Brian, This is how I explain and OPEN Relay. Although there is a common tendency for people to assume that they are the same, Relay != Open Relay. Relay is NOT a bad thing. Your Exchange server is meant to relay, and it does relay, like all the other servers I'm familiar with. An Open Relay occurs where neither the sender nor the recipient part belongs in your org. As long as one part exists within your directory, it is perfectly legal for the exchange server to relay messages to the other party (if external) or transfer messages to the other party (if local). A Relay occur when a message originating within your org is destined for a recipient that is external to your org. Your servers is expected to relay that piece of email as long as it's able to verify that the sender is in its directory. The way your exchange server determines that is primarily by authentication. Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of Brian Desmond Sent: Tue 9/20/2005 6:57 PM To: [email protected] Subject: RE: [ActiveDir] Exchange relay(OT) Let me answer what I can authoritatively. MAPI clients are totally different than pop3/imap. There is no virtual server or none of that. They submit their messages to the server over MAPI just like all their other traffic, and the then server handles the routing internally. You cannot disable mapi users from sending mail. They're not relaying anything off an SMTP server. If you create an acme.com connector and uncheck the relay box, users will continue to be able to email to acme.com I'm not sure you understand what relaying means in the context of SMTP. Sending mail to the SMTP server's native domain is not relaying. It's what the SMTP server is there for. Submitting mail to the SMTP server for delivery to a remote smtp server is relaying. Usually you don't think of your internal users sending outbound mail as relaying though I guess technically it is. A quick peek at the SMTP settings on a couple of the severs here indicates that they all have that allow computers which authenticate to relay box checked. Our outbound SMTP is locked down at the perimeter and inbound comes through a couple of iplanet boxes. Thanks, Brian Desmond [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> c - 312.731.3132 ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Tuesday, September 20, 2005 9:01 PM To: activedirectory Subject: [ActiveDir] Exchange relay(OT) I'm confused about relaying on virtual servers and smtp connectors. I keep reading conflicting reports- In "Microsoft Exchange Server 2003 24seven" from Sybex, JMcBee writes in chapter 14 on page 584 that unchecking "Allow All Computers WHich Sucessfully Authenticate To Relay..", Exchange servers will not be able to send mail to one another. He states Exchange servers relay with each other in an Org all the time and unchecking this will break exchange. Jim McBee has stated this in both Exchange 2k and 2k3 verisons of the book. However in "Exchange Server Cookbook", recipe 7.19, they state to uncheck this value for security reasons and seem to imply that this is only for pop3/imap clients. Tony redmond in "MS Exchange Server 2003 with sp1" seems to agree as well. who's right? Also, I know the setting for relaying on an smtp connector over rides the virtual server connection setting, so say i create a connector with "acme.com" address space. If i uncheck the relay button on the connector, will users(mapi or pop3) be able to send mail to acme.com? or do i have to enable relaying for this to work on that connector? Finally, how does exchange view mapi users? are they lumped in with auth users like pop3/imap? what mechanism allows mapi users to relay? is there a setting that can disallow mapi clients from relaying like for pop3/imap clients? Thanks. alot of questions, i know. Exchange in some ways confuses the heck outta me. I find the sendmail.cf file easier than exchange sometimes. Thanks again! List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
