after you created it? (That would require a PowerShell cmd.) Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Rick Berry [mailto:rbe...@elevativenetworks.com] Sent: Wednesday, January 05, 2011 12:22 PM To: MS-Exchange Admin Issues Subject: RE: oracle/sql app relay through 2010 receive connector I built a new '25' connector explicitly for this ... not sure I can get them to recode to talk to 587, but I'll throw that option on the trial-and-error pile. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, January 05, 2011 12:17 PM To: MS-Exchange Admin Issues Subject: RE: oracle/sql app relay through 2010 receive connector You generally need to use 587 Client connector instead of the 25 Default connector. Have you tried that? Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Rick Berry [mailto:rbe...@elevativenetworks.com] Sent: Wednesday, January 05, 2011 11:49 AM To: MS-Exchange Admin Issues Subject: oracle/sql app relay through 2010 receive connector In the final stages of tearing down a 2003/2010 coexistence ... there's a legacy SQL app that used to relay through 2003, sending plaintext credentials (u...@domain.commailto:u...@domain.com, password visible in the script). It's a legit mailbox on the Exchange system, it's on the custom connector I built to listen on port 25 internally from the specific VLAN it sits on ... I've flipped the settings on the connector to allow and relay for anonymous from that IP range, but in this case I may need to let it still authenticate that user with the plaintext. I fiddled with it a bit yesterday, and can't get it to fly ... not certain if I'm bonking my head against the same issue as dealing with plaintext in POP3/IMAP (-logintype PlainTextLogin) or if I'm dancing around another problem. Still works through 2003, but I can't get their same code to work through 2010. I thought maybe they needed to change the script to use domain\user instead of u...@domain.commailto:u...@domain.com, but trialerror failed there. Am I wrong in thinking it's the plaintext issue, or am I just missing the obvious? Rick --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: oracle/sql app relay through 2010 receive connector
Have you tried a command line telnet to the connector from the SQL server? From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, January 05, 2011 3:10 PM To: MS-Exchange Admin Issues Subject: RE: oracle/sql app relay through 2010 receive connector Well, then I guess I'd turn logging to verbose for the connector and see what the log files has to say. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Rick Berry [mailto:rbe...@elevativenetworks.com] Sent: Wednesday, January 05, 2011 1:15 PM To: MS-Exchange Admin Issues Subject: RE: oracle/sql app relay through 2010 receive connector Yep, I issued the get-receiveconnector my connector name | Add-ADpermission -user blah blah blah -extendedrights MS-Exch-SMTP-Accept-Any-Recipient If that's what you mean. Did the same for ntauthority\anon on the custom connector. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, January 05, 2011 12:23 PM To: MS-Exchange Admin Issues Subject: RE: oracle/sql app relay through 2010 receive connector Oh! That's different. Did you give it relay permissions after you created it? (That would require a PowerShell cmd.) Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Rick Berry [mailto:rbe...@elevativenetworks.com] Sent: Wednesday, January 05, 2011 12:22 PM To: MS-Exchange Admin Issues Subject: RE: oracle/sql app relay through 2010 receive connector I built a new '25' connector explicitly for this ... not sure I can get them to recode to talk to 587, but I'll throw that option on the trial-and-error pile. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, January 05, 2011 12:17 PM To: MS-Exchange Admin Issues Subject: RE: oracle/sql app relay through 2010 receive connector You generally need to use 587 Client connector instead of the 25 Default connector. Have you tried that? Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Rick Berry [mailto:rbe...@elevativenetworks.com] Sent: Wednesday, January 05, 2011 11:49 AM To: MS-Exchange Admin Issues Subject: oracle/sql app relay through 2010 receive connector In the final stages of tearing down a 2003/2010 coexistence ... there's a legacy SQL app that used to relay through 2003, sending plaintext credentials (u...@domain.commailto:u...@domain.com, password visible in the script). It's a legit mailbox on the Exchange system, it's on the custom connector I built to listen on port 25 internally from the specific VLAN it sits on ... I've flipped the settings on the connector to allow and relay for anonymous from that IP range, but in this case I may need to let it still authenticate that user with the plaintext. I fiddled with it a bit yesterday, and can't get it to fly ... not certain if I'm bonking my head against the same issue as dealing with plaintext in POP3/IMAP (-logintype PlainTextLogin) or if I'm dancing around another problem. Still works through 2003, but I can't get their same code to work through 2010. I thought maybe they needed to change the script to use domain\user instead of u...@domain.commailto:u...@domain.com, but trialerror failed there. Am I wrong in thinking it's the plaintext issue, or am I just missing the obvious? Rick --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader
RE: SMTP relay domains
Sorry to go off topic but for some weird reason I can't send e-mail to the list to start a new thread only reply to live ones :) I'm having the following issue. Can anyone assist? I've got a user with an iPAD and iPhone who's experiencing a weird situation. He says that there a couple of folders in below his inbox that only show up on the iPAD but don't show up on his desktop.,Outlook 2010, or in the OWA folder of his mailbox. My understanding has always been that the iPAD is pure activesync client and doesn't remove any data off of the server. Any one got any ideas? It's Exchange 2010 SP1 with CAS,HT and MB roles. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
SMTP relay domains
Hello all, Is there a way to make sure users can only relay through our Exchange 2010 server when using our domain? Let me be more specific, I don't want users to relay (authenticated smtp) on our Exchange 2010 with their home address. They must be able to relay but only from our domain @khlim.be Thnx! Met vriendelijke groeten, KHLim Katholieke Hogeschool Limburg Associatie KULeuven http://www.khlim.behttp://www.khlim.be/ Tim Vandael ICT Systeembeheerder Campus Diepenbeek, Agoralaan gebouw B, bus 1, 3590 Diepenbeek T +32 11 23 08 94 - F +32 11 23 07 89 - G +32 478 40 52 36 tim.vand...@khlim.bemailto:tim.vand...@khlim.be --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelistinline: image001.gif
RE: SMTP relay domains
HI Tim Not sure that you can lock this down in the GUI but you could probably create an transport rule to strip at all e-mail from any domain other than yours. Just an idea and I will state that I've never actually tried this!!! Regards [cid:image002.jpg@01CB84E6.71A40430] Peter Johnson I.T Architect United Kingdom: +44 1285 658542 South Africa: +27 11 252 1100 Swaziland: +268 442 7000 Fax:+27 11 974 7130 Mobile: +2783 306 0019 peter.john...@peterstow.com www.peterstow.comhttp://www.peterstow.com This email message (including attachments) contains information which may be confidential and/or legally privileged. Unless you are the intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the message or from any attachments that were sent with this email, and If you have received this email message in error, please advise the sender by email, and delete the message. Unauthorised disclosure and/or use of information contained in this email may result in civil and criminal liability. Everything in this e-mail and attachments relating to the official business of Peterstow Aquapower is proprietary to the company. Caution should be observed in placing any reliance upon any information contained in this e-mail, which is not intended to be a representation or inducement to make any decision in relation to Peterstow Aquapower. Any decision taken based on the information provided in this e-mail, should only be made after consultation with appropriate legal, regulatory, tax, technical, business, investment, financial, and accounting advisors. Neither the sender of the e-mail, nor Peterstow Aquapower shall be liable to any party for any direct, indirect or consequential damages, including, without limitation, loss of profit, interruption of business or loss of information, data or software or otherwise. The e-mail address of the sender may not be used, copied, sold, disclosed or incorporated into any database or mailing list for spamming and/or other marketing purposes without the prior consent of Peterstow Aquapower. No warranties are created or implied that an employee of Peterstow Aquapower and/or a contractor of Peterstow Aquapower is authorized to create and send this e-mail. [cid:image003.jpg@01CB84E6.71A40430] From: Vandael Tim [mailto:tim.vand...@khlim.be] Sent: 15 November 2010 16:36 To: MS-Exchange Admin Issues Subject: SMTP relay domains Hello all, Is there a way to make sure users can only relay through our Exchange 2010 server when using our domain? Let me be more specific, I don't want users to relay (authenticated smtp) on our Exchange 2010 with their home address. They must be able to relay but only from our domain @khlim.be Thnx! Met vriendelijke groeten, KHLim Katholieke Hogeschool Limburg Associatie KULeuven http://www.khlim.behttp://www.khlim.be/ Tim Vandael ICT Systeembeheerder Campus Diepenbeek, Agoralaan gebouw B, bus 1, 3590 Diepenbeek T +32 11 23 08 94 - F +32 11 23 07 89 - G +32 478 40 52 36 tim.vand...@khlim.bemailto:tim.vand...@khlim.be --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelistinline: image002.jpginline: image003.jpginline: image004.gif
