Re: How to block incoming/external SMTP e-mail easily for a Group

Exactly! I had it backwards. Thanks so much - I don't know what I'd do
without you guys!

"Mark Arnold [MVP]" wrote:

On Thu, 29 Jun 2006 14:05:02 -0700, flux blocker
<fluxblocker@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

I found this post recently, and it was very helphul to me. I set up an SMTP
connector just as the instructions specified, and was able to prevent certain
users from sending internet mail. However, I have a new issue that I am in
dire need of assistance with. We are now forwarding all outbound SMTP mail
to a smart host in order to be able to send secure, or encrypted email. For
some reason, the mail was being sent directly to the internet instead of to
the smart host. The "attempt direct delivery before sending to smart host"
box was not checked. I removed the SMTP connector I created several weeks
ago and this seems to have fixed the issue of mail not being sent to the
smart host, but now I am concerned that this group of "restricted" users will
be able to send internet mail. Any suggestions to help me get this set up
correctly would be deeply appreciated!

Thanks in advance,


The SMTP connector should have had the smarthost on it and the SMTP
VSI should have had the smarthost removed (yes, it's safe). Did you do
that or did you have the VSI with the smarthost still?

flux

""Winfred Weng [MSFT]"" wrote:

Hi Ed,

Glad to hear that the issue has been resolved. If you have any other
questions in future, feel free to post here. It is always our pleasure to
be of assistance.

Have a nice day!

Thanks & regards,

Winfred Weng
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
Business-Critical Phone Support (BCPS) provides you with technical phone
support at no charge during critical LAN outages or "business down"
situations. This benefit is available 24 hours a day, 7 days a week to all
Microsoft technology partners in the United States and Canada.

This and other support options are available here:

BCPS:
https://partner.microsoft.com/US/technicalsupport/supportoverview/40010469
Others: https://partner.microsoft.com/US/technicalsupport/supportoverview/

If you are outside the United States, please visit our International
Support page:
http://support.microsoft.com/common/international.aspx
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------
Thread-Topic: How to block incoming/external SMTP e-mail easily for a Group
thread-index: AcXaSUGAtLEAUgYETCeIb19KKZ/vww==
X-WBNR-Posting-Host: 208.181.21.221
From: =?Utf-8?B?ZWRAbGVoaWdo?= <ed@xxxxxxxxxx>
References: <9C8804F6-AC88-4F44-8C65-887679AB7269@xxxxxxxxxxxxx>
<snfYi4e2FHA.3220@xxxxxxxxxxxxxxxxxxxxx>
Subject: RE: How to block incoming/external SMTP e-mail easily for a Group
Date: Wed, 26 Oct 2005 09:21:01 -0700
Lines: 180
Message-ID: <F15F7F69-0971-4DB3-87E3-95F421405C97@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.exchange2000.general
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.exchange2000.general:15122
X-Tomcat-NG: microsoft.public.exchange2000.general

Thanks Winfred - that answered the question fully.

Regards,

Ed

""Winfred Weng [MSFT]"" wrote:

Hi Ed,

Thank you for posting here!

It seems that you would like to prevent certain users from
sending/receiving Internet (external) emails. If I'm off base, please
let
me know.

Prevent receiving Internet emails
------------------------------
To restrict users from receiving Internet e-mail messages in Exchange
Server, create two SMTP addresses, one is <username>@domain.com and
<username>@domain.local. Then, the users who have the
<username>@domain.com
address can receive Internet emails, but the users who only have the
<username>@domain.local address can only receive internal emails. To do
this:

1. Start Exchange System Manager and expand Recipients -> Recipient
Policies, right-click the default policy, and then click Properties.
2. Click the E-Mail Addresses tab.
3. Click New, click SMTP Address, and then click OK.
4. In the Address box, type @domain.local, and then click OK.
5. On the E-Mail Addresses tab, click to select the check box next to
the
@domain.local that you just added.
6. Click the new @domain.local address, and then click Set as Primary.
7. Click OK. Note: If you are prompted to update all of the
corresponding
recipient e-mail addresses to match the changes that you made, click Yes
to
apply the changes you made to the recipient policy to the recipients
that
are associated with the policy. If you set the new e-mail address as the
primary address, the other e-mail addresses of that type automatically
become secondary addresses.

8. Right click to run "Update Now" on the Recipient Update Service
(Domain).
9. Open Active Directory Users and Computers -> Users. Double click to
open
the specific users that you want to reject from receiving Internet
email,
and then remove the @domain.com under the E-mail Address tab.

Note: If you have many users to restrict from receiving Internet email,
you
can create a new Universal Group in ADUC and then add all the restrict
users into the specific group. Then create a new Recipient Policy to set
the @domain.local as the default SMTP Address, and then apply the new
Recipient Policy to the specific group to accomplish this goal.

For more detailed information, please refer to the following Microsoft
KB
articles which also apply to Exchange Server 2003.

