Exchange 2007: How to allow relay exceptions
- Date: October 26th, 2007
- Author: Scott Lowe
- Category: E-mail, Infrastructure, Internet openness, Servers, VPN, anti-spam, router configuration
- Tags: SMTP, Microsoft Exchange Server 2007, IP, Server, IP Address, Connector, E-mail, Network Technology, Networking, Online Communications
Although allowing unfettered relaying of e-mail through your Exchange 2007 server should be avoided, there are situations in which allowing relaying is desirable.
For example, suppose you have an HVAC system that reports to operations when a building’s air handling system strays outside preset parameters. These systems typically handle their reporting via e-mail and don’t authenticate with your SMTP server. The system simply needs your SMTP server in order to correctly route the message. In Exchange 2007, relay is made available through the use of a custom SMTP receive connector. I should note that, by default, Exchange 2007 does support relaying of mail for systems that authenticate. Today’s tip focuses on relaying from an unauthenticated system.
Before you get started, you should add another IP address to the network adapter on your Exchange server. An SMTP receive connector is akin to a SMTP virtual server from Exchange 2003 and requires a unique IP address/SMTP port combination. It’s easier to tell a third-party system to use a different IP address for relay than it is to provide it with a different port to use for SMTP. I’ve assigned the IP address 192.168.1.10 to my system.
1. Start the Exchange Management Console.
2. Browse to Microsoft Exchange > Server Configuration > Hub Transport.
3. Select the Hub Transport server through which you would like to allow another system to relay mail.
4. From the Actions pane, choose New Receive Connector (Figure A).
Figure A
5. On the first page of the New SMTP Receive Connector wizard, type a name for the connector and choose the connector’s intended use. In this case, choose Custom (Figure B).
Figure B
Type a name and choose a use for this connector.
6. Choose Next.
7. On the Local Network Settings page, click the Add button
8. On the Local Network settings page, click the Add button and, in the Add Receive Connector Binding window, type in the new IP address that you gave to the network adapter. Leave the SMTP port at 25 (Figure C).
9. Choose OK.
10. Under Local IP address(es), select All Available and click the red X to delete this selection.
Figure C
Decide which IP address and port combination to use for the new connector.
11. Choose Next.
12. On the Remote Network Settings window, indicate which systems or range of IP addresses should be allowed to relay through this connector. In the example shown in Figure D, the host system with IP address 192.168.1.200 and any system with an IP address in the range 192.168.1.0 to 192.168.1.254 will be allowed to relay through this connector.
Figure D
Indicate the systems with rights to relay through this connector.
13. Choose Next.
14. On the summary screen, click the New button to create the connector.
15. Open the properties page of the new connector. To do so, right click the new connector and choose Properties.
16. From the connector’s Properties page, choose the Permission Groups tab (Figure E).
17. Select the checkbox next to “Exchange Servers”.
Figure E
Select Exchange Servers. You must do this before you continue.
18. From the connector’s Properties page, choose the Authentication tab (Figure F).
19. Select the checkbox next to “Externally Secured (for example, with IPsec)”.
Figure F
Select External Secured to tell Exchange that the third party device somehow manages it own permissions.
20. Choose OK.
At this point, you should be able to relay from the third party system.
For example, suppose you have an HVAC system that reports to operations when a building’s air handling system strays outside preset parameters. These systems typically handle their reporting via e-mail and don’t authenticate with your SMTP server. The system simply needs your SMTP server in order to correctly route the message. In Exchange 2007, relay is made available through the use of a custom SMTP receive connector. I should note that, by default, Exchange 2007 does support relaying of mail for systems that authenticate. Today’s tip focuses on relaying from an unauthenticated system.
Before you get started, you should add another IP address to the network adapter on your Exchange server. An SMTP receive connector is akin to a SMTP virtual server from Exchange 2003 and requires a unique IP address/SMTP port combination. It’s easier to tell a third-party system to use a different IP address for relay than it is to provide it with a different port to use for SMTP. I’ve assigned the IP address 192.168.1.10 to my system.
Step by step guide to allowing relay
To allow individual systems to relay mail through your Exchange 2007 system, perform the following steps:1. Start the Exchange Management Console.
2. Browse to Microsoft Exchange > Server Configuration > Hub Transport.
3. Select the Hub Transport server through which you would like to allow another system to relay mail.
4. From the Actions pane, choose New Receive Connector (Figure A).
Figure A
5. On the first page of the New SMTP Receive Connector wizard, type a name for the connector and choose the connector’s intended use. In this case, choose Custom (Figure B).
Figure B
Type a name and choose a use for this connector.
6. Choose Next.
7. On the Local Network Settings page, click the Add button
8. On the Local Network settings page, click the Add button and, in the Add Receive Connector Binding window, type in the new IP address that you gave to the network adapter. Leave the SMTP port at 25 (Figure C).
9. Choose OK.
10. Under Local IP address(es), select All Available and click the red X to delete this selection.
Figure C
Decide which IP address and port combination to use for the new connector.
11. Choose Next.
12. On the Remote Network Settings window, indicate which systems or range of IP addresses should be allowed to relay through this connector. In the example shown in Figure D, the host system with IP address 192.168.1.200 and any system with an IP address in the range 192.168.1.0 to 192.168.1.254 will be allowed to relay through this connector.
Figure D
Indicate the systems with rights to relay through this connector.
13. Choose Next.
14. On the summary screen, click the New button to create the connector.
15. Open the properties page of the new connector. To do so, right click the new connector and choose Properties.
16. From the connector’s Properties page, choose the Permission Groups tab (Figure E).
17. Select the checkbox next to “Exchange Servers”.
Figure E
Select Exchange Servers. You must do this before you continue.
18. From the connector’s Properties page, choose the Authentication tab (Figure F).
19. Select the checkbox next to “Externally Secured (for example, with IPsec)”.
Figure F
Select External Secured to tell Exchange that the third party device somehow manages it own permissions.
20. Choose OK.
At this point, you should be able to relay from the third party system.
沒有留言:
張貼留言