Re: SMTP Relay Best Practice Question

I would highly recommend *against* allowing the entire subnet to relay.

Is there a reason that you don't want to do authenticated relay? Do the MFP
devices support using credentials to send messages? If they do, that would
be preferred in my opinion. If they don't, then I would try to add the IP's
of those devices into the "Only the list below" area and see if that works.
You really shouldn't have to restart the SMTP VS in order for those settings
to be in effect.

--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)


"Richard Perry" <RichardPerry@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2AB1916B-AAC2-44F0-ABE3-2B304EE2B6E9@xxxxxxxxxxxxxxxx
Thanks Ed and Kirill for the help so far.

If adding the IP address to the relay tab isn't reliable, what is another
more reliable method that I should use? Allow the entire subnet? And if
so,
would that be secure?

Kirill, to address your post, the anon, basic, and integrated are all
checked as configured by default. These settings have not been touched.

So, I guess my question has now morphed into this; What is the best
practice
for allowing non-Windows devices on our local network to relay email thru
our
Exchange server?

--
Richard Perry
Systems Administrator/Programmer
Shadow Mountain Ministries
San Diego Christian College
Southern California Seminary
Christian Unified Schools of San Diego



"Ed Crowley [MVP]" wrote:

I've not used that method of allowing relay because I've heard that it is
not reliable.
--
Ed Crowley
MVP - Exchange
"Protecting the world from PSTs and brick backups!"

"Richard Perry" <RichardPerry@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:9118EEC1-7C8C-4650-A89B-3F14A1814A23@xxxxxxxxxxxxxxxx
Thanks!

By identifying the device by IP under the relay tab as an allowed
device,
this should allow that device to relay email thru the BE Exchange
server,
correct?

I tried this with a member server and the NOD32 anti-virus application.
I
configured the apps to send the notification to my gmail address, added
the
servers IP to the relay tab, and restarted the SMTP VS. The email was
not
relayed until I added SMTP credentials to the app. Then it would relay
just
fine.

I assume that I am missing a step somewhere in the process?
--
Richard Perry
Systems Administrator/Programmer
Shadow Mountain Ministries
San Diego Christian College
Southern California Seminary
Christian Unified Schools of San Diego



"Ed Crowley [MVP]" wrote:

What I usually recommend is that you configure the back-end server to
allow
relay, and ensure that your firewall does not expose this host to the
Internet. With such a configuration you can have an open relay
without
risk
of it being used by a spammer.
--
Ed Crowley
MVP - Exchange
"Protecting the world from PSTs and brick backups!"

"Richard Perry" <RichardPerry@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:DCA47D4D-1018-4E99-A601-4D0338F8C3CD@xxxxxxxxxxxxxxxx
I have several MFP devices on our network that I would like to
configure
Exchange to relay mail for. I want to make sure that my
understanding
is
correct before I start configuring these devices.

I have Windows 2003/Exchange 2003 SP2 install in a FE/BE
configuration.
At
this time, I have not defined a routing group or a bridgehead
server,
however
that will likely be next in the configuration process.

On the BE server, I should configure relay to allow "Only the list
below"
with specific IPs for the specific devices that require it. I should
also
leave the check box that allows all authenticated computers to
relay.

Is my thinking correct? Or should I instead let the entire local
network
relay? I assume that could potentially become a huge risk though.

If my above thinking is correct, will the configuration of a routing
group
and a bridgehead server to send all email out thru the FE server
affect
the
above configuration?

Thanks for all the help!
--
Richard Perry
Systems Administrator/Programmer
Shadow Mountain Ministries
San Diego Christian College
Southern California Seminary
Christian Unified Schools of San Diego









.

Relevant Pages

  • Re: SMTP Relay Best Practice Question
    ... it may reveal some configuration issues or at least provide ... San Diego Christian College ... Is there a reason that you don't want to do authenticated relay? ... Exchange server? ...
    (microsoft.public.exchange.admin)
  • Re: SMTP Relay Best Practice Question
    ... NAT the IP address the server sees is on the subnet. ... If adding the IP address to the relay tab isn't reliable, ... San Diego Christian College ... With such a configuration you can have an open relay ...
    (microsoft.public.exchange.admin)
  • Re: SMTP Relay Best Practice Question
    ... The only reason that I am looking for a way to allow the IP without SMTP ... If adding the IP address to the relay tab isn't reliable, ... Exchange server? ... With such a configuration you can have an open relay ...
    (microsoft.public.exchange.admin)
  • Re: Relay Question
    ... An open relay ... is an SMTP e-mail server that allows third-party relay of e-mail messages. ... Exchange 2003 is by default configured to prevent open relay. ... Microsoft does not control these sites ...
    (microsoft.public.windows.server.sbs)
  • Re: SMTP Relay Best Practice Question
    ... San Diego Christian College ... Is there a reason that you don't want to do authenticated relay? ... Exchange server? ... With such a configuration you can have an open relay ...
    (microsoft.public.exchange.admin)