Hi All, I need to figure out the following problem : The exchange server has one send connector that allows mail to be sent to the internet (* address space). What we need is the following : Some apps/developers need to be able to send unauthenticated mail, and these mails are not allowed to leave the internal network. The developers must be able to use anny mail addres they like, we do not now what addresses shall be used. This is what I did so far : Created a new receive connector that allows annonymous mails to be sent : New-ReceiveConnector -Name ReceiveTest -Usage custom -bindings '192.168.0.4:25' -Fqdn test.domain.be -RemoteIPRanges 192.168.0.154 -server mail -PermissionGroups exchangeservers -AuthMechanism 'TLS,ExternalAuthoritative' Sow apps on the 192.168.0.154 server can send annonymous mail using the 192.168.0.4 as smtp server. So far so good, but the app can also send mails to the internet. So I created a new send connector, linked to the receive connector: New-SendConnector -name InternMail -LinkedReceiveConnector receivetest -MaxMessageSize unlimited -SmartHosts smtp.isp.be So far so good, but the app can still send mail to the internet. Question : how to block mail from going to the internet, when the extra send connector is used ? Tnx in advance for all the help !

You should add another IP address to the network adapter on your Exchange server and use this ip for relaying. and disallow this ip reach to the internet. Maybe that works. MCSE,CCNA,VCP,APP

Hi Ismail, Tnx for your tip ! this is what happens ... I did some testing. I forgot to mention that the addres 192.168.0.4 was an extra ip on my mail server (standard address is 192.168.0.2). As you sugested I disallowed internet access for address 192.168.0.4 on the router, but as it turns out, also mail sent to internal mail addresses does not function in that case. Not when i use my ISP's smtp server as relay server in the send connector and not if I use the internal mail server as relay server on the send connector. Tnx, Stef

Hi Stef, Try to specify the type of the send connector: New-SendConnector -name InternMail -LinkedReceiveConnector receivetest -MaxMessageSize unlimited -SmartHosts smtp.isp.be -internal Then please test to see if the issue persists.

Hi Gen, tnx for the tip, I gave it a try but mails still go out on the internet. ps : the ip of the connector is no longer blocked, did you want it to be blocked for the test? stef

I thinking about the following : To setup a small freeware mailserver and use that as the smarthost in de new-sendconnector command. Then users can pop the freeware mailserver to get in the mail. What do you guys think of that idea ? Tnx, Stef

I'll sugest to create a separate internal network with separate exchange server, only allowing internal mail .... Been testing for days... no solution, only found some site where it was said to create a "home written" DLL file in C to drop external mails, but that was not allowed on our live network. Stef

I think I found the solution : Created a new receive connector with the following settings : On the general tab make sure the FQDN is the one of your internal mail server. On the Authentication tab ONLY select - TLS (NOT Mutual Auth). - Basic Auth. (NOT Offer basic ...) - Exchange server auth. Permissions Groups - only Annonymous access Also Created an extra ip address on the Nic of the exchange server and added this address in the Use the local IP Address to receive mail in the Network Tab. On the same network tab, added the ip address of the workstation that would send the unauthenticated mail under the "Receive mail from remote server ..." window. No need to create an extra send connector. Tnx all for the tips and help.