RE: SMTP relay domains
Not familiar with the size of your installation, # of sites, # of subnets, etc … but you could restrict relay to only those subnets within your domains, or even a supernet of your subnets if there is a suitable scheme. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Vandael Tim [mailto:tim.vand...@khlim.be] Sent: Monday, November 15, 2010 9:36 AM To: MS-Exchange Admin Issues Subject: SMTP relay domains Hello all, Is there a way to make sure users can only relay through our Exchange 2010 server when using our domain? Let me be more specific, I don’t want users to relay (authenticated smtp) on our Exchange 2010 with their home address. They must be able to relay but only from our domain @khlim.be Thnx! Met vriendelijke groeten, KHLim Katholieke Hogeschool Limburg Associatie KULeuven http://www.khlim.be http://www.khlim.be/ Tim Vandael ICT Systeembeheerder Campus Diepenbeek, Agoralaan gebouw B, bus 1, 3590 Diepenbeek T +32 11 23 08 94 - F +32 11 23 07 89 - G +32 478 40 52 36 mailto:tim.vand...@khlim.be tim.vand...@khlim.be Description: bar --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelistimage001.gif
RE: SMTP relay domains
Hello Erik, That would be a nice solution. But we have some much vlan's and people move so much that there is no line to draw... I tried it but when you open your relay in Exchange, the standard setting is completely open. Met vriendelijke groeten, KHLim Katholieke Hogeschool Limburg Associatie KULeuven http://www.khlim.behttp://www.khlim.be/ Tim Vandael ICT Systeembeheerder Campus Diepenbeek, Agoralaan gebouw B, bus 1, 3590 Diepenbeek T +32 11 23 08 94 - F +32 11 23 07 89 - G +32 476 22 45 22 tim.vand...@khlim.bemailto:tim.vand...@khlim.be From: Erik Goldoff [mailto:egold...@gmail.com] Sent: maandag 15 november 2010 20:32 To: MS-Exchange Admin Issues Subject: RE: SMTP relay domains Not familiar with the size of your installation, # of sites, # of subnets, etc ... but you could restrict relay to only those subnets within your domains, or even a supernet of your subnets if there is a suitable scheme. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Vandael Tim [mailto:tim.vand...@khlim.be] Sent: Monday, November 15, 2010 9:36 AM To: MS-Exchange Admin Issues Subject: SMTP relay domains Hello all, Is there a way to make sure users can only relay through our Exchange 2010 server when using our domain? Let me be more specific, I don't want users to relay (authenticated smtp) on our Exchange 2010 with their home address. They must be able to relay but only from our domain @khlim.be Thnx! Met vriendelijke groeten, KHLim Katholieke Hogeschool Limburg Associatie KULeuven http://www.khlim.behttp://www.khlim.be/ Tim Vandael ICT Systeembeheerder Campus Diepenbeek, Agoralaan gebouw B, bus 1, 3590 Diepenbeek T +32 11 23 08 94 - F +32 11 23 07 89 - G +32 478 40 52 36 tim.vand...@khlim.bemailto:tim.vand...@khlim.be --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelistinline: image001.gif
RE: Open relay... Kind of
Anyone with any ideas? Appreciate it! From: gro...@beachcomp.com [mailto:gro...@beachcomp.com] Sent: Tuesday, July 06, 2010 3:52 PM To: MS-Exchange Admin Issues Subject: RE: Open relay... Kind of So.. how do I tell it that unless the user is authenticated, do not accept from @samedomain.com? From: Chris Boller [mailto:ch...@mahoola.com] Sent: Tuesday, July 06, 2010 2:59 PM To: MS-Exchange Admin Issues Subject: RE: Open relay... Kind of That's right, out of the box you can deliver mail to any exchange 2003 server and as long as it's in the accepted domain list it will deliver regardless of the mail from: CB _ From: gro...@beachcomp.com [gro...@beachcomp.com] Sent: 06 July 2010 19:49 To: MS-Exchange Admin Issues Subject: Open relay... Kind of Hi all, Having one of those days. Just noticed our exchange server doing something funky and wondered if I was missing something. Using an Exchange 2003 machine, and for some reason it's allowing local to local e-mail remotely and w/o authentication. What am I missing here? Here's a telnet session from a REMOTE machine: 220 Server.Domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.46 75 ready at Tue, 6 Jul 2010 14:35:41 -0400 HELO 250 Server.Domain.com Hello [208.00.00.99] MAIL FROM:t...@domain.com 250 2.1.0 t...@domain.comsender OK RCPT TO:t...@domain.com DATA 250 2.1.5 t...@domain.com 354 Start mail input; end with CRLF.CRLF TEST . 250 2.6.0 serverox7nyekzgzuny0...@server.domain.com Queued mail for delivery 220 Server.Domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.46 75 ready at Tue, 6 Jul 2010 14:42:21 -0400 HELO 250 Server.Domain.com Hello [208.00.00.99] MAIL FROM:t...@domain.com 250 2.1.0 t...@domain.comsender OK RCPT TO:t...@test.com 550 5.7.1 Unable to relay for t...@test.com 220 Server.Domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.46 75 ready at Tue, 6 Jul 2010 14:43:39 -0400 HELO 250 Server.Domain.com Hello [208.00.00.99] MAIL FROM:t...@test.com 250 2.1.0 t...@test.comsender OK RCPT TO:t...@test.com 550 5.7.1 Unable to relay for t...@test.com 220 Server.Domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.46 75 ready at Tue, 6 Jul 2010 14:45:37 -0400 HELO 250 Server.Domain.com Hello [208.00.00.99] MAIL FROM 501 5.5.4 Unrecognized parameter MAIL FROM:t...@test.com 250 2.1.0 t...@test.comsender OK RCPT TO:t...@domain.com 250 2.1.5 t...@domain.com DATA 354 Start mail input; end with CRLF.CRLF TEST . 250 2.6.0 serverfraqbc8wsa1xv0...@server.domain.com Queued mail for delivery Thanks for your input.
RE: Open relay... Kind of
OK, in your bunch of telnet tests below, you demonstrated that mail delivery from any domain including your own, to a valid e-mail address at your own domain, succeeds. That's assuming that t...@domain.com is a valid e-mail address. And that's pretty much the way e-mail works. If you want to block inbound mail mail coming from a particular sender's domain, you use sender filtering and just put @domain.com in the sender filtering list. Yes, that could be a problem for your same-domain.com users who authenticate to deliver mail using SMTP (and presumably retrieve mail using POP3 or IMAP). The solution to that is, don't use POP/IMAP/SMTP for your remote users. Use RPC/https or OWA. So now you can sender-filter e-mail from anyone that comes in from @same-domain.com The answer to your specific question, to only do sender filtering for unauthenticated senders, is, you can't get there from here. Carl From: gro...@beachcomp.com [mailto:gro...@beachcomp.com] Sent: Wednesday, July 07, 2010 8:43 PM To: MS-Exchange Admin Issues Subject: RE: Open relay... Kind of Anyone with any ideas? Appreciate it! From: gro...@beachcomp.com [mailto:gro...@beachcomp.com] Sent: Tuesday, July 06, 2010 3:52 PM To: MS-Exchange Admin Issues Subject: RE: Open relay... Kind of So.. how do I tell it that unless the user is authenticated, do not accept from @samedomain.com? From: Chris Boller [mailto:ch...@mahoola.com] Sent: Tuesday, July 06, 2010 2:59 PM To: MS-Exchange Admin Issues Subject: RE: Open relay... Kind of That's right, out of the box you can deliver mail to any exchange 2003 server and as long as it's in the accepted domain list it will deliver regardless of the mail from: CB _ From: gro...@beachcomp.com [gro...@beachcomp.com] Sent: 06 July 2010 19:49 To: MS-Exchange Admin Issues Subject: Open relay... Kind of Hi all, Having one of those days. Just noticed our exchange server doing something funky and wondered if I was missing something. Using an Exchange 2003 machine, and for some reason it's allowing local to local e-mail remotely and w/o authentication. What am I missing here? Here's a telnet session from a REMOTE machine: 220 Server.Domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.46 75 ready at Tue, 6 Jul 2010 14:35:41 -0400 HELO 250 Server.Domain.com Hello [208.00.00.99] MAIL FROM:t...@domain.com 250 2.1.0 t...@domain.comsender OK RCPT TO:t...@domain.com DATA 250 2.1.5 t...@domain.com 354 Start mail input; end with CRLF.CRLF TEST . 250 2.6.0 serverox7nyekzgzuny0...@server.domain.com Queued mail for delivery 220 Server.Domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.46 75 ready at Tue, 6 Jul 2010 14:42:21 -0400 HELO 250 Server.Domain.com Hello [208.00.00.99] MAIL FROM:t...@domain.com 250 2.1.0 t...@domain.comsender OK RCPT TO:t...@test.com 550 5.7.1 Unable to relay for t...@test.com 220 Server.Domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.46 75 ready at Tue, 6 Jul 2010 14:43:39 -0400 HELO 250 Server.Domain.com Hello [208.00.00.99] MAIL FROM:t...@test.com 250 2.1.0 t...@test.comsender OK RCPT TO:t...@test.com 550 5.7.1 Unable to relay for t...@test.com 220 Server.Domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.46 75 ready at Tue, 6 Jul 2010 14:45:37 -0400 HELO 250 Server.Domain.com Hello [208.00.00.99] MAIL FROM 501 5.5.4 Unrecognized parameter MAIL FROM:t...@test.com 250 2.1.0 t...@test.comsender OK RCPT TO:t...@domain.com 250 2.1.5 t...@domain.com DATA 354 Start mail input; end with CRLF.CRLF TEST . 250 2.6.0 serverfraqbc8wsa1xv0...@server.domain.com Queued mail for delivery Thanks for your input.
