On the CAS, and in the EMC, I looked at Server Configuration\Hub
Transport, and see two RCs: "Client usmaildb01p" and "Default
usmaildb01p"
The new manager, who is doing much of the work for this migration, has
changed a few of the names of things, so fulfilling your request
stumped me for a few minutes.
It looks as if he also changed some of the defaults, which is why I'm
having some difficulties with pointing the batch files to the new
server. I looked at the GUI and saw much the same thing as on the
AuthMechanism line.
But, here you go:
[PS] C:\Windows\system32>get-receiveconnector "USMAILDB01P\Default
USMAILDB01P" | fl
RunspaceId : df01cc12-5634-4aad-81ff-ac2951003160
AuthMechanism : Tls, Integrated, BasicAuth,
BasicAuthRequireTLS, ExchangeServer
Banner :
BinaryMimeEnabled : True
Bindings : {:::25, 0.0.0.0:25}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotificationEnabled : True
EightBitMimeEnabled : True
BareLinefeedRejectionEnabled : False
DomainSecureEnabled : False
EnhancedStatusCodesEnabled : True
LongAddressesEnabled : False
OrarEnabled : False
SuppressXAnonymousTls : False
AdvertiseClientSettings : False
Fqdn : USMailDB01p.example.org
Comment :
Enabled : True
ConnectionTimeout : 00:10:00
ConnectionInactivityTimeout : 00:05:00
MessageRateLimit : unlimited
MessageRateSource : IPAddress
MaxInboundConnection : 5000
MaxInboundConnectionPerSource : unlimited
MaxInboundConnectionPercentagePerSource : 100
MaxHeaderSize : 64 KB (65,536 bytes)
MaxHopCount : 60
MaxLocalHopCount : 8
MaxLogonFailures : 3
MaxMessageSize : 10 MB (10,485,760 bytes)
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 5000
PermissionGroups : ExchangeUsers,
ExchangeServers, ExchangeLegacyServers
PipeliningEnabled : True
ProtocolLoggingLevel : None
RemoteIPRanges :
{::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}
RequireEHLODomain : False
RequireTLS : False
EnableAuthGSSAPI : False
ExtendedProtectionPolicy : None
LiveCredentialEnabled : False
TlsDomainCapabilities : {}
Server : USMAILDB01P
SizeEnabled : EnabledWithoutValue
TarpitInterval : 00:00:05
MaxAcknowledgementDelay : 00:00:30
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : Default USMAILDB01P
DistinguishedName : CN=Default
USMAILDB01P,CN=SMTP Receive
Connectors,CN=Protocols,CN=USMAILDB01P,CN=Servers,CN=Exchange
Administrative Group (FYDIBOHF23SPDLT),CN=Administrative
Groups,CN=EXAMPLE,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=EXAMPLE,DC=com
Identity : USMAILDB01P\Default USMAILDB01P
Guid : 1f2d1b85-ee22-4462-bafb-f187a6bf261a
ObjectCategory :
example.org/Configuration/Schema/ms-Exch-Smtp-Receive-Connector
ObjectClass : {top, msExchSmtpReceiveConnector}
WhenChanged : 2014-01-21 18:50:57
WhenCreated : 2014-01-21 15:57:24
WhenChangedUTC : 2014-01-22 02:50:57
WhenCreatedUTC : 2014-01-21 23:57:24
OrganizationId :
OriginatingServer : USdc4.example.org
IsValid : True
On Thu, Mar 6, 2014 at 2:41 PM, Michael B. Smith <[email protected]> wrote:
> Have you changed any configuration of the Default receive connector?
>
> If not, then it also accepts Anonymous email addressed to anyone whose email
> address is in one of your "accepted domains".
>
> To verify that, give me a "Get-ReceiveConnector Default | fl *" and post the
> output.
>
> Exchange 2003 and Exchange 2010 are connecting via a Routing Group Connector
> that was created for you magically when you installed the Exchange 2010
> server.
>
> VERY LIKELY - based on default configurations - you don't need to change
> anything. What you want is the default configuration.
>
> If you want to do auth, then use the CLIENT connector to port 587. That will
> allow you to do outgoing relay. Again, it's already configured in the default
> configuration.
>
> Exchange 2010 and Exchange 2013 come configured ALMOST completely right
> out-of-the-box for most people. You've got to create a Send connector and
> install a certificate or two, and you are off to the races.
>
> -----Original Message-----
> From: [email protected] [mailto:[email protected]]
> On Behalf Of Kurt Buff
> Sent: Thursday, March 6, 2014 5:27 PM
> To: [email protected]
> Subject: [Exchange] Securing Exchange 2010 for local delivery only, with no
> auth
>
> Looking for some validation - much appreciated if any of you point out
> errors, or a better way of doing things.
>
> As part of our transition away from Exchange 2003, I have a two-server
> Exchange 2010 setup. A CAS server and a Hub/DB server.
>
> It's fronted by a Barracuda spam filter, which is currently sending all
> emails to the Exchagne 2003 server, and mail is then delivered to Exchange
> 2010. That all works well.
>
> In addition, I have a large number of batchfiles on various machines that
> send email via blat, etc.
>
> I now need to swing over the Barracuda and the batch files to the CAS machine.
>
> I see two Receive Connectors, Default and Client, on the CAS machine.
> Both require auth, which the Barracuda doesn't seem to support - I've checked
> the config, but haven't cofirmed with Barracuda, and don't really care to at
> this point, as I also don't want to change all of my scripts, and worse,
> require the engineers to change all of their scripts, to use auth of any sort
> for email.
>
> I believe that the Default RC handles the email from our Exchange 2003 server.
>
> My thought is to narrow the range of accepted IP addresses for the Default RC
> (only if necessary!) to just the US Exchange 2003 server, and create another
> RC (perhaps called InternalSMTP) and set it to receive from my validated set
> of internal addresses without auth - the Barracuda, my machines running
> scripts, the engineers running scripts, etc.
>
> Is my assumption regarding the Default RC correct, and is this a reasonable
> approach, or is there a better way of doing this?
>
> I should also note that there is an Exchange 2003 server in each of the two
> overseas offices, and we're yet undecided as to whether to put Exchange 2010
> servers there, or to centralize everything here - because of bandwidth
> issues. Also, we're at DFL/FFL 2003 Native, though the DCs here in the US are
> 2008R2 Don't know if any of that makes a difference, but wanted to make sure
> I don't leave anything out.
>
>
> Thanks,
>
> Kurt
>
>
