RE: Allowing internal SMTP but not external
After I hit send I came up with the solution. On the IMS there is a delivery
restriction tab, if I add the users that aren't allowed to send outbound
e-mail to the tab (or add a DL to the tab and the users to the DL) my
problem is solved.
-Walden
Walden H Leverich III
President
Tech Software
(516)627-3800 x11
[EMAIL PROTECTED]
http://www.TechSoftInc.com
-Original Message-
From: Walden H. Leverich [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 21, 2001 15:04
To: Exchange Discussions
Subject: RE: Allowing internal SMTP but not external
Thanks to all for the great suggestions. I'm pushing the idea of
[EMAIL PROTECTED] so they can receive SMTP e-mails from the inside
world. As it happens the sending program on the AS/400 simply connects to
port 25 on the Exchange box so there is no need for MX records, we just told
IMS that .internal should be routed .
The only down side is that users can still send e-mail. We can't disable all
outbound SMTP on the server since there are some users that are allowed
"real" addresses. When we presented our idea of "invalid" smtp addresses the
response we got was "we can't give these users access to the internet" which
isn't exactly what we are suggesting so I think it's time to thwap a
customer or two.
If someone could suggest an idea to prevent these users with invalid SMTP
address from SENDING to the net while allowing users with valid SMTP to send
we'd be all set, but I appreciate all the help I've received so far.
May everyone have a happy and healthy holiday!
-Walden
Walden H Leverich III
President
Tech Software
(516)627-3800 x11
[EMAIL PROTECTED]
http://www.TechSoftInc.com
-Original Message-
From: Peter Johnson [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 18, 2001 02:12
To: Exchange Discussions
Subject: RE: Allowing internal SMTP but not external
Hi Walden
How about this as solution??
1.) Remove the valid internet addresses from the users.
2.) Create invalid, from the perspective of the Internet, addresses for the
users who need to get the mail from the AS400. Route this address as
inbound.
3.) Configure the SMTP service on the AS 400 to deliver mail to the invalid
address directly to the IMS of the Exchange server.
4.) Configure the IMS on Exchange to deliver replies directly to the IMS.
The only issue that I can see is that these users will still be able to send
mail out but will not receive replies since they don't have valid SMTP
addresses.
Regards
Peter Johnson
-Original Message-
From: Walden H. Leverich [mailto:[EMAIL PROTECTED]]
Sent: 17 December 2001 23:41
To: Exchange Discussions
Subject: Allowing internal SMTP but not external
OK, I think I know the answer to this, but I told a customer I'd ask.
I have a customer that wants to limit users from receiving email from the
internet. No problem, remove the SMTP address and they won't be able to
send/receive SMTP mail. However, now they have a requirement for these users
to receive SMTP mail from an internal machine (AS/400 sending e-mail to
local users). Short of going to the SMTP proxy (Firewall-1) and saying drop
messages for user1 and user2 and user3 etc. there is no way I can see of
preventing external SMTP mail while allowing internal SMTP mail. Did I miss
something?
-Walden
Walden H Leverich III
President
Tech Software
(516)627-3800 x11
[EMAIL PROTECTED]
http://www.TechSoftInc.com
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
"This e-mail may contain confidential information and may be legally
privileged and is intended only for the person to whom it is addressed. If
you are not the intended recipient, you are notified that you may not use,
distribute or copy this document in any manner whatsoever. Kindly also
notify the sender immediately by telephone, and delete the e-mail. When
addressed to clients of the company from where this e-mail originates ("the
sending company ") any opinion or advice contained in this e-mail is subject
to the terms and conditions expressed in any applicable terms of business or
client engagement letter . The sending company does not accept liability for
any damage, loss or expense arising from this e-mail and/or from the
accessing of any files attached to this e-mail."
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
RE: Allowing internal SMTP but not external
Thanks to all for the great suggestions. I'm pushing the idea of
[EMAIL PROTECTED] so they can receive SMTP e-mails from the inside
world. As it happens the sending program on the AS/400 simply connects to
port 25 on the Exchange box so there is no need for MX records, we just told
IMS that .internal should be routed .
