Need help configuring Recieve Connectors
Hi all, I am having trouble configuring Exchange 2007 to support my non-MAPI clients. Below are my requirements and my thoughts. Please let me know if you have any suggestions. REQUIREMENTS: Sending Without Authentication on SMTP: From inside the intranet able to relay anywhere From the internet (external to the intranet) able to relay mail to internal recipients onlySending With Authentication on SMTP:Relay to anywhereTHOUGHTS:To meet the first requirement I have configured a receive connector for the internal IP address range. The authentication settings are TLS (checked), Basic (Checked) and Externally Secured (Checked). This will allow clients on the internal network to send mail using SMTP securing it over TLS or using Basic Authentication. Also, it will allow them to connect unauthenticated because of the Externally Secured option.I am not sure how to configure the second connector to allow relay to only internal domains.Any help would be greatly appreciated.Josh
April 30th, 2008 9:17pm

Hi Josh, I suggest that we can create two receive connectors: One is used to receive external emails The other is used to receive internal emails For the Connector to receive external emails, I suggest that you enable Anonymous Users and Exchange Users to connect to the receive connector to. In the method, we can allow the external anonymous user to send emails to your internal recipients and allow authenticated user to relay emails. For the Connector to receive internal emails, I suggest that you only allow the internal IP address to connect to the receive connector. Please also enable anonymous user and open relay on the connector. In this method, we can enabled anonymous user in the intranet can also relay email to outside. Regarding how to open relay on the receive connector, please run the following command: Get-ReceiveConnector "The Receive Connector name" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient" Mike
Free Windows Admin Tool Kit Click here and download it now
May 2nd, 2008 1:26pm

Hi Josh, The above configuration is only used to meet your requirement. If you have other requirements, I suggest that you refer to the following site for further configuration regarding the receive connector: http://technet.microsoft.com/en-us/library/aa996395(EXCHG.80).aspx Mike
May 2nd, 2008 1:33pm

Thanks for your help on this! I've almost got it. I have two RECV connectors for the internal network. Connector 1is for authenticated users it specifices TLS and basic after TLS. The perms groups are Anon Users, Exchange Users and Exchange Servers. Connector 2 is for un-authenticated users It specifices Externally Secured only. The perms groups are Anon Users and Exchange Servers. My client is on the network defined in both of these connectors. When my client connects (without authentication) I can see in the protocol loggint that it is connecting to Connector 1 instead of Connector 2. My thoughts (which are obviously not correct) were that it would connect to the connector with the authentication settings that most closely matched what it was trying to do (i.e. Connector 2). But, that is not the case. If I disable Connector 1 I can see it hit Connector 2 and it acts as a relay to the outside world. What can I do to ensure that the client hits Connector 2? Do I even have to have these connectors broken out? Thanks!
Free Windows Admin Tool Kit Click here and download it now
May 7th, 2008 3:13am

Hi, Essentially, the connection will go to the receive connector that contains the connecting IP address in the RemoteIPRanges within the smallest range. For example, there are three receive connectors on the server: Connector A: RemoteIPRanges 192.168.1.30 Connector B: RemoteIPRanges 192.168.1.25-192.168.1.50 Connector C: RemoteIPRanges 192.168.1.20-192.168.1.60 If a connection came in from remote IP address 192.168.1.30, the Connector A will be chose as its RemoteIPRanges within the smallest range. Thus, I suggest that you just use only one connector for internal network IP Ranges and then enable open relay on the connector. In this way, the internal user (regardless authentication) can send and relay emails through your server. Then, you can create another connector to receive Internet connections without having open relay enabled. In this way, the outside user (without authentication)can only send email to internal user. The outside user (pass the authentication) can send abd relay emails through your server. Mike
May 7th, 2008 10:00am

Ok, I have one last question then. And thanks for all your answers by the way. If I have a connector that allows TLS and Basic after TLS can a user still connect to that connector without authenticating? If so, they should only be able to send mail to internal recipients, right? Thanks!
Free Windows Admin Tool Kit Click here and download it now
May 7th, 2008 7:41pm

Answered my own question here. The answer is yes in both cases! Thanks again for the help!
May 7th, 2008 9:34pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics