I have a production Exchange 2007 server on our primary domain, and a test Exchange 2003 server on a test domain with a different subnet. Both are standalone servers and there is a two way trust between the domains.Is there a way to set up the Exchange 2003 server to limit all users such that they can only send email to users of the test and primary domains and block everything else?I created an SMTP connector and removed the wildcard * entry in the "Address Space" tab and then specified the two domain names, but I can still send email to addresses of other public domains like my gmail or yahoo account.I tried setting "forward all mail through this connector to the following smarthost" to "localhost", and that stopped the sending of messages to addresses of other public domains, but then it couldn't send email to addresses in our primary domain either.

I haven't tested this, but here is what I'm thinking.The connector you mention at first wont work because the inclusion of the * basically negates the need to add other domains. it means the connector will be used for all outbound traffic.What you might try is similar to your 2nd approach. instead of using the loopback address, put the address of the Exchange 2007 server. This server will accept mail when the recipient is an accepted domain within its environment but all other mail will be considered "relay" and this will not be permitted.There are other ways to accomplish this as well. Another thought off the top of my head is to block port 25 on the internet firewall from the exchange 2003 server, and then supply an internal MX record for the 2007 domain. Connections to 2007 will be internal, and not be affected by the firewall rule. Mike Crowley: MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging Administrator

I tried specifying the Exchange 2007 server in the "forward all mail through this connector". Messages to gmail get bounced as relayed (that's good), but messages to mailboxes on the Exchange 2007 server just sit in the SMTP-OUT connector queue.The two exchange servers are stand-alone installations.

hmm, you may have to restart the smtp service or something. There is no reason mail sent to exchange 2007 for local recipients wouldn't be accepted. You can also enable logging to find out what the two smtp engines are talking about Mike Crowley: MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging Administrator

Hi, Please review the Additional Queue information to check why the message stuck in the SMTP connector queue. Application log may also provide some clues. In addition, you can enable SMTP Protocol log on the SMTP Virtual Server to check more detailed information. As the message to gmail will be bounced back with relay error, I think the Exchange 2003 server should have no problem telnet to the Exchange 2007 server. In addition, I would like to double check the SMTP connector setting on the Exchange 2003 server. You should only have one SMTP connector on the Exchange 2003 server with following configuration: Address Space: * Forward all mail through this connector to the following smart hosts: the IP Address or FQDN of the Exchange 2007 server You also need to restart the SMTP and Microsoft Exchange Routing Engine service to troubleshoot the issue. For your reference: How to use Queue Viewer to troubleshoot mail flow issues in Exchange Server 2003 http://support.microsoft.com/kb/823489/en-us Mike

The SMTP connected is set up as you specified. I used the FQDN of the 2007 server (which resolves to the PUBLIC IP address). I've restarted the whole server whenever I made a change just to be sure. I turned on logging, but now I can't find the log files (there is nothing of interest in the event viewer).I also noticed the queue windows says, "The remote server did not respond to a connection attempt". The MX record of the 2007 server is actually for a spam filtering service, and our firewall rule says that only servers belonging to that spam filtering company may contact the 2007 server. The 2003 server has a private IP address and a private domain, so can I add the PRIVATE IP address of the 2003 to the firewall rule?

I would prefer if you sent it to the Exchange 2007 server via private IP, not public. This is not only more efficient, but would allow us to rule out firewall interference.If you enabled logging on the receive connector the logs on 2007 are located in Program Files\Microsoft\Exchange Server\TransportRoles\Logs\ProtocolLog\SmtpReceiveThe logs for 2003 would be here: windows\system32\logfiles\stpsvc1Mike Crowley: MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging Administrator

Additionally, MX records should have nothing to do with this. You need to configure Exchange 2003 to use a "smart host" which is an alternative to using MX records. Mike Crowley: MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging Administrator