Open relay... Kind of
Hi all, Having one of those days. Just noticed our exchange server doing something funky and wondered if I was missing something. Using an Exchange 2003 machine, and for some reason it's allowing local to local e-mail remotely and w/o authentication. What am I missing here? Here's a telnet session from a REMOTE machine: 220 Server.Domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.46 75 ready at Tue, 6 Jul 2010 14:35:41 -0400 HELO 250 Server.Domain.com Hello [208.00.00.99] MAIL FROM:t...@domain.com 250 2.1.0 t...@domain.comsender OK RCPT TO:t...@domain.com DATA 250 2.1.5 t...@domain.com 354 Start mail input; end with CRLF.CRLF TEST . 250 2.6.0 serverox7nyekzgzuny0...@server.domain.com Queued mail for delivery 220 Server.Domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.46 75 ready at Tue, 6 Jul 2010 14:42:21 -0400 HELO 250 Server.Domain.com Hello [208.00.00.99] MAIL FROM:t...@domain.com 250 2.1.0 t...@domain.comsender OK RCPT TO:t...@test.com 550 5.7.1 Unable to relay for t...@test.com 220 Server.Domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.46 75 ready at Tue, 6 Jul 2010 14:43:39 -0400 HELO 250 Server.Domain.com Hello [208.00.00.99] MAIL FROM:t...@test.com 250 2.1.0 t...@test.comsender OK RCPT TO:t...@test.com 550 5.7.1 Unable to relay for t...@test.com 220 Server.Domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.46 75 ready at Tue, 6 Jul 2010 14:45:37 -0400 HELO 250 Server.Domain.com Hello [208.00.00.99] MAIL FROM 501 5.5.4 Unrecognized parameter MAIL FROM:t...@test.com 250 2.1.0 t...@test.comsender OK RCPT TO:t...@domain.com 250 2.1.5 t...@domain.com DATA 354 Start mail input; end with CRLF.CRLF TEST . 250 2.6.0 serverfraqbc8wsa1xv0...@server.domain.com Queued mail for delivery Thanks for your input.
Re: Open relay... Kind of
I haven't used Exchange 2003 in a while, but are you testing this using telnet from within your network? I know some other mail systems I've used (Postfix) can allow only certain IP's or a local lan to send mail. On Tue, Jul 6, 2010 at 11:49 AM, gro...@beachcomp.com wrote: Hi all, Having one of those days. Just noticed our exchange server doing something funky and wondered if I was missing something. Using an Exchange 2003 machine, and for some reason it's allowing local to local e-mail remotely and w/o authentication. What am I missing here? Here's a telnet session from a REMOTE machine: 220 Server.Domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.46 75 ready at Tue, 6 Jul 2010 14:35:41 -0400 HELO 250 Server.Domain.com Hello [208.00.00.99] MAIL FROM:t...@domain.com 250 2.1.0 t...@domain.comsender OK RCPT TO:t...@domain.com DATA 250 2.1.5 t...@domain.com 354 Start mail input; end with CRLF.CRLF TEST . 250 2.6.0 serverox7nyekzgzuny0...@server.domain.com Queued mail for delivery 220 Server.Domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.46 75 ready at Tue, 6 Jul 2010 14:42:21 -0400 HELO 250 Server.Domain.com Hello [208.00.00.99] MAIL FROM:t...@domain.com 250 2.1.0 t...@domain.comsender OK RCPT TO:t...@test.com to%3at...@test.com 550 5.7.1 Unable to relay for t...@test.com 220 Server.Domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.46 75 ready at Tue, 6 Jul 2010 14:43:39 -0400 HELO 250 Server.Domain.com Hello [208.00.00.99] MAIL FROM:t...@test.com from%3at...@test.com 250 2.1.0 t...@test.comsender OK RCPT TO:t...@test.com to%3at...@test.com 550 5.7.1 Unable to relay for t...@test.com 220 Server.Domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.46 75 ready at Tue, 6 Jul 2010 14:45:37 -0400 HELO 250 Server.Domain.com Hello [208.00.00.99] MAIL FROM 501 5.5.4 Unrecognized parameter MAIL FROM:t...@test.com from%3at...@test.com 250 2.1.0 t...@test.comsender OK RCPT TO:t...@domain.com 250 2.1.5 t...@domain.com DATA 354 Start mail input; end with CRLF.CRLF TEST . 250 2.6.0 serverfraqbc8wsa1xv0...@server.domain.com Queued mail for delivery Thanks for your input.
RE: Open relay... Kind of
That's right, out of the box you can deliver mail to any exchange 2003 server and as long as it's in the accepted domain list it will deliver regardless of the mail from: CB From: gro...@beachcomp.com [gro...@beachcomp.com] Sent: 06 July 2010 19:49 To: MS-Exchange Admin Issues Subject: Open relay... Kind of Hi all, Having one of those days. Just noticed our exchange server doing something funky and wondered if I was missing something. Using an Exchange 2003 machine, and for some reason it's allowing local to local e-mail remotely and w/o authentication. What am I missing here? Here's a telnet session from a REMOTE machine: 220 Server.Domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.46 75 ready at Tue, 6 Jul 2010 14:35:41 -0400 HELO 250 Server.Domain.com Hello [208.00.00.99] MAIL FROM:t...@domain.com 250 2.1.0 t...@domain.comsender OK RCPT TO:t...@domain.com DATA 250 2.1.5 t...@domain.com 354 Start mail input; end with CRLF.CRLF TEST . 250 2.6.0 serverox7nyekzgzuny0...@server.domain.com Queued mail for delivery 220 Server.Domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.46 75 ready at Tue, 6 Jul 2010 14:42:21 -0400 HELO 250 Server.Domain.com Hello [208.00.00.99] MAIL FROM:t...@domain.com 250 2.1.0 t...@domain.comsender OK RCPT TO:t...@test.com 550 5.7.1 Unable to relay for t...@test.com 220 Server.Domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.46 75 ready at Tue, 6 Jul 2010 14:43:39 -0400 HELO 250 Server.Domain.com Hello [208.00.00.99] MAIL FROM:t...@test.com 250 2.1.0 t...@test.comsender OK RCPT TO:t...@test.com 550 5.7.1 Unable to relay for t...@test.com 220 Server.Domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.46 75 ready at Tue, 6 Jul 2010 14:45:37 -0400 HELO 250 Server.Domain.com Hello [208.00.00.99] MAIL FROM 501 5.5.4 Unrecognized parameter MAIL FROM:t...@test.com 250 2.1.0 t...@test.comsender OK RCPT TO:t...@domain.com 250 2.1.5 t...@domain.com DATA 354 Start mail input; end with CRLF.CRLF TEST . 250 2.6.0 serverfraqbc8wsa1xv0...@server.domain.com Queued mail for delivery Thanks for your input.
RE: Open relay... Kind of
From an outside (stranger) network. From: Eric [mailto:seag...@gmail.com] Sent: Tuesday, July 06, 2010 2:56 PM To: MS-Exchange Admin Issues Subject: Re: Open relay... Kind of I haven't used Exchange 2003 in a while, but are you testing this using telnet from within your network? I know some other mail systems I've used (Postfix) can allow only certain IP's or a local lan to send mail. On Tue, Jul 6, 2010 at 11:49 AM, gro...@beachcomp.com wrote: Hi all, Having one of those days. Just noticed our exchange server doing something funky and wondered if I was missing something. Using an Exchange 2003 machine, and for some reason it's allowing local to local e-mail remotely and w/o authentication. What am I missing here? Here's a telnet session from a REMOTE machine: 220 Server.Domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.46 75 ready at Tue, 6 Jul 2010 14:35:41 -0400 HELO 250 Server.Domain.com Hello [208.00.00.99] MAIL FROM:t...@domain.com 250 2.1.0 t...@domain.comsender OK RCPT TO:t...@domain.com DATA 250 2.1.5 t...@domain.com 354 Start mail input; end with CRLF.CRLF TEST . 250 2.6.0 serverox7nyekzgzuny0...@server.domain.com Queued mail for delivery 220 Server.Domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.46 75 ready at Tue, 6 Jul 2010 14:42:21 -0400 HELO 250 Server.Domain.com Hello [208.00.00.99] MAIL FROM:t...@domain.com 250 2.1.0 t...@domain.comsender OK RCPT TO:t...@test.com mailto:to%3at...@test.com 550 5.7.1 Unable to relay for t...@test.com 220 Server.Domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.46 75 ready at Tue, 6 Jul 2010 14:43:39 -0400 HELO 250 Server.Domain.com Hello [208.00.00.99] MAIL FROM:t...@test.com mailto:from%3at...@test.com 250 2.1.0 t...@test.comsender OK RCPT TO:t...@test.com mailto:to%3at...@test.com 550 5.7.1 Unable to relay for t...@test.com 220 Server.Domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.46 75 ready at Tue, 6 Jul 2010 14:45:37 -0400 HELO 250 Server.Domain.com Hello [208.00.00.99] MAIL FROM 501 5.5.4 Unrecognized parameter MAIL FROM:t...@test.com mailto:from%3at...@test.com 250 2.1.0 t...@test.comsender OK RCPT TO:t...@domain.com 250 2.1.5 t...@domain.com DATA 354 Start mail input; end with CRLF.CRLF TEST . 250 2.6.0 serverfraqbc8wsa1xv0...@server.domain.com Queued mail for delivery Thanks for your input.
Re: Open relay... Kind of
Open Relay test: http://www.abuse.net/relay.html Die dulci fruere! Roger Wright ___ On Tue, Jul 6, 2010 at 2:49 PM, gro...@beachcomp.com wrote: Hi all, Having one of those days. Just noticed our exchange server doing something funky and wondered if I was missing something. Using an Exchange 2003 machine, and for some reason it's allowing local to local e-mail remotely and w/o authentication. What am I missing here? Here's a telnet session from a REMOTE machine: 220 Server.Domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.46 75 ready at Tue, 6 Jul 2010 14:35:41 -0400 HELO 250 Server.Domain.com Hello [208.00.00.99] MAIL FROM:t...@domain.com 250 2.1.0 t...@domain.comsender OK RCPT TO:t...@domain.com DATA 250 2.1.5 t...@domain.com 354 Start mail input; end with CRLF.CRLF TEST . 250 2.6.0 serverox7nyekzgzuny0...@server.domain.com Queued mail for delivery 220 Server.Domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.46 75 ready at Tue, 6 Jul 2010 14:42:21 -0400 HELO 250 Server.Domain.com Hello [208.00.00.99] MAIL FROM:t...@domain.com 250 2.1.0 t...@domain.comsender OK RCPT TO:t...@test.com 550 5.7.1 Unable to relay for t...@test.com 220 Server.Domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.46 75 ready at Tue, 6 Jul 2010 14:43:39 -0400 HELO 250 Server.Domain.com Hello [208.00.00.99] MAIL FROM:t...@test.com 250 2.1.0 t...@test.comsender OK RCPT TO:t...@test.com 550 5.7.1 Unable to relay for t...@test.com 220 Server.Domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.46 75 ready at Tue, 6 Jul 2010 14:45:37 -0400 HELO 250 Server.Domain.com Hello [208.00.00.99] MAIL FROM 501 5.5.4 Unrecognized parameter MAIL FROM:t...@test.com 250 2.1.0 t...@test.comsender OK RCPT TO:t...@domain.com 250 2.1.5 t...@domain.com DATA 354 Start mail input; end with CRLF.CRLF TEST . 250 2.6.0 serverfraqbc8wsa1xv0...@server.domain.com Queued mail for delivery Thanks for your input.
RE: Open relay... Kind of
So.. how do I tell it that unless the user is authenticated, do not accept from @samedomain.com? From: Chris Boller [mailto:ch...@mahoola.com] Sent: Tuesday, July 06, 2010 2:59 PM To: MS-Exchange Admin Issues Subject: RE: Open relay... Kind of That's right, out of the box you can deliver mail to any exchange 2003 server and as long as it's in the accepted domain list it will deliver regardless of the mail from: CB _ From: gro...@beachcomp.com [gro...@beachcomp.com] Sent: 06 July 2010 19:49 To: MS-Exchange Admin Issues Subject: Open relay... Kind of Hi all, Having one of those days. Just noticed our exchange server doing something funky and wondered if I was missing something. Using an Exchange 2003 machine, and for some reason it's allowing local to local e-mail remotely and w/o authentication. What am I missing here? Here's a telnet session from a REMOTE machine: 220 Server.Domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.46 75 ready at Tue, 6 Jul 2010 14:35:41 -0400 HELO 250 Server.Domain.com Hello [208.00.00.99] MAIL FROM:t...@domain.com 250 2.1.0 t...@domain.comsender OK RCPT TO:t...@domain.com DATA 250 2.1.5 t...@domain.com 354 Start mail input; end with CRLF.CRLF TEST . 250 2.6.0 serverox7nyekzgzuny0...@server.domain.com Queued mail for delivery 220 Server.Domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.46 75 ready at Tue, 6 Jul 2010 14:42:21 -0400 HELO 250 Server.Domain.com Hello [208.00.00.99] MAIL FROM:t...@domain.com 250 2.1.0 t...@domain.comsender OK RCPT TO:t...@test.com 550 5.7.1 Unable to relay for t...@test.com 220 Server.Domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.46 75 ready at Tue, 6 Jul 2010 14:43:39 -0400 HELO 250 Server.Domain.com Hello [208.00.00.99] MAIL FROM:t...@test.com 250 2.1.0 t...@test.comsender OK RCPT TO:t...@test.com 550 5.7.1 Unable to relay for t...@test.com 220 Server.Domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.46 75 ready at Tue, 6 Jul 2010 14:45:37 -0400 HELO 250 Server.Domain.com Hello [208.00.00.99] MAIL FROM 501 5.5.4 Unrecognized parameter MAIL FROM:t...@test.com 250 2.1.0 t...@test.comsender OK RCPT TO:t...@domain.com 250 2.1.5 t...@domain.com DATA 354 Start mail input; end with CRLF.CRLF TEST . 250 2.6.0 serverfraqbc8wsa1xv0...@server.domain.com Queued mail for delivery Thanks for your input.
RE: [M] [MARKETING] RE: Is an internal open relay allowed?
I know, and that's what we've been telling them. But the fact we are going to prevent relaying is a limitation. It doesn't have to be a limitation; the mail submission port can be used (port 587). You relay for authenticated users only. It sounds like there are several disparate organizations so the hurdle will be to figure out where/how the authentication occurs and who is going to take care of the user accounts. If you're not going to provide the feature that would be a great way to justify why you can't (too much cost). More and more ISP's are filtering port 25 on consumer connections so this remote relaying just becomes a larger and larger thing to deal with over time. ~JasonG
RE: Is an internal open relay allowed?
