External mail is getting through to our internal distribution lists
I've recently started work with a new organisation and they have a problem with mail from external parties getting through to internal distribution lists. I've checked some of the lists in question and the option
"Require that all senders are authenticated" is definitely
CHECKED.
Mystified, I had a look at the Receive Connectors and found that the connector which handles the mail from our spam/virus filtering company is
secured with IPSEC, but all other forms of authentication have been turned OFF on that connector (e.g. TLS, Basic, Exchange Server and Windows authentication are turned OFF).
Am I on the right track? Is Exchange saying to itself "Mail for this distribution list requires authentication; let me check: OK, that connector is secured with IPSEC Authentication, so therefore I can let this email go through"?
Or is something else going on? Wondering what options I have and what the implications might be if I tried turning on the other authentication methods?
May 28th, 2010 6:53am
I've checked some of the lists in question and the option "Require
that all senders are authenticated" is definitely CHECKED.
If this is checked then DLs will not get emails from the email addresses outside your exchange server. If you want to receive emails
from outside email addresses then uncheck this flag.
Regards,Laeeq Qazi|Team Lead(Exchange + Sharepoint + BES + DynamicsCRM)
www.HostingController.com
Free Windows Admin Tool Kit Click here and download it now
May 28th, 2010 1:10pm
On Fri, 28 May 2010 03:53:14 +0000, Frosty at CBM wrote:
>
>
>I've recently started work with a new organisation and they have a problem with mail from external parties getting through to internal distribution lists. I've checked some of the lists in question and the option "Require that all senders are authenticated"
is definitely CHECKED.
>
>Mystified, I had a look at the Receive Connectors and found that the connector which handles the mail from our spam/virus filtering company is secured with IPSEC,
Is it really using IPSec? Or do you mean that the "Externally secured"
box is checked on the "Authentication" tab of connector's property
page? "Externally Secured" means that the other machine has
authenticated the sender.
Checking that box says that all e-mail arriving on that connector
bypasses all anti-spam checking.
>but all other forms of authentication have been turned OFF on that connector (e.g. TLS, Basic, Exchange Server and Windows authentication are turned OFF).
>
>Am I on the right track? Is Exchange saying to itself "Mail for this distribution list requires authentication; let me check: OK, that connector is secured with IPSEC Authentication, so therefore I can let this email go through"?
>
>Or is something else going on? Wondering what options I have and what the implications might be if I tried turning on the other authentication methods?
I think that receive connector is misconfigured. If the spam filter
isn't authenticating with your server then the authentication for that
connector should be set to "anonymous" and the RemoteIPRange should be
set to accept connections only from the spam filter machine (or
network).
Alternatively, you should be able to configure the spam filter to
reject e-mail to the SMTP addresses of the those distribution groups
that should not receive e-mail from the Internet -- or populate those
groups with a property that can be used by an Email Address Policy to
assign SMTP addresses in the, say, ".local" top-level domain making
them unaddressable from outside your Exchange organization.
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
May 29th, 2010 5:06am
You are using default receive conenctor for accept email from Spam filter server. If yed then please create one new receive connector and give permission group "anonymous".
Then check mail flow and later you can change setting for this connector.Anil
Free Windows Admin Tool Kit Click here and download it now
May 29th, 2010 8:15am
Is it really using IPSec? Or do you mean that the "Externally secured"
box is checked on the "Authentication" tab of connector's property
page? "Externally Secured" means that the other machine has
authenticated the sender.
Checking that box says that all e-mail arriving on that connector
bypasses all anti-spam checking.
...
I think that receive connector is misconfigured. If the spam filter
isn't authenticating with your server then the authentication for that
connector should be set to "anonymous" and the RemoteIPRange should be
set to accept connections only from the spam filter machine (or
network).
Alternatively, you should be able to configure the spam filter to
reject e-mail to the SMTP addresses of the those distribution groups
that should not receive e-mail from the Internet -- or populate those
groups with a property that can be used by an Email Address Policy to
assign SMTP addresses in the, say, ".local" top-level domain making
them unaddressable from outside your Exchange organization.
Rich, thanks for that ... you're right ... I mis-read the screen a little ... the option "Externally secured" is the one that is checked for that connector, and all the other boxes are empty.
I will take a closer look at the external spam/virus filtering service, as its likely that I will be able to block sending to those mailing lists manually by using their administration interface.
June 3rd, 2010 1:42am