Prev: exchange will not run
Next: Exchange 2007 Self-Signed Certificate.
From: Andrew Story on 1 Jun 2007 07:56
Hi, I posted a while ago, when I configured my orgs exchange server to use
an IIS server as an SMTP relay in a DMZ.

All worked fine apart from external POP2 clients, they can recieve fine but
not send. In the logs on the IIS server in the DMZ sere lots of SMTP events
regarding authentication problems for the user accounts trying to send mail.

The IIS server in the DMZ was not part of our domain, is there any other way
to configure a server not part of the corporate domain to act an an SMTP
relay for external clients like this?

Any help much appreciated.


From: Joe Grover on 1 Jun 2007 08:55
> The IIS server in the DMZ was not part of our domain, is there any other
> way to configure a server not part of the corporate domain to act an an
> SMTP relay for external clients like this?
========================/

Only if the external clients have static IP addresses, then you may be able
to configure them as allowed relays. Otherwise the only way would be to
make it an open relay, which you would never ever want to do. ;)

Basically the answer is this: If you can't determine who someone is--and
therefore whether or not they are allowed to relay--then a server would need
to be an open relay in order to allow it.

Joe

From: Oliver Moazzezi on 1 Jun 2007 10:18
You would have to grant them relay based on their IP addresses, which may be
a pain if they aren't static.

Oliver


"Andrew Story" <andrewDOTstoryATjameswalkerDOTbiz> wrote in message
news:e3GS1PEpHHA.3736(a)TK2MSFTNGP03.phx.gbl...
> Hi, I posted a while ago, when I configured my orgs exchange server to use
> an IIS server as an SMTP relay in a DMZ.
>
> All worked fine apart from external POP2 clients, they can recieve fine
> but not send. In the logs on the IIS server in the DMZ sere lots of SMTP
> events regarding authentication problems for the user accounts trying to
> send mail.
>
> The IIS server in the DMZ was not part of our domain, is there any other
> way to configure a server not part of the corporate domain to act an an
> SMTP relay for external clients like this?
>
> Any help much appreciated.
>


From: NetoMeter on 1 Jun 2007 14:28
I think that another approach would be to:

1. Create a separate virtual SMTP server in Exchange for the outside
users.
2. Translate it to some unknown port on the outside (like 4565 - the
outside users have to specify it in their clients).
3. Configure SSL for basic authentication in the Properties of this
SMTP virtual server (On the Access tab, click Authentication, and then
select Requires TLS encryption).
4. (Optional) Change the SMTP greeting/banner - you can do this very
easy with the "adsutil.vbs" in Inetpub/adminscripts. The command is:
cscript adsutil.vbs set smtpsvc/vsi number/connectresponse "Your
Text". Don't forget to replace "vsi number" with the number of your
Virtual SMTP server.

Best Regards,
Dean

 | 
Pages: 1
Prev: exchange will not run
Next: Exchange 2007 Self-Signed Certificate.