327762 HOW TO: Selectively Permit Access to Internet Messages by
Modifying
http://support.microsoft.com/?id=327762

319201 HOW TO: Use Recipient Policies to Control E-mail Addresses in
Exchange
http://support.microsoft.com/?id=319201

Prevent sending Internet emails
------------------------------
If we want to prevent some users from sending email to external
addresses,
we can configure an SMTP Connector to achieve this. After this we need
to
modify a CheckConnectorRestrictions registry key to make this
restriction
take effect. To do this:

1. Create an SMTP Connector in Routing Groups -> First Routing Group ->
Connectors.
2. Access the Connector properties page and see the "Delivery
Restrictions"
tab.
3. Under By default, messages from everyone are, make sure that Accepted
is
selected.
4. Under Reject messages from, click Add.
5. In the Select Recipient dialog box, click to add users, contacts, or
groups. All other senders are accepted automatically.
6. By default, Delivery restrictions are not functional until set in the
registry.

(1) Start Registry Editor.
(2) Locate and click the following registry key:
HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/Resvc/Parameters/
(3) On the Edit menu, click Add Value, and then add the following
registry
value:

Value Name: CheckConnectorRestrictions
Data Type: REG_DWORD
Radix: Hexadecimal
Value: 1

(4) Quit Registry Editor.
(5) Restart the Microsoft Exchange Routing Engine service and the Simple
Mail Transfer Protocol (SMTP) services for this change to take effect.

Please see the following Microsoft KB articles for more information.

XCON: Connector Delivery Restrictions Do Not Work Correctly
http://support.microsoft.com/?id=277872

How to Configure the SMTP Connector in Exchange 200x
http://support.microsoft.com/?id=265293

I hope the information above is helpful.

If anything in my post is unclear, feel free to let me know. I'm looking
forward to your reply.

Have a good day!

Thanks & regards,

Winfred Weng
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
Business-Critical Phone Support (BCPS) provides you with technical phone
support at no charge during critical LAN outages or "business down"
situations. This benefit is available 24 hours a day, 7 days a week to
all
Microsoft technology partners in the United States and Canada.

This and other support options are available here:

BCPS:

https://partner.microsoft.com/US/technicalsupport/supportoverview/40010469
Others:
https://partner.microsoft.com/US/technicalsupport/supportoverview/

If you are outside the United States, please visit our International
Support page:
http://support.microsoft.com/common/international.aspx
=====================================================

This posting is provided "AS IS" with no warranties, and confers no
rights.


--------------------
Thread-Topic: How to block incoming/external SMTP e-mail easily for a
Group of u
thread-index: AcXZr5gQR56R+ls+SOSFxTI/FW4NvQ==
X-WBNR-Posting-Host: 208.181.21.221
From: =?Utf-8?B?ZWRAbGVoaWdo?= <ed@xxxxxxxxxx>
Subject: How to block incoming/external SMTP e-mail easily for a Group
of u
Date: Tue, 25 Oct 2005 15:01:04 -0700
Lines: 11
Message-ID: <9C8804F6-AC88-4F44-8C65-887679AB7269@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.exchange2000.general
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.exchange2000.general:15107
X-Tomcat-NG: microsoft.public.exchange2000.general

We have a number of accounts in use by hourly people, for which there
is
business requirement that they be able to send email internally. There
is
also a business requirement that these people not be able to receive
external
SMTP email. In the Exchange 5.5 world, we would simply remove the SMTP
address from the mailbox. However, that cannot be done in Exchange
2003.
How can we meet this business requirement if the user has an Exchange
2003
mailbox?

Thanks in advance,

Ed





.

Relevant Pages

  • RE: How to block incoming/external SMTP e-mail easily for a Group
    ... I set up an SMTP ... users from sending internet mail. ... I removed the SMTP connector I created several weeks ... Microsoft Online Partner Support ...
    (microsoft.public.exchange2000.general)
  • RE: Pop3 connector, DNS and mail receive problem...
    ... Server", in the previous post, we stop it for troubleshoot the POP3 ... If you need to forward internet email to your ISP ... To verify that you are successfully connected to the SMTP Mail Service, ... 265293 How to Configure the SMTP Connector in Exchange ...
    (microsoft.public.windows.server.sbs)
  • Re: Exchange 2003 SMTP connector Problem
    ... what i configured on server. ... and yes my connector scope is 'Entire Organization' ... SMTP connector on to it. ...
    (microsoft.public.exchange.admin)
  • Re: SBS2k3 group addressing problem (MS Xchng)
    ... > hole in Win2003 server exploited through it when I have another way ... it's simple enough to set up another SMTP ... The POP connector is a kluge, ... >> Internet mail to a smarthost, check with the people who manage that ...
    (microsoft.public.windows.server.sbs)
  • Re: How to block incoming/external SMTP e-mail easily for a Group
    ... users from sending internet mail. ... I removed the SMTP connector I created several weeks ... Microsoft Online Partner Support ...
    (microsoft.public.exchange2000.general)