Hi folks, We have a requirement to try to restrict applications relaying via Exchange to the internal domain and another email domain, without opening it up to allow emails to relay to any and all domains, unless the IP has been added to the allowed list.
The internal Exchange domain is CompanyA.com, which routes all external emails to MimeSweeper filters, no Exchange Edge servers are implemented. We do have smtp receive connectors set up for the applications to relay with IP address restrictions, but is either an all or nothing as far as external email goes and Security aren't happy with that approach. The sending servers/applications either can't or won't use Authentication, so all connections to the receive connector is Anonymouns. The Send connector is configured to route mail via the smart hosts by IP, so doesn't try to resolve the CompanyB.com MX record. Remote domains is the Default *, and a single Send Connector with address * pointing to the MimeSweeper servers. Can an Accepted Domain configured as "External Relay Domain" with the CompanyB.com domain accomplish what we are being asked to do? I.e. any server not allowed by IP can then send to both domains, with the emails for CompanyB sent to the MimeSweeper filters as normal? Or is there another "safe" way to do this? Or something I'm missing completely? Obviously we don't want to impact emails being sent by CompanyA users to CompanyB users. The servers are Exchange 2010 SP3 RU6, soon to be RU9, if that has a bearing on it. If it can't be done easily or safely, for various definitions of both, they will just have to fight it out with the security team. I've looked at various TechNet & MSExchange.org articles, but everything I've come across assumes that Edge servers in place, so looking for alternate confirmation on whether it will work or not. If I haven't explained it correctly, hit me with a big stick, I've been coming back to this over the course of the day so may be a bit muddled :) Thanks, Tony
