SMTP is the only protocol we use site to site, nary an X.400 or site connector in the whole ORG (well, maybe one or two, but none on machines that I worry about on a daily basis).
Yep, it's all 5.5 (sorry for not putting that bit of trivia in). The site addressing tab only effects Exchange users, this is understood. What about users outside of Exchange? The little sendmail box sitting in some dusty corner that a die-hard *nix user won't give up. That would have to be taken care of on the connections tab -> Accept connections , by only accepting Authenticated connections. Would the "Clients can only submit if authentication account matches submission address" box allow our infamous POP3/IMAP4 clients to submit mail (everyone that would be using the IMC to relay would be homed on this server, only one server in the site)? Sorry for asking so many admin 101 questions, but the documentation just isn't very definitive and I'm trying to get what's left of my pickled herring brain wrapped around this before starting on the hardware side of things. Planning, planning, planning. Thanks again. John Matteson; Exchange Manager Geac Corporate Infrastructure Systems and Standards (404) 239 - 2981 My toys! My toys! I can't do this job without my toys! -----Original Message----- From: Daniel Chenault [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 30, 2002 11:13 AM To: Exchange Discussions Subject: Re: SMTP/IMC Connector relay restrictions If you're on 5.5 and using site connectors other servers won't connect to this box using SMTP anyway. There is a way to allow users to use this connector as a relay but there's no way to detect forged headers; once the user is authenticated and/or his IP is filtered he can send anything he wants. The scope will only matter for Exchange traffic and this comes back to whether you're using the MTA or the SMTP connectors for site connectivity. Within a site it is all RPC (again, talking 5.5). ----- Original Message ----- From: "John Matteson" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Wednesday, January 30, 2002 10:05 AM Subject: SMTP/IMC Connector relay restrictions > Good morning to everyone: > > I've looked in the Connectivity guide and the archive of last years > messages, but I still need some guidance on an issue that maybe, some of you > have run into. > > My boss wants to limit the use of a site's IMC to just that site, > but also wants to prevent users from relaying messages with forged headers > through the IMC. > > Can this be done? > > We plan on setting the address scope to just the site and not using > DNS to deliver mail, but have all mail go to a particular "upline" server > for routing and delivery. We also want to allow only other Exchange servers > to connect to this IMC, which can be done via the Routing Restrictions tab > (there is only a few servers that would need to connect to this machine > anyway). > > But here comes a kink, if a user needs to use a POP3/IMAP4 client, > do all these security measures turn into mush? Discussion? > > John Matteson; Exchange Manager > Geac Corporate Infrastructure Systems and Standards > (404) 239 - 2981 > My toys! My toys! I can't do this job without my toys! _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
