Re: help understand relaying and authentication
- From: "Bharat Suneja [MVP]" <bharatsuneja@xxxxxxxxxxx>
- Date: Tue, 29 Aug 2006 14:18:21 -0700
Thanks Bill - I'm glad that helped! :)
--
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
www.exchangepedia.com/blog
----------------------------------------------
"billd" <billd@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:932E86E6-223B-47D7-A26E-74E528EE8348@xxxxxxxxxxxxxxxx
ok... so, after doing admin on unix mail servers, for 10 years, I can stop
freaking out? (sorry, unix admins never freak out :-)).. does anyone
thing
that perhaps the docs should be changed at all???? every time I follow
these
things, my whole company stops getting email... or does no one run an
inbound
email server? I don't mean to sound pissed off here, but geesh, I
couldn't
find one single sight that explained this the way mr Suneja did.
Thanks I really apprecieate your help.
Cheers
Bill
"Bharat Suneja [MVP]" wrote:
.... correction: it would be relaying even if the remote host
authenticates -
it's just not an open relay.
--
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
www.exchangepedia.com/blog
----------------------------------------------
"Bharat Suneja [MVP]" <bharatsuneja@xxxxxxxxxxx> wrote in message
news:ewahGWGyGHA.4972@xxxxxxxxxxxxxxxxxxxxxxx
To receive inbound internet mail, you will need to allow anonymous
access.
This allows internet mail hosts to send you mail. If you remove
anonymous
access on the SMTP virtual server that receives internet mail, you
won't
receive any.
Current versions of Exchange are configured out of the box with
relaying
disabled - as you've already noted in the configuration, no IP
addresses
exist in that list of hosts allowed to relay. (Authenticated users are
allowed to relay.)
What is relaying?
Your Exchange Org accepts email for one or a few domains. These are
listed
in Recipient Policies. Recipient Policy tells Exchange to receive email
for a particular domain (like yourcompany.com), and to generate email
addresses for that domain.
- When an internet host sends you an email for anyone@xxxxxxxxxxxxxxx,
that's not relaying.
- Your server is relaying if that host tries to send a mail for
someone@xxxxxxxxxxxxxxxxxxx to your server (without authentication),
and
if your server accepts the message and forwards it to
someotherdomain.com
(given that it's not configured to explicitly do so for that domain).
--
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
www.exchangepedia.com/blog
----------------------------------------------
"billd" <billd@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1C71D6D9-1CFA-402D-9C65-54115F63B001@xxxxxxxxxxxxxxxx
Ok... I am mucho confused. We have exchange 2003 frontend backend
servers.
I keep reading that you should not allow anonymous access to your
server, or people will relay... but, If I do that, and this is our
incoming
mail server, then other mail servers fail to send email to me...
On my relay restrictions page, I have only the list below selected,
and
no
one in the list. Allow all compuers which successfully auth to realy
reagardles of list above is checked.
The result of this, as far as I can tell, is that anyone can send
to
my domain.
They also can not send to anyone that isn't in my domain.
If I telnet to port 25 on my mail server, do a ehlo mail from:
me@xxxxxxxxxxxx rcpt to: someone@xxxxxxxxxxxxx it allows me to send
data
if I telent to port 25 on my mail server, do an ehlo mail from:
me@xxxxxxxxxxxx
rcpt to: anyone@xxxxxxxxxxxxxxxxxx it says relaying denied.
Geeessh... this seems to me to be exactly what I want, but everthing I
read
says I should be turning off anon in the auth. ... but when I do that,
and
telnet to port 25 on my mail server, ehlo, mail from me@xxxxxxxxxxxx
it
immediately throws me out... and that's all a fellow mail server is
going
to
do as well... so it will never be able to send an email to
mydomain.!!!!
Arrrg, can anyone help me out with this one, urgently as I'm going on
vacation tomorrow and we had a little spam incident, which I am
conivinced
had nothing to do with my mail server, I've been watching it for 48
hours
straight and nothing funny going on with the queues or anything
else...
we
had a guest at our business the day it happend and am fairly convinced
that
he had a work on his pc and it was coming straight out form that as
everyone
else in our company has AV and we have never had a problem like this
before.. to be sure, I blocked all access to the internet on port 25
from
anyone but my mail server... and everything has been fine for the 48
hours I
have been watching.
If anywone could clear this up, point me right etc etc etc... I would
hugely
appreceiate it. I'm just wondering if what people are writing about
applies
to internal mail servers rather than perimeter servers, or back end vs
fronend? My front end server, needs to accept email for my domain,
that's
its job!!
Thanks
.
- References:
- Re: help understand relaying and authentication
- From: Bharat Suneja [MVP]
- Re: help understand relaying and authentication
- From: Bharat Suneja [MVP]
- Re: help understand relaying and authentication
- From: billd
- Re: help understand relaying and authentication
- Prev by Date: Re: Logs
- Next by Date: Re: CONTACT - [WildPacket]
- Previous by thread: Re: help understand relaying and authentication
- Next by thread: Name Check Suppression
- Index(es):
Relevant Pages
|