You could limit those allowed to relay to only your internal IP address ranges. Then you would appease your users and not get your email server listed on open relay blacklists. That would still not be the best solution for the reasons others have mentioned, but it would be an easily workable one. From: Vandael Tim [mailto:tim.vand...@khlim.be] Sent: Wednesday, April 28, 2010 2:54 PM To: MS-Exchange Admin Issues Subject: RE: Is an internal open relay allowed? We haven't had any issue with that so far.. Met vriendelijke groeten, KHLim Katholieke Hogeschool Limburg Associatie KULeuven http://www.khlim.be http://www.khlim.be/ Tim Vandael ICT Systeembeheerder Campus Diepenbeek, Agoralaan gebouw B, bus 1, 3590 Diepenbeek T +32 11 23 08 94 - F +32 11 23 07 89 - G +32 478 40 52 36 tim.vand...@khlim.be mailto:tim.vand...@khlim.be From: Carol Fee [mailto:c...@massbar.org] Sent: woensdag 28 april 2010 21:49 To: MS-Exchange Admin Issues Subject: RE: Is an internal open relay allowed? Wouldn't that cause you to be tagged on the Internet ? CFee From: Vandael Tim [mailto:tim.vand...@khlim.be] Sent: Wednesday, April 28, 2010 3:24 PM To: MS-Exchange Admin Issues Subject: Is an internal open relay allowed? Hello all, Any of you guys here that is familiar with the RFC rules for email? Are we as a public school allowed to send mail from other domains? The reason I'm asking it is an internal discussion we have here. We are moving to exchange 2010 and the old open internal relay is going to be shut down in a few months. So we have a lot of users complaining about the fact that they are not being be able to send mail from their home address through our exchange system. Anyone that can point me to the right information about this issue? Thnx! Met vriendelijke groeten, KHLim Katholieke Hogeschool Limburg Associatie KULeuven http://www.khlim.be http://www.khlim.be/ Tim Vandael ICT Systeembeheerder Campus Diepenbeek, Agoralaan gebouw B, bus 1, 3590 Diepenbeek T +32 11 23 08 94 - F +32 11 23 07 89 - G +32 478 40 52 36 tim.vand...@khlim.be mailto:tim.vand...@khlim.be image001.gif
RE: Is an internal open relay allowed?
Can't speak for the laws where you are but here there could be legal issues involved. For example we have some pretty strict Public Record laws so we would have to add their personal emails sent with that address to our archival system. I would ask them what business use or educational use this home email thing provides. That is always the final test for us. If it does not server educational needs we are not likely to support it. If their home ISP uses SPF (Sender Permitted From) records then their email might bounce. SPF is an addition to your DNS records that says only these servers are allowed to send email for our domain. Not used a lot but often enough I am surprised you have not had issues with that. But let's change your terminology. You are not (I hope) running an open relay. You are allowing authorized users/IP addresses to send email with any from address they want. That is not an open relay, it is a controlled relay and that is allowable. It can be a good solution for traveling people for example. From: Vandael Tim [mailto:tim.vand...@khlim.be] Sent: Wednesday, April 28, 2010 3:24 PM To: MS-Exchange Admin Issues Subject: Is an internal open relay allowed? Hello all, Any of you guys here that is familiar with the RFC rules for email? Are we as a public school allowed to send mail from other domains? The reason I'm asking it is an internal discussion we have here. We are moving to exchange 2010 and the old open internal relay is going to be shut down in a few months. So we have a lot of users complaining about the fact that they are not being be able to send mail from their home address through our exchange system. Anyone that can point me to the right information about this issue? Thnx! Met vriendelijke groeten, KHLim Katholieke Hogeschool Limburg Associatie KULeuven http://www.khlim.behttp://www.khlim.be/ Tim Vandael ICT Systeembeheerder Campus Diepenbeek, Agoralaan gebouw B, bus 1, 3590 Diepenbeek T +32 11 23 08 94 - F +32 11 23 07 89 - G +32 478 40 52 36 tim.vand...@khlim.bemailto:tim.vand...@khlim.be inline: image001.gif
RE: Is an internal open relay allowed?
Jim, sorry to disappoint you but internally we do have an open relay. :( All users (students, teachers, staff, ...) are able to send mail It's an old machine that has been setup many years ago, but it still works. Moving from postfix to exchange is easy to explain if you point the users to the extra advantages they are going to experience. However, telling them that sending mails over our internal relay while using their home address is going to be discontinued is not easy to convince them. Met vriendelijke groeten, KHLim Katholieke Hogeschool Limburg Associatie KULeuven http://www.khlim.behttp://www.khlim.be/ Tim Vandael ICT Systeembeheerder Campus Diepenbeek, Agoralaan gebouw B, bus 1, 3590 Diepenbeek T +32 11 23 08 94 - F +32 11 23 07 89 - G +32 478 40 52 36 tim.vand...@khlim.bemailto:tim.vand...@khlim.be From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: donderdag 29 april 2010 15:44 To: MS-Exchange Admin Issues Subject: RE: Is an internal open relay allowed? Can't speak for the laws where you are but here there could be legal issues involved. For example we have some pretty strict Public Record laws so we would have to add their personal emails sent with that address to our archival system. I would ask them what business use or educational use this home email thing provides. That is always the final test for us. If it does not server educational needs we are not likely to support it. If their home ISP uses SPF (Sender Permitted From) records then their email might bounce. SPF is an addition to your DNS records that says only these servers are allowed to send email for our domain. Not used a lot but often enough I am surprised you have not had issues with that. But let's change your terminology. You are not (I hope) running an open relay. You are allowing authorized users/IP addresses to send email with any from address they want. That is not an open relay, it is a controlled relay and that is allowable. It can be a good solution for traveling people for example. From: Vandael Tim [mailto:tim.vand...@khlim.be] Sent: Wednesday, April 28, 2010 3:24 PM To: MS-Exchange Admin Issues Subject: Is an internal open relay allowed? Hello all, Any of you guys here that is familiar with the RFC rules for email? Are we as a public school allowed to send mail from other domains? The reason I'm asking it is an internal discussion we have here. We are moving to exchange 2010 and the old open internal relay is going to be shut down in a few months. So we have a lot of users complaining about the fact that they are not being be able to send mail from their home address through our exchange system. Anyone that can point me to the right information about this issue? Thnx! Met vriendelijke groeten, KHLim Katholieke Hogeschool Limburg Associatie KULeuven http://www.khlim.behttp://www.khlim.be/ Tim Vandael ICT Systeembeheerder Campus Diepenbeek, Agoralaan gebouw B, bus 1, 3590 Diepenbeek T +32 11 23 08 94 - F +32 11 23 07 89 - G +32 478 40 52 36 tim.vand...@khlim.bemailto:tim.vand...@khlim.be inline: image001.gif
RE: Is an internal open relay allowed?
Not disappointed at all. You are only allowing internal users to use it. That isn't an open relay by my definition. I would define that as open to anyonelike open to the whole world/internet. What you are doing is very common. Back in the old days before outlook over https we had a bunch of traveling employees that used a specific ISP when on the road. When they were on the road they used that ISP's email server to send our work domain's email, and that ISP was not the one we used at the office. Perfectly acceptable. You don't have an issue with internet 'rules' here at all, you are following them just fine. From: Vandael Tim [mailto:tim.vand...@khlim.be] Sent: Thursday, April 29, 2010 10:22 AM To: MS-Exchange Admin Issues Subject: RE: Is an internal open relay allowed? Jim, sorry to disappoint you but internally we do have an open relay. :( All users (students, teachers, staff, ...) are able to send mail It's an old machine that has been setup many years ago, but it still works. Moving from postfix to exchange is easy to explain if you point the users to the extra advantages they are going to experience. However, telling them that sending mails over our internal relay while using their home address is going to be discontinued is not easy to convince them. Met vriendelijke groeten, KHLim Katholieke Hogeschool Limburg Associatie KULeuven http://www.khlim.behttp://www.khlim.be/ Tim Vandael ICT Systeembeheerder Campus Diepenbeek, Agoralaan gebouw B, bus 1, 3590 Diepenbeek T +32 11 23 08 94 - F +32 11 23 07 89 - G +32 478 40 52 36 tim.vand...@khlim.bemailto:tim.vand...@khlim.be From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: donderdag 29 april 2010 15:44 To: MS-Exchange Admin Issues Subject: RE: Is an internal open relay allowed? Can't speak for the laws where you are but here there could be legal issues involved. For example we have some pretty strict Public Record laws so we would have to add their personal emails sent with that address to our archival system. I would ask them what business use or educational use this home email thing provides. That is always the final test for us. If it does not server educational needs we are not likely to support it. If their home ISP uses SPF (Sender Permitted From) records then their email might bounce. SPF is an addition to your DNS records that says only these servers are allowed to send email for our domain. Not used a lot but often enough I am surprised you have not had issues with that. But let's change your terminology. You are not (I hope) running an open relay. You are allowing authorized users/IP addresses to send email with any from address they want. That is not an open relay, it is a controlled relay and that is allowable. It can be a good solution for traveling people for example. From: Vandael Tim [mailto:tim.vand...@khlim.be] Sent: Wednesday, April 28, 2010 3:24 PM To: MS-Exchange Admin Issues Subject: Is an internal open relay allowed? Hello all, Any of you guys here that is familiar with the RFC rules for email? Are we as a public school allowed to send mail from other domains? The reason I'm asking it is an internal discussion we have here. We are moving to exchange 2010 and the old open internal relay is going to be shut down in a few months. So we have a lot of users complaining about the fact that they are not being be able to send mail from their home address through our exchange system. Anyone that can point me to the right information about this issue? Thnx! Met vriendelijke groeten, KHLim Katholieke Hogeschool Limburg Associatie KULeuven http://www.khlim.behttp://www.khlim.be/ Tim Vandael ICT Systeembeheerder Campus Diepenbeek, Agoralaan gebouw B, bus 1, 3590 Diepenbeek T +32 11 23 08 94 - F +32 11 23 07 89 - G +32 478 40 52 36 tim.vand...@khlim.bemailto:tim.vand...@khlim.be inline: image001.gif
RE: Is an internal open relay allowed?
