Re: SMTP Relay Best Practice Question
- From: "Ben Winzenz [Exchange MVP]" <ben_winzenz@nospamdotmessageonedotcom>
- Date: Sat, 15 Jul 2006 23:56:27 -0500
The only thing I can suggest is to make sure that you have SMTP Protocol
logging enabled on your Exchange server, and see what is happening when you
MFP device attempts to relay. Having added the IP to the "Only the list
below" section, there shouldn't be anything by default that would prevent
relaying.
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"Richard Perry" <RichardPerry@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:5A60F326-AF66-4712-99A4-92CE7CE8632A@xxxxxxxxxxxxxxxx
I did verify that I have a few HP 4101 mfp devices that do NOT support
using
credentials. Therefore I would like to allow the specific IP address.
However, when I add them to the "Only the list below", the device still
cannot relay.
Any ideas?
--
Richard Perry
Systems Administrator/Programmer
Shadow Mountain Ministries
San Diego Christian College
Southern California Seminary
Christian Unified Schools of San Diego
"Ben Winzenz [Exchange MVP]" wrote:
I would highly recommend *against* allowing the entire subnet to relay.
Is there a reason that you don't want to do authenticated relay? Do the
MFP
devices support using credentials to send messages? If they do, that
would
be preferred in my opinion. If they don't, then I would try to add the
IP's
of those devices into the "Only the list below" area and see if that
works.
You really shouldn't have to restart the SMTP VS in order for those
settings
to be in effect.
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"Richard Perry" <RichardPerry@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2AB1916B-AAC2-44F0-ABE3-2B304EE2B6E9@xxxxxxxxxxxxxxxx
Thanks Ed and Kirill for the help so far.
If adding the IP address to the relay tab isn't reliable, what is
another
more reliable method that I should use? Allow the entire subnet? And if
so,
would that be secure?
Kirill, to address your post, the anon, basic, and integrated are all
checked as configured by default. These settings have not been touched.
So, I guess my question has now morphed into this; What is the best
practice
for allowing non-Windows devices on our local network to relay email
thru
our
Exchange server?
--
Richard Perry
Systems Administrator/Programmer
Shadow Mountain Ministries
San Diego Christian College
Southern California Seminary
Christian Unified Schools of San Diego
"Ed Crowley [MVP]" wrote:
I've not used that method of allowing relay because I've heard that it
is
not reliable.
--
Ed Crowley
MVP - Exchange
"Protecting the world from PSTs and brick backups!"
"Richard Perry" <RichardPerry@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:9118EEC1-7C8C-4650-A89B-3F14A1814A23@xxxxxxxxxxxxxxxx
Thanks!
By identifying the device by IP under the relay tab as an allowed
device,
this should allow that device to relay email thru the BE Exchange
server,
correct?
I tried this with a member server and the NOD32 anti-virus
application.
I
configured the apps to send the notification to my gmail address,
added
the
servers IP to the relay tab, and restarted the SMTP VS. The email
was
not
relayed until I added SMTP credentials to the app. Then it would
relay
just
fine.
I assume that I am missing a step somewhere in the process?
--
Richard Perry
Systems Administrator/Programmer
Shadow Mountain Ministries
San Diego Christian College
Southern California Seminary
Christian Unified Schools of San Diego
"Ed Crowley [MVP]" wrote:
What I usually recommend is that you configure the back-end server
to
allow
relay, and ensure that your firewall does not expose this host to
the
Internet. With such a configuration you can have an open relay
without
risk
of it being used by a spammer.
--
Ed Crowley
MVP - Exchange
"Protecting the world from PSTs and brick backups!"
"Richard Perry" <RichardPerry@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:DCA47D4D-1018-4E99-A601-4D0338F8C3CD@xxxxxxxxxxxxxxxx
I have several MFP devices on our network that I would like to
configure
Exchange to relay mail for. I want to make sure that my
understanding
is
correct before I start configuring these devices.
I have Windows 2003/Exchange 2003 SP2 install in a FE/BE
configuration.
At
this time, I have not defined a routing group or a bridgehead
server,
however
that will likely be next in the configuration process.
On the BE server, I should configure relay to allow "Only the
list
below"
with specific IPs for the specific devices that require it. I
should
also
leave the check box that allows all authenticated computers to
relay.
Is my thinking correct? Or should I instead let the entire local
network
relay? I assume that could potentially become a huge risk though.
If my above thinking is correct, will the configuration of a
routing
group
and a bridgehead server to send all email out thru the FE server
affect
the
above configuration?
Thanks for all the help!
--
Richard Perry
Systems Administrator/Programmer
Shadow Mountain Ministries
San Diego Christian College
Southern California Seminary
Christian Unified Schools of San Diego
.
- References:
- Re: SMTP Relay Best Practice Question
- From: Ed Crowley [MVP]
- Re: SMTP Relay Best Practice Question
- From: Richard Perry
- Re: SMTP Relay Best Practice Question
- From: Ed Crowley [MVP]
- Re: SMTP Relay Best Practice Question
- From: Richard Perry
- Re: SMTP Relay Best Practice Question
- From: Ben Winzenz [Exchange MVP]
- Re: SMTP Relay Best Practice Question
- From: Richard Perry
- Re: SMTP Relay Best Practice Question
- Prev by Date: Re: All external email for new users being delivered to administrator
- Next by Date: Re: Opening other users mailboxes
- Previous by thread: Re: SMTP Relay Best Practice Question
- Next by thread: Re: SMTP Relay Best Practice Question
- Index(es):
Relevant Pages
|
