Re: Query-Based Distros for Sender Restriction

- It would probably be worth trouble-shooting why the authenticated users
option does not work in your environment.
- Other options from previous post are still still available, including
Recipient Filtering.
--
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
www.exchangepedia.com/blog
----------------------------------------------



"Aaron" <Aaron.Smith@xxxxxxxx> wrote in message
news:1169059400.524183.89660@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Well, I had thought about doing that, but we have users that are using
a variety of mail clients include things like Mozilla Mail that use
SMTP/IMAP to talk to the Exchange server. I'm assuming that these
clients would be treated as "anonymous" senders unless they were
configured for SMTP Authentication. Also, there's something odd about
our Exchange setup that causes the "Only Authenticated Users" option to
not work. If I set a group to only accept mail from authenticated
users, it doesn't seem to have any effect as I can continue to send
messages to that group from external addresses (such as my personal
home email account). I remember digging and digging and finding a
reason for this a while back, but I can't remember what that reason was
or why I didn't change it.

As a side note, Query based distribution lists apparently do NOT work
for sender restriction even though the gUI will let you add them. I
have to add either a static list or a single user for mail to be
allowed.

Bharat Suneja [MVP] wrote:
Why not setup the other distributin groups to receive mail from
authenticated senders only? This ensures those lists don't get internet
mail
from anonymous/unauthenticated senders.

Alternatively, you can change the default email address of the
distribution
groups to something that's not reachable from outside, e.g.
dl1@xxxxxxxxxxxxx

Yet another option is to add those dist groups to Recipient Filtering and
enable Recipient Filtering on the SMTP VS.

However, the first option is far easier to implement and is specifically
meant to address this issue. Your proposed solution, even if it did work,
will consume more resources and isn't really required.
--
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
www.exchangepedia.com/blog
----------------------------------------------





.

Relevant Pages

  • Re: default for requiring authentication 2003
    ... Don't forget about the "Allow anonymous enumeration of SAM Accounts and Shares" under the security -> Network Access setting. ... If this is disabled then the "everyone" permissions only applies to authenticated users. ... I have scripts that prep a machine post image and in doing so must connect to server shares. ... default for requiring authentication 2003 ...
    (Focus-Microsoft)
  • Re: Random logon failure with ADAM Bind Proxy
    ... Adding Authenticated Users SID to readers group (which was enough ... I was mistaken about the username case sensitivity. ... > Could he also just bind to RootDSE in order to force an authentication? ... >> I have been using ADAM bind proxy to authenticate users against AD. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Forms authentication design guidlines needed
    ... example) logging in adds an edit control or something, then using panels ... > I'm planning to use forms authentication for my project and would like to ... > authenticated users only. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Mac OS X Server Mail Problem
    ... or you'll be a wide-open spam relay. ... - I'd only accept mail from authenticated users using one of the ... standard authentication schemes ... - make sure that no-one has a bonehead password; ...
    (comp.sys.mac.comm)
  • Re: OWA Authentication ? Domain/Name
    ... sub-directories (under Authentication -> Access Control) will be set as ... We can add the domain name in the Exchange virtual directory, ... If the domain name specified for ExchWeb/Bin is not configured and it is ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)