I think if you do allow it, it's going to come back and bite you. The domains they're sending from won't have your servers in their SPF records, and more domains are starting to check those for spam filtering. If you haven't yet, I think you're eventually going to run into delivery problems with those relay emails and they're going to want you to fix it. From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Thursday, April 29, 2010 8:44 AM To: MS-Exchange Admin Issues Subject: RE: Is an internal open relay allowed? Can't speak for the laws where you are but here there could be legal issues involved. For example we have some pretty strict Public Record laws so we would have to add their personal emails sent with that address to our archival system. I would ask them what business use or educational use this home email thing provides. That is always the final test for us. If it does not server educational needs we are not likely to support it. If their home ISP uses SPF (Sender Permitted From) records then their email might bounce. SPF is an addition to your DNS records that says only these servers are allowed to send email for our domain. Not used a lot but often enough I am surprised you have not had issues with that. But let's change your terminology. You are not (I hope) running an open relay. You are allowing authorized users/IP addresses to send email with any from address they want. That is not an open relay, it is a controlled relay and that is allowable. It can be a good solution for traveling people for example. From: Vandael Tim [mailto:tim.vand...@khlim.be] Sent: Wednesday, April 28, 2010 3:24 PM To: MS-Exchange Admin Issues Subject: Is an internal open relay allowed? Hello all, Any of you guys here that is familiar with the RFC rules for email? Are we as a public school allowed to send mail from other domains? The reason I'm asking it is an internal discussion we have here. We are moving to exchange 2010 and the old open internal relay is going to be shut down in a few months. So we have a lot of users complaining about the fact that they are not being be able to send mail from their home address through our exchange system. Anyone that can point me to the right information about this issue? Thnx! Met vriendelijke groeten, KHLim Katholieke Hogeschool Limburg Associatie KULeuven http://www.khlim.behttp://www.khlim.be/ Tim Vandael ICT Systeembeheerder Campus Diepenbeek, Agoralaan gebouw B, bus 1, 3590 Diepenbeek T +32 11 23 08 94 - F +32 11 23 07 89 - G +32 478 40 52 36 tim.vand...@khlim.bemailto:tim.vand...@khlim.be ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ** ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ** inline: image001.gif
RE: Is an internal open relay allowed?
I'm thinking all you need to do is find the best way to explain to them that the world has changed since that was acceptable practice - I don't believe it is acceptable any longer. From: Vandael Tim [mailto:tim.vand...@khlim.be] Sent: Thursday, April 29, 2010 7:22 AM To: MS-Exchange Admin Issues Subject: RE: Is an internal open relay allowed? Jim, sorry to disappoint you but internally we do have an open relay. :( All users (students, teachers, staff, ...) are able to send mail It's an old machine that has been setup many years ago, but it still works. Moving from postfix to exchange is easy to explain if you point the users to the extra advantages they are going to experience. However, telling them that sending mails over our internal relay while using their home address is going to be discontinued is not easy to convince them. Met vriendelijke groeten, KHLim Katholieke Hogeschool Limburg Associatie KULeuven http://www.khlim.behttp://www.khlim.be/ Tim Vandael ICT Systeembeheerder Campus Diepenbeek, Agoralaan gebouw B, bus 1, 3590 Diepenbeek T +32 11 23 08 94 - F +32 11 23 07 89 - G +32 478 40 52 36 tim.vand...@khlim.bemailto:tim.vand...@khlim.be From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: donderdag 29 april 2010 15:44 To: MS-Exchange Admin Issues Subject: RE: Is an internal open relay allowed? Can't speak for the laws where you are but here there could be legal issues involved. For example we have some pretty strict Public Record laws so we would have to add their personal emails sent with that address to our archival system. I would ask them what business use or educational use this home email thing provides. That is always the final test for us. If it does not server educational needs we are not likely to support it. If their home ISP uses SPF (Sender Permitted From) records then their email might bounce. SPF is an addition to your DNS records that says only these servers are allowed to send email for our domain. Not used a lot but often enough I am surprised you have not had issues with that. But let's change your terminology. You are not (I hope) running an open relay. You are allowing authorized users/IP addresses to send email with any from address they want. That is not an open relay, it is a controlled relay and that is allowable. It can be a good solution for traveling people for example. From: Vandael Tim [mailto:tim.vand...@khlim.be] Sent: Wednesday, April 28, 2010 3:24 PM To: MS-Exchange Admin Issues Subject: Is an internal open relay allowed? Hello all, Any of you guys here that is familiar with the RFC rules for email? Are we as a public school allowed to send mail from other domains? The reason I'm asking it is an internal discussion we have here. We are moving to exchange 2010 and the old open internal relay is going to be shut down in a few months. So we have a lot of users complaining about the fact that they are not being be able to send mail from their home address through our exchange system. Anyone that can point me to the right information about this issue? Thnx! Met vriendelijke groeten, KHLim Katholieke Hogeschool Limburg Associatie KULeuven http://www.khlim.behttp://www.khlim.be/ Tim Vandael ICT Systeembeheerder Campus Diepenbeek, Agoralaan gebouw B, bus 1, 3590 Diepenbeek T +32 11 23 08 94 - F +32 11 23 07 89 - G +32 478 40 52 36 tim.vand...@khlim.bemailto:tim.vand...@khlim.be inline: image001.gif
Re: Is an internal open relay allowed?
There are no rules for email; however, there are agreed upon standards. Spam filters check for violations against those standards, and block or tag where deemed applicable. Spoofing a domain is a standards violation. However, there are mechanisms for dealing with legitimately spoofed domains. This is handled primarily with rDNS and SPF/SenderID. I would recommend you first identify exactly what it is this discussion wants to accomplish. Then, in accordance with your own mail domain documentation, ascertain what is accomplishable with your current configuration, and if mechanisms like SPF or SenderID could help you accomplish those objectives without getting your domain blacklisted. But, by all means, don't rush this. You could very easily incur a large loss of email if you do this improperly. -- ME2 On Wed, Apr 28, 2010 at 12:24 PM, Vandael Tim tim.vand...@khlim.be wrote: Hello all, Any of you guys here that is familiar with the RFC rules for email? Are we as a public school allowed to send mail from other domains? The reason I’m asking it is an internal discussion we have here. We are moving to exchange 2010 and the old open internal relay is going to be shut down in a few months. So we have a lot of users complaining about the fact that they are not being be able to send mail from their home address through our exchange system. Anyone that can point me to the right information about this issue? Thnx! Met vriendelijke groeten, *KHLim* Katholieke Hogeschool Limburg Associatie KULeuven http://www.khlim.be/http://www.khlim.be *Tim Vandael* ICT Systeembeheerder Campus Diepenbeek, Agoralaan gebouw B, bus 1, 3590 Diepenbeek T +32 11 23 08 94 - F +32 11 23 07 89 - G +32 478 40 52 36 tim.vand...@khlim.be [image: bar] image001.gif
Is an internal open relay allowed?
Hello all, Any of you guys here that is familiar with the RFC rules for email? Are we as a public school allowed to send mail from other domains? The reason I'm asking it is an internal discussion we have here. We are moving to exchange 2010 and the old open internal relay is going to be shut down in a few months. So we have a lot of users complaining about the fact that they are not being be able to send mail from their home address through our exchange system. Anyone that can point me to the right information about this issue? Thnx! Met vriendelijke groeten, KHLim Katholieke Hogeschool Limburg Associatie KULeuven http://www.khlim.behttp://www.khlim.be/ Tim Vandael ICT Systeembeheerder Campus Diepenbeek, Agoralaan gebouw B, bus 1, 3590 Diepenbeek T +32 11 23 08 94 - F +32 11 23 07 89 - G +32 478 40 52 36 tim.vand...@khlim.bemailto:tim.vand...@khlim.be inline: image001.gif
RE: Is an internal open relay allowed?
