Re: help understand relaying and authentication
- From: "Bharat Suneja [MVP]" <bharatsuneja@xxxxxxxxxxx>
- Date: Fri, 25 Aug 2006 09:42:58 -0700
To receive inbound internet mail, you will need to allow anonymous access.
This allows internet mail hosts to send you mail. If you remove anonymous
access on the SMTP virtual server that receives internet mail, you won't
receive any.
Current versions of Exchange are configured out of the box with relaying
disabled - as you've already noted in the configuration, no IP addresses
exist in that list of hosts allowed to relay. (Authenticated users are
allowed to relay.)
What is relaying?
Your Exchange Org accepts email for one or a few domains. These are listed
in Recipient Policies. Recipient Policy tells Exchange to receive email for
a particular domain (like yourcompany.com), and to generate email addresses
for that domain.
- When an internet host sends you an email for anyone@xxxxxxxxxxxxxxx,
that's not relaying.
- Your server is relaying if that host tries to send a mail for
someone@xxxxxxxxxxxxxxxxxxx to your server (without authentication), and if
your server accepts the message and forwards it to someotherdomain.com
(given that it's not configured to explicitly do so for that domain).
--
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
www.exchangepedia.com/blog
----------------------------------------------
"billd" <billd@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1C71D6D9-1CFA-402D-9C65-54115F63B001@xxxxxxxxxxxxxxxx
Ok... I am mucho confused. We have exchange 2003 frontend backend
servers.
I keep reading that you should not allow anonymous access to your email
server, or people will relay... but, If I do that, and this is our
incoming
mail server, then other mail servers fail to send email to me...
On my relay restrictions page, I have only the list below selected, and no
one in the list. Allow all compuers which successfully auth to realy
reagardles of list above is checked.
The result of this, as far as I can tell, is that anyone can send email to
my domain.
They also can not send to anyone that isn't in my domain.
If I telnet to port 25 on my mail server, do a ehlo mail from:
me@xxxxxxxxxxxx rcpt to: someone@xxxxxxxxxxxxx it allows me to send
data
if I telent to port 25 on my mail server, do an ehlo mail from:
me@xxxxxxxxxxxx
rcpt to: anyone@xxxxxxxxxxxxxxxxxx it says relaying denied.
Geeessh... this seems to me to be exactly what I want, but everthing I
read
says I should be turning off anon in the auth. ... but when I do that, and
telnet to port 25 on my mail server, ehlo, mail from me@xxxxxxxxxxxx it
immediately throws me out... and that's all a fellow mail server is going
to
do as well... so it will never be able to send an email to mydomain.!!!!
Arrrg, can anyone help me out with this one, urgently as I'm going on
vacation tomorrow and we had a little spam incident, which I am conivinced
had nothing to do with my mail server, I've been watching it for 48 hours
straight and nothing funny going on with the queues or anything else...
we
had a guest at our business the day it happend and am fairly convinced
that
he had a work on his pc and it was coming straight out form that as
everyone
else in our company has AV and we have never had a problem like this
before.. to be sure, I blocked all access to the internet on port 25 from
anyone but my mail server... and everything has been fine for the 48 hours
I
have been watching.
If anywone could clear this up, point me right etc etc etc... I would
hugely
appreceiate it. I'm just wondering if what people are writing about
applies
to internal mail servers rather than perimeter servers, or back end vs
fronend? My front end server, needs to accept email for my domain, that's
its job!!
Thanks
.
- Follow-Ups:
- Re: help understand relaying and authentication
- From: Bharat Suneja [MVP]
- Re: help understand relaying and authentication
- Prev by Date: Re: Exchange Server 2007 Beta 2 as backup...?
- Next by Date: Name Check Suppression
- Previous by thread: Re: Exchange Spamlisted
- Next by thread: Re: help understand relaying and authentication
- Index(es):
Relevant Pages
|
Loading
