![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Navigation
Install the app
How to install the app on iOS
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
More options
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Exchange 2010 Receive Connector
- Thread starter KapsZ28
- Start date
By default, the internet email recieve connector will only recieve mail destined for your authoritative domain. There are ways to change the security to make that connector an open relay but that takes a trip to the EMS and some CLI. Did you step into this issue or just setting up? What will working with this connector affect? What is the desired behavior?
By default, the internet email recieve connector will only recieve mail destined for your authoritative domain. There are ways to change the security to make that connector an open relay but that takes a trip to the EMS and some CLI. Did you step into this issue or just setting up? What will working with this connector affect? What is the desired behavior?
This is true. Take a look at your send connector.
The Send Connector is unrelated. We need to catch the bogus relay email coming in the door rather than try and attempt to filter the outgoing. Without any other info, the quick fix is to delete the recieve connector and create a new one. The Open Relay security settings on the old one disappear with it, leaving a fresh Connector that will only accept email for the local domains.
By default, the internet email recieve connector will only recieve mail destined for your authoritative domain. There are ways to change the security to make that connector an open relay but that takes a trip to the EMS and some CLI. Did you step into this issue or just setting up? What will working with this connector affect? What is the desired behavior?
Well, the primary server already had this issue that I am stepping into, but based on what you said, I am now wondering about the second server which has a different public IP address. I was on the phone with Postini and they had me run the following command.
Get-ReceiveConnector "Reinjection" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"
This was so I could setup the second exchange server in Postini as an outbound reinjection server. Now when I check the second server, it is set as an open relay. Is that because of the command above? If so, how do I fix this, but still allow Postini's reinjection configuration to work?
Typically Postini's reinjections are limited by IP security, i.e. restricted to ONLY apply to their servers. Having that security hole apply to the Default recieve connector did exactly what you feared, create an open relay. I haven't seen the Postini commands for integration with Exchange 2010, but I would image that you would want to leave the default internet connector alone and create an additional connector, limit it via IP to your Postini system block, and open up relay via that command they sent you. Personally, I've never had very good experiences with Postini and Exchange, so I've moved on to other services that either have better integration or do not require this type of integration.
Typically Postini's reinjections are limited by IP security, i.e. restricted to ONLY apply to their servers. Having that security hole apply to the Default recieve connector did exactly what you feared, create an open relay. I haven't seen the Postini commands for integration with Exchange 2010, but I would image that you would want to leave the default internet connector alone and create an additional connector, limit it via IP to your Postini system block, and open up relay via that command they sent you. Personally, I've never had very good experiences with Postini and Exchange, so I've moved on to other services that either have better integration or do not require this type of integration.
Cool, thanks for the info. Yeah, I am not a fan of Postini, but unfortunately we are stuck with it for now.
Cool, thanks for the info. Yeah, I am not a fan of Postini, but unfortunately we are stuck with it for now.
You should only allow smtp inbound from Postini IP addresses in your Firewall solution then.
You should only allow smtp inbound from Postini IP addresses in your Firewall solution then.
Good call, no sense exposing the server to all that traffic if you don't have to. Let the FW do it's job.
YeOldeStonecat
[H]F Junkie
- Joined
- Jul 19, 2004
- Messages
- 11,330
You should only allow smtp inbound from Postini IP addresses in your Firewall solution then.
Yuppers...in addition to locking down the receive connector in Exchange...always good to ALSO lock it down via hardware at the edge. Greatly helps in cutting down on grinding attempts from China/Russia....retards trying to poke your servers SMTP services looking to get in and hijack.