Wouldn't that cause you to be tagged on the Internet ? CFee From: Vandael Tim [mailto:tim.vand...@khlim.be] Sent: Wednesday, April 28, 2010 3:24 PM To: MS-Exchange Admin Issues Subject: Is an internal open relay allowed? Hello all, Any of you guys here that is familiar with the RFC rules for email? Are we as a public school allowed to send mail from other domains? The reason I'm asking it is an internal discussion we have here. We are moving to exchange 2010 and the old open internal relay is going to be shut down in a few months. So we have a lot of users complaining about the fact that they are not being be able to send mail from their home address through our exchange system. Anyone that can point me to the right information about this issue? Thnx! Met vriendelijke groeten, KHLim Katholieke Hogeschool Limburg Associatie KULeuven http://www.khlim.behttp://www.khlim.be/ Tim Vandael ICT Systeembeheerder Campus Diepenbeek, Agoralaan gebouw B, bus 1, 3590 Diepenbeek T +32 11 23 08 94 - F +32 11 23 07 89 - G +32 478 40 52 36 tim.vand...@khlim.bemailto:tim.vand...@khlim.be inline: image001.gif
RE: Is an internal open relay allowed?
We haven't had any issue with that so far.. Met vriendelijke groeten, KHLim Katholieke Hogeschool Limburg Associatie KULeuven http://www.khlim.behttp://www.khlim.be/ Tim Vandael ICT Systeembeheerder Campus Diepenbeek, Agoralaan gebouw B, bus 1, 3590 Diepenbeek T +32 11 23 08 94 - F +32 11 23 07 89 - G +32 478 40 52 36 tim.vand...@khlim.bemailto:tim.vand...@khlim.be From: Carol Fee [mailto:c...@massbar.org] Sent: woensdag 28 april 2010 21:49 To: MS-Exchange Admin Issues Subject: RE: Is an internal open relay allowed? Wouldn't that cause you to be tagged on the Internet ? CFee From: Vandael Tim [mailto:tim.vand...@khlim.be] Sent: Wednesday, April 28, 2010 3:24 PM To: MS-Exchange Admin Issues Subject: Is an internal open relay allowed? Hello all, Any of you guys here that is familiar with the RFC rules for email? Are we as a public school allowed to send mail from other domains? The reason I'm asking it is an internal discussion we have here. We are moving to exchange 2010 and the old open internal relay is going to be shut down in a few months. So we have a lot of users complaining about the fact that they are not being be able to send mail from their home address through our exchange system. Anyone that can point me to the right information about this issue? Thnx! Met vriendelijke groeten, KHLim Katholieke Hogeschool Limburg Associatie KULeuven http://www.khlim.behttp://www.khlim.be/ Tim Vandael ICT Systeembeheerder Campus Diepenbeek, Agoralaan gebouw B, bus 1, 3590 Diepenbeek T +32 11 23 08 94 - F +32 11 23 07 89 - G +32 478 40 52 36 tim.vand...@khlim.bemailto:tim.vand...@khlim.be inline: image001.gif
RE: Is an internal open relay allowed?
I don't think RFC rules have exceptions for public schools. Seems to me that if the domain they are trying to send from is ok with it (i.e. includes your IP in their SPF record etc.), it's ok - otherwise many receiving domains would not accept the attempted send as your IP was not a valid sender of email for that domain. From: Vandael Tim [mailto:tim.vand...@khlim.be] Sent: Wednesday, April 28, 2010 12:24 PM To: MS-Exchange Admin Issues Subject: Is an internal open relay allowed? Hello all, Any of you guys here that is familiar with the RFC rules for email? Are we as a public school allowed to send mail from other domains? The reason I'm asking it is an internal discussion we have here. We are moving to exchange 2010 and the old open internal relay is going to be shut down in a few months. So we have a lot of users complaining about the fact that they are not being be able to send mail from their home address through our exchange system. Anyone that can point me to the right information about this issue? Thnx! Met vriendelijke groeten, KHLim Katholieke Hogeschool Limburg Associatie KULeuven http://www.khlim.behttp://www.khlim.be/ Tim Vandael ICT Systeembeheerder Campus Diepenbeek, Agoralaan gebouw B, bus 1, 3590 Diepenbeek T +32 11 23 08 94 - F +32 11 23 07 89 - G +32 478 40 52 36 tim.vand...@khlim.bemailto:tim.vand...@khlim.be inline: image001.gif
RE: Is an internal open relay allowed?
Do you know how many are using it at the moment? A lot of ISP's setup their accounts using authenticated traffic via their mail server from wherever the user connects. As a school you do not want to be liable for the outgoing comments of pupils, so you should get them to use web based or their home ISP for personal email and your systems for school related stuff. When I ran a school IT network we just made sure each use used their home ISP. Now when I was a student we had no external email access allowed, so every email had to be bounced of an open relay Mike From: Vandael Tim [mailto:tim.vand...@khlim.be] Sent: 28 April 2010 20:54 To: MS-Exchange Admin Issues Subject: RE: Is an internal open relay allowed? We haven't had any issue with that so far.. Met vriendelijke groeten, KHLim Katholieke Hogeschool Limburg Associatie KULeuven http://www.khlim.behttp://www.khlim.be/ Tim Vandael ICT Systeembeheerder Campus Diepenbeek, Agoralaan gebouw B, bus 1, 3590 Diepenbeek T +32 11 23 08 94 - F +32 11 23 07 89 - G +32 478 40 52 36 tim.vand...@khlim.bemailto:tim.vand...@khlim.be From: Carol Fee [mailto:c...@massbar.org] Sent: woensdag 28 april 2010 21:49 To: MS-Exchange Admin Issues Subject: RE: Is an internal open relay allowed? Wouldn't that cause you to be tagged on the Internet ? CFee From: Vandael Tim [mailto:tim.vand...@khlim.be] Sent: Wednesday, April 28, 2010 3:24 PM To: MS-Exchange Admin Issues Subject: Is an internal open relay allowed? Hello all, Any of you guys here that is familiar with the RFC rules for email? Are we as a public school allowed to send mail from other domains? The reason I'm asking it is an internal discussion we have here. We are moving to exchange 2010 and the old open internal relay is going to be shut down in a few months. So we have a lot of users complaining about the fact that they are not being be able to send mail from their home address through our exchange system. Anyone that can point me to the right information about this issue? Thnx! Met vriendelijke groeten, KHLim Katholieke Hogeschool Limburg Associatie KULeuven http://www.khlim.behttp://www.khlim.be/ Tim Vandael ICT Systeembeheerder Campus Diepenbeek, Agoralaan gebouw B, bus 1, 3590 Diepenbeek T +32 11 23 08 94 - F +32 11 23 07 89 - G +32 478 40 52 36 tim.vand...@khlim.bemailto:tim.vand...@khlim.be inline: image001.gif
RE: Is an internal open relay allowed?
Thnx for the answer! Is the SPF something optional to configure or is it mandatory by the RFC rules? What I need, is a official rule to which I can refer to if they come to complain. I'm just trying to cover myself in advance for the oncoming trouble.. :) Met vriendelijke groeten, KHLim Katholieke Hogeschool Limburg Associatie KULeuven http://www.khlim.behttp://www.khlim.be/ Tim Vandael ICT Systeembeheerder Campus Diepenbeek, Agoralaan gebouw B, bus 1, 3590 Diepenbeek T +32 11 23 08 94 - F +32 11 23 07 89 - G +32 478 40 52 36 tim.vand...@khlim.bemailto:tim.vand...@khlim.be From: Don Andrews [mailto:don.andr...@safeway.com] Sent: woensdag 28 april 2010 21:58 To: MS-Exchange Admin Issues Subject: RE: Is an internal open relay allowed? I don't think RFC rules have exceptions for public schools. Seems to me that if the domain they are trying to send from is ok with it (i.e. includes your IP in their SPF record etc.), it's ok - otherwise many receiving domains would not accept the attempted send as your IP was not a valid sender of email for that domain. From: Vandael Tim [mailto:tim.vand...@khlim.be] Sent: Wednesday, April 28, 2010 12:24 PM To: MS-Exchange Admin Issues Subject: Is an internal open relay allowed? Hello all, Any of you guys here that is familiar with the RFC rules for email? Are we as a public school allowed to send mail from other domains? The reason I'm asking it is an internal discussion we have here. We are moving to exchange 2010 and the old open internal relay is going to be shut down in a few months. So we have a lot of users complaining about the fact that they are not being be able to send mail from their home address through our exchange system. Anyone that can point me to the right information about this issue? Thnx! Met vriendelijke groeten, KHLim Katholieke Hogeschool Limburg Associatie KULeuven http://www.khlim.behttp://www.khlim.be/ Tim Vandael ICT Systeembeheerder Campus Diepenbeek, Agoralaan gebouw B, bus 1, 3590 Diepenbeek T +32 11 23 08 94 - F +32 11 23 07 89 - G +32 478 40 52 36 tim.vand...@khlim.bemailto:tim.vand...@khlim.be inline: image001.gif
RE: Is an internal open relay allowed?
