Announcement

Collapse
No announcement yet.

Receive Connector and Anonymous Users

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Receive Connector and Anonymous Users

    I am just after some advise regarding the Receive connector and Anonymous Users checkbox

    I read somewhere this should not be enabled, and was alarmed to see that I had done so with access for all networks.

    I thought this would mean my server was useable as an open relay, except my telnet tests and various online tests advised otherwise that it was not an open relay.

    I would like to know the following -

    1) What is the best way to secure the receive connector for SMTP traffic, given that if I disable Anonymous Users on the receive connector incoming external email fails.

    2) By enabling the anonymous users checkbox on the default receive connector, combined with all subnets on the 'receive mail from remote servers' section, I dont understand what in that configuration my server is not an open relay?

  • #2
    Re: Receive Connector and Anonymous Users

    Enabling anonymous does not make a default connector an open relay.
    You must have anonymous enabled and unless you are receiving email from an external host (such as a spam filter) then you have to allow email to be received from everywhere.
    That allows your server to receive email, not relay.

    The default receive connector, with anonymous enabled is secure out of the box. There is nothing more that you need to do.
    If Exchange is receiving email from the internet, then you should install the anti-spam filters then enable recipient filtering. That will stop Exchange from receiving email from the internet.

    To allow Exchange to relay email, additional changes have to be made.

    http://semb.ee/apprelay

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: Receive Connector and Anonymous Users

      Thank you once again for your helpful reply. I can see that the requirement to allow for a relay is to enable Externally Secured checkbox which provides the relevant permissions to relay through the Receive Connector.

      Comment


      • #4
        Re: Receive Connector and Anonymous Users

        Using the Externally secured option isn't considered best practise. Making the server an open relay is one of the consequences of that setting - if you need to allow relaying on a more controlled way, then changing the configuration of the Receive Connector is the preferred method.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment

        Working...
        X