The only down side is that users can still send e-mail. We can't disable all
outbound SMTP on the server since there are some users that are allowed
"real" addresses. When we presented our idea of "invalid" smtp addresses the
response we got was "we can't give these users access to the internet" which
isn't exactly what we are suggesting so I think it's time to thwap a
customer or two.
If someone could suggest an idea to prevent these users with invalid SMTP
address from SENDING to the net while allowing users with valid SMTP to send
we'd be all set, but I appreciate all the help I've received so far.
May everyone have a happy and healthy holiday!
-Walden
Walden H Leverich III
President
Tech Software
(516)627-3800 x11
[EMAIL PROTECTED]
http://www.TechSoftInc.com
-Original Message-
From: Peter Johnson [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 18, 2001 02:12
To: Exchange Discussions
Subject: RE: Allowing internal SMTP but not external
Hi Walden
How about this as solution??
1.) Remove the valid internet addresses from the users.
2.) Create invalid, from the perspective of the Internet, addresses for the
users who need to get the mail from the AS400. Route this address as
inbound.
3.) Configure the SMTP service on the AS 400 to deliver mail to the invalid
address directly to the IMS of the Exchange server.
4.) Configure the IMS on Exchange to deliver replies directly to the IMS.
The only issue that I can see is that these users will still be able to send
mail out but will not receive replies since they don't have valid SMTP
addresses.
Regards
Peter Johnson
-Original Message-
From: Walden H. Leverich [mailto:[EMAIL PROTECTED]]
Sent: 17 December 2001 23:41
To: Exchange Discussions
Subject: Allowing internal SMTP but not external
OK, I think I know the answer to this, but I told a customer I'd ask.
I have a customer that wants to limit users from receiving email from the
internet. No problem, remove the SMTP address and they won't be able to
send/receive SMTP mail. However, now they have a requirement for these users
to receive SMTP mail from an internal machine (AS/400 sending e-mail to
local users). Short of going to the SMTP proxy (Firewall-1) and saying drop
messages for user1 and user2 and user3 etc. there is no way I can see of
preventing external SMTP mail while allowing internal SMTP mail. Did I miss
something?
-Walden
Walden H Leverich III
President
Tech Software
(516)627-3800 x11
[EMAIL PROTECTED]
http://www.TechSoftInc.com
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
"This e-mail may contain confidential information and may be legally
privileged and is intended only for the person to whom it is addressed. If
you are not the intended recipient, you are notified that you may not use,
distribute or copy this document in any manner whatsoever. Kindly also
notify the sender immediately by telephone, and delete the e-mail. When
addressed to clients of the company from where this e-mail originates ("the
sending company ") any opinion or advice contained in this e-mail is subject
to the terms and conditions expressed in any applicable terms of business or
client engagement letter . The sending company does not accept liability for
any damage, loss or expense arising from this e-mail and/or from the
accessing of any files attached to this e-mail."
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
RE: Allowing internal SMTP but not external
I wouldn't do that. It isn't necessary.
Ed Crowley MCSE+I MVP
Tech Consultant
Compaq Computer
"There are seldom good technological solutions to behavioral problems."
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Peter Johnson
Sent: Tuesday, December 18, 2001 10:22 PM
To: Exchange Discussions
Subject: RE: Allowing internal SMTP but not external
Hi Ed
Sorry about that :) :) Small typo. Meant to say that I would configure the
IMS to deliver replies to the AS400 directly to it and not do DNS lookups
etc.
Cheers
Peter
-Original Message-
From: Peter Johnson [mailto:[EMAIL PROTECTED]]
Sent: 18 December 2001 09:12
To: Exchange Discussions
Subject: RE: Allowing internal SMTP but not external
Hi Walden
How about this as solution??
1.) Remove the valid internet addresses from the users.
2.) Create invalid, from the perspective of the Internet, addresses for the
users who need to get the mail from the AS400. Route this address as
inbound.
3.) Configure the SMTP service on the AS 400 to deliver mail to the invalid
address directly to the IMS of the Exchange server.
4.) Configure the IMS on Exchange to deliver replies directly to the IMS.