http://www.openspf.org/ From: Vandael Tim [mailto:tim.vand...@khlim.be] Sent: Wednesday, April 28, 2010 1:03 PM To: MS-Exchange Admin Issues Subject: RE: Is an internal open relay allowed? Thnx for the answer! Is the SPF something optional to configure or is it mandatory by the RFC rules? What I need, is a official rule to which I can refer to if they come to complain. I'm just trying to cover myself in advance for the oncoming trouble.. :) Met vriendelijke groeten, KHLim Katholieke Hogeschool Limburg Associatie KULeuven http://www.khlim.behttp://www.khlim.be/ Tim Vandael ICT Systeembeheerder Campus Diepenbeek, Agoralaan gebouw B, bus 1, 3590 Diepenbeek T +32 11 23 08 94 - F +32 11 23 07 89 - G +32 478 40 52 36 tim.vand...@khlim.bemailto:tim.vand...@khlim.be From: Don Andrews [mailto:don.andr...@safeway.com] Sent: woensdag 28 april 2010 21:58 To: MS-Exchange Admin Issues Subject: RE: Is an internal open relay allowed? I don't think RFC rules have exceptions for public schools. Seems to me that if the domain they are trying to send from is ok with it (i.e. includes your IP in their SPF record etc.), it's ok - otherwise many receiving domains would not accept the attempted send as your IP was not a valid sender of email for that domain. From: Vandael Tim [mailto:tim.vand...@khlim.be] Sent: Wednesday, April 28, 2010 12:24 PM To: MS-Exchange Admin Issues Subject: Is an internal open relay allowed? Hello all, Any of you guys here that is familiar with the RFC rules for email? Are we as a public school allowed to send mail from other domains? The reason I'm asking it is an internal discussion we have here. We are moving to exchange 2010 and the old open internal relay is going to be shut down in a few months. So we have a lot of users complaining about the fact that they are not being be able to send mail from their home address through our exchange system. Anyone that can point me to the right information about this issue? Thnx! Met vriendelijke groeten, KHLim Katholieke Hogeschool Limburg Associatie KULeuven http://www.khlim.behttp://www.khlim.be/ Tim Vandael ICT Systeembeheerder Campus Diepenbeek, Agoralaan gebouw B, bus 1, 3590 Diepenbeek T +32 11 23 08 94 - F +32 11 23 07 89 - G +32 478 40 52 36 tim.vand...@khlim.bemailto:tim.vand...@khlim.be inline: image001.gif
[MALWARE FREE]RE: Is an internal open relay allowed?
Hello, Could you have the users setup their email client at home to authenticate to the email server so that they can send their outgoing email from the Exchange server. Are they using Outlook from home? Even if they are not using Outlook I would think that you could find a mail client that would use POP3/SMTP and allow the user to authenticate with the Exchange server in order to send mail. Of course the mail would be sent using the domain of the Exchange server and this assumes that they have a domain and Exchange account. As far as a policy is concerned an open relay is never a good idea and your server will just end up on a blacklist if the server remains open for relay. That point should be enough of a reason to justify closing the open relay. Chris Chris Knieriem Potomac Computer Care 920 National Highway Cumberland, MD 21502 301-777-3914 cknier...@pccareonline.com From: Don Andrews [mailto:don.andr...@safeway.com] Sent: Wednesday, April 28, 2010 3:58 PM To: MS-Exchange Admin Issues Subject: [MALWARE FREE]RE: Is an internal open relay allowed? I don't think RFC rules have exceptions for public schools. Seems to me that if the domain they are trying to send from is ok with it (i.e. includes your IP in their SPF record etc.), it's ok - otherwise many receiving domains would not accept the attempted send as your IP was not a valid sender of email for that domain. From: Vandael Tim [mailto:tim.vand...@khlim.be] Sent: Wednesday, April 28, 2010 12:24 PM To: MS-Exchange Admin Issues Subject: Is an internal open relay allowed? Hello all, Any of you guys here that is familiar with the RFC rules for email? Are we as a public school allowed to send mail from other domains? The reason I'm asking it is an internal discussion we have here. We are moving to exchange 2010 and the old open internal relay is going to be shut down in a few months. So we have a lot of users complaining about the fact that they are not being be able to send mail from their home address through our exchange system. Anyone that can point me to the right information about this issue? Thnx! Met vriendelijke groeten, KHLim Katholieke Hogeschool Limburg Associatie KULeuven http://www.khlim.behttp://www.khlim.be/ Tim Vandael ICT Systeembeheerder Campus Diepenbeek, Agoralaan gebouw B, bus 1, 3590 Diepenbeek T +32 11 23 08 94 - F +32 11 23 07 89 - G +32 478 40 52 36 tim.vand...@khlim.bemailto:tim.vand...@khlim.be Contact Potomac Computer Care for a SPAM and MALWARE firewall to protect your business email from threats. Contact Potomac Computer Care for a SPAM and MALWARE firewall to protect your business email from threats. inline: image001.gif
RE: Is an internal open relay allowed?
Just a thought here, but most IPs allow their users some form of webmail access. Can't they use that to access their personal email? -Paul From: Vandael Tim [mailto:tim.vand...@khlim.be] Sent: Wednesday, April 28, 2010 2:24 PM To: MS-Exchange Admin Issues Subject: Is an internal open relay allowed? Hello all, Any of you guys here that is familiar with the RFC rules for email? Are we as a public school allowed to send mail from other domains? The reason I'm asking it is an internal discussion we have here. We are moving to exchange 2010 and the old open internal relay is going to be shut down in a few months. So we have a lot of users complaining about the fact that they are not being be able to send mail from their home address through our exchange system. Anyone that can point me to the right information about this issue? Thnx! Met vriendelijke groeten, KHLim Katholieke Hogeschool Limburg Associatie KULeuven http://www.khlim.be http://www.khlim.be/ Tim Vandael ICT Systeembeheerder Campus Diepenbeek, Agoralaan gebouw B, bus 1, 3590 Diepenbeek T +32 11 23 08 94 - F +32 11 23 07 89 - G +32 478 40 52 36 tim.vand...@khlim.be mailto:tim.vand...@khlim.be image001.gif
RE: Is an internal open relay allowed?
I know, and that's what we've been telling them. But the fact we are going to prevent relaying is a limitation. Met vriendelijke groeten, KHLim Katholieke Hogeschool Limburg Associatie KULeuven http://www.khlim.behttp://www.khlim.be/ Tim Vandael ICT Systeembeheerder Campus Diepenbeek, Agoralaan gebouw B, bus 1, 3590 Diepenbeek T +32 11 23 08 94 - F +32 11 23 07 89 - G +32 478 40 52 36 tim.vand...@khlim.bemailto:tim.vand...@khlim.be From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: woensdag 28 april 2010 22:25 To: MS-Exchange Admin Issues Subject: RE: Is an internal open relay allowed? Just a thought here, but most IPs allow their users some form of webmail access. Can't they use that to access their personal email? -Paul From: Vandael Tim [mailto:tim.vand...@khlim.be] Sent: Wednesday, April 28, 2010 2:24 PM To: MS-Exchange Admin Issues Subject: Is an internal open relay allowed? Hello all, Any of you guys here that is familiar with the RFC rules for email? Are we as a public school allowed to send mail from other domains? The reason I'm asking it is an internal discussion we have here. We are moving to exchange 2010 and the old open internal relay is going to be shut down in a few months. So we have a lot of users complaining about the fact that they are not being be able to send mail from their home address through our exchange system. Anyone that can point me to the right information about this issue? Thnx! Met vriendelijke groeten, KHLim Katholieke Hogeschool Limburg Associatie KULeuven http://www.khlim.behttp://www.khlim.be/ Tim Vandael ICT Systeembeheerder Campus Diepenbeek, Agoralaan gebouw B, bus 1, 3590 Diepenbeek T +32 11 23 08 94 - F +32 11 23 07 89 - G +32 478 40 52 36 tim.vand...@khlim.bemailto:tim.vand...@khlim.be inline: image001.gif
allow relay
Hi all, i'm ready to cut-over and im looking for the allow relay , the reason is that i have BSD box on the network that takes my smtp traffic checks it for virus spam once it deemed clean it hands it off to my 2003 server. Is it just a matter of creating a new recieve connector and inputting the BSD box ip address? TIA J _ Hotmail: Trusted email with powerful SPAM protection. http://clk.atdmt.com/GBL/go/210850553/direct/01/