Announcement

Collapse
No announcement yet.

Restrict users not to send email outside, only local mailing

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Restrict users not to send email outside, only local mailing

    Hi,
    We have an HP Proliant server, Win2K Server installed, Exchange 2000 Server SP3, with latest security patches and hotfixes applied.
    This server is Domain Controller of Active Directory domain and serves the global catalog.
    Every user which has an emailaccount can send email to internal users but also to every domain outside the company. => Local mailing + Internet mail.
    Now I want to create some new users which should only have the possibility to send email to local users and NOT to send internet mail.
    Can someone tell me how to do this ? Or explain which settings need to be adjusted or filled in.

    PS : How can I change settings from existing users to restrict them also not to send internetmail.
    NOTE : this should not be applied to all users, only to certain users.

    Thanks in advance.
    Greetings,
    Jo

  • #2
    http://www.petri.com/block_incoming_..._or_groups.htm

    This stops incoming mail, i have seen somewhere that you can also stop sending, a quick google should provide the answer.
    Server 2000 MCP
    Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      One method is by only using X400 types of email addresses, thus stopping the user from sending and receiving internet mail. Another method is by setting up an SMTP Connector to the address space of *, and blocking the user from sending mail through it.
      Cheers,

      Daniel Petri
      Microsoft Senior Premier Field Engineer
      MCSA/E, MCTS, MCITP, MCT

      Comment


      • #4
        Thanks allready for the hint & tips.. I'll have a look on it, and do the test.. I searched allready via google but didn't find that usefull tip or hint as you've provided me.

        Comment


        • #5
          I take the no tolerance approach. Way i see it, is if you were having problems with certain users, compromising email policys or messing about on the net, just simply disable there access 2 all these things. I'm sure those who work especially, in education will agree...

          Otherwise the above is a much better subtle solution, yes!

          An Interesting one 2! Cheers
          UK Newbie!

          Comment


          • #6
            SMTP Connector did not work.. PLEASE HELP !!!

            I created smtp connector, address space = * and specified in the field REJECTED USERS : the userid of that user which isn't allowed to SEND EXTERNAL mail (= internet email)
            Log off useraccount & re-log on.. did the test.. user is still able to SEND external mail.

            Where can I specify that 1 specific user (from Act.directory) is not allowed to SEND emails to the internet.
            Same question for RECEIVING mail from the internet !

            Many thanks !!!!

            Greetings,
            Jo

            Comment


            • #7
              Just like I said:

              http://www.msexchange.org/tutorials/MF009.html
              Cheers,

              Daniel Petri
              Microsoft Senior Premier Field Engineer
              MCSA/E, MCTS, MCITP, MCT

              Comment


              • #8
                It all works..

                just as you've said

                So MANY THANKS.. and I really appreciate the quick and very helpfull respons and tips !!!

                Kind Regards,
                Jo

                Comment


                • #9
                  restrict only to CERTAIN DOMAINS...

                  As you explained previously, which I've also tested succesfully, it's possible to restrict users from sending and/or receiving internet mail according to their group membership.
                  I wonder if it is also possible to restrict these users so that they only can send and receive email from 1 or 2 domains (for example : *.COM) but not to other domains.

                  Searching on the web didn't give me a good result.

                  Thanks in advance !
                  Jo

                  Comment


                  • #10
                    Basically it's all a matter of playing with SMTP Connectors. You create one with * and restrict, then you create one with *.COM and loow, and so on.
                    Cheers,

                    Daniel Petri
                    Microsoft Senior Premier Field Engineer
                    MCSA/E, MCTS, MCITP, MCT

                    Comment


                    • #11
                      multiple connectors

                      won't this be interfering with the other mails that are arriving at the other users ?
                      or will these other users just keep receiving all mails thru the * Connector ?

                      Comment


                      • #12
                        You need to set up the * connector with a lower cost than the others. Also, it doesn't matter if the otherspick up the traffic, because basically they're allowing the traffic, not blocking it.
                        Cheers,

                        Daniel Petri
                        Microsoft Senior Premier Field Engineer
                        MCSA/E, MCTS, MCITP, MCT

                        Comment


                        • #13
                          one thing works the other won't

                          I created multiple connectors and set up restrictions, this works !
                          so emails are blocked when NOT sent to a .COM-domain only sending to .COM works. FOR EXAMPLE !

                          BUT I also want to let these users RECEIVE MAIL from .COM-domains !!!
                          After applying a new recipient policy (according to procedure on http://www.msexchange.org/tutorials/mf009.html) these users aren't able to receive ANY emails.

                          Can you tell me how to change this policy or should this be done in another way, to restrict via recipient policy but ALSO let thru the messages from recipients with .COM addresses ???

                          Please help, I think I'm close to the solution..

                          Many thanks.
                          Jo

                          Comment


                          • #14
                            Re: Restrict users not to send email outside, only local mailing

                            Originally posted by danielp View Post

                            Hi all,

                            I'm trying to do this.. however, a couple of problems noted:

                            1) the article above points to Exchange 2000. In 2003, were I to follow the same steps.. I can't specify the group name, and have to choose the individual users. Not a big deal.. but a bit of a pain in the ass.

                            2) I've tried the two connector rules. I have my NoInternetMail connector set to a cost of 1, and it works fine. I have a second Connector, Allowed Connections, set to a cost of 100 (I've tried 2, 5, and 50), done a gpupdate /force, and restarted the SMTP service... yet the exceptions I placed into the Allowed Connections aren't working for my restricted users.

                            I feel like I am missing a step somewheres... suggestions?

                            Comment


                            • #15
                              Re: Restrict users not to send email outside, only local mailing

                              Considering the age of the post, it probably would have been best to create a new question.
                              There are instances when the restrictions don't work. See my article on the process here - which was written for E2003: http://www.amset.info/exchange/restr...ternetmail.asp

                              Simon.
                              --
                              Simon Butler
                              Exchange MVP

                              Blog: http://blog.sembee.co.uk/
                              More Exchange Content: http://exchange.sembee.info/
                              Exchange Resources List: http://exbpa.com/
                              In the UK? Hire me: http://www.sembee.co.uk/

                              Sembee is a registered trademark, used here with permission.

                              Comment

                              Working...
                              X