The only issue that I can see is that these users will still be able to send
mail out but will not receive replies since they don't have valid SMTP
addresses.
Regards
Peter Johnson
-Original Message-
From: Walden H. Leverich [mailto:[EMAIL PROTECTED]]
Sent: 17 December 2001 23:41
To: Exchange Discussions
Subject: Allowing internal SMTP but not external
OK, I think I know the answer to this, but I told a customer I'd ask.
I have a customer that wants to limit users from receiving email from the
internet. No problem, remove the SMTP address and they won't be able to
send/receive SMTP mail. However, now they have a requirement for these users
to receive SMTP mail from an internal machine (AS/400 sending e-mail to
local users). Short of going to the SMTP proxy (Firewall-1) and saying drop
messages for user1 and user2 and user3 etc. there is no way I can see of
preventing external SMTP mail while allowing internal SMTP mail. Did I miss
something?
-Walden
Walden H Leverich III
President
Tech Software
(516)627-3800 x11
[EMAIL PROTECTED]
http://www.TechSoftInc.com
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
"This e-mail may contain confidential information and may be legally
privileged and is intended only for the person to whom it is addressed. If
you are not the intended recipient, you are notified that you may not use,
distribute or copy this document in any manner whatsoever. Kindly also
notify the sender immediately by telephone, and delete the e-mail. When
addressed to clients of the company from where this e-mail originates ("the
sending company ") any opinion or advice contained in this e-mail is subject
to the terms and conditions expressed in any applicable terms of business or
client engagement letter . The sending company does not accept liability for
any damage, loss or expense arising from this e-mail and/or from the
accessing of any files attached to this e-mail."
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
"This e-mail may contain confidential information and may be legally
privileged and is intended only for the person to whom it is addressed. If
you are not the intended recipient, you are notified that you may not use,
distribute or copy this document in any manner whatsoever. Kindly also
notify the sender immediately by telephone, and delete the e-mail. When
addressed to clients of the company from where this e-mail originates ("the
sending company ") any opinion or advice contained in this e-mail is subject
to the terms and conditions expressed in any applicable terms of business or
client engagement letter . The sending company does not accept liability for
any damage, loss or expense arising from this e-mail and/or from the
accessing of any files attached to this e-mail."
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archiv
RE: Allowing internal SMTP but not external
Hi Ed
Sorry about that :) :) Small typo. Meant to say that I would configure the
IMS to deliver replies to the AS400 directly to it and not do DNS lookups
etc.
Cheers
Peter
-Original Message-
From: Peter Johnson [mailto:[EMAIL PROTECTED]]
Sent: 18 December 2001 09:12
To: Exchange Discussions
Subject: RE: Allowing internal SMTP but not external
Hi Walden
How about this as solution??
1.) Remove the valid internet addresses from the users.
2.) Create invalid, from the perspective of the Internet, addresses for the
users who need to get the mail from the AS400. Route this address as
inbound.
3.) Configure the SMTP service on the AS 400 to deliver mail to the invalid
address directly to the IMS of the Exchange server.
4.) Configure the IMS on Exchange to deliver replies directly to the IMS.
The only issue that I can see is that these users will still be able to send
mail out but will not receive replies since they don't have valid SMTP
addresses.
Regards
Peter Johnson
-Original Message-
From: Walden H. Leverich [mailto:[EMAIL PROTECTED]]
Sent: 17 December 2001 23:41
To: Exchange Discussions
Subject: Allowing internal SMTP but not external
OK, I think I know the answer to this, but I told a customer I'd ask.
I have a customer that wants to limit users from receiving email from the
internet. No problem, remove the SMTP address and they won't be able to
send/receive SMTP mail. However, now they have a requirement for these users
to receive SMTP mail from an internal machine (AS/400 sending e-mail to
local users). Short of going to the SMTP proxy (Firewall-1) and saying drop
messages for user1 and user2 and user3 etc. there is no way I can see of
preventing external SMTP mail while allowing internal SMTP mail. Did I miss
something?
-Walden
Walden H Leverich III
President
Tech Software
(516)627-3800 x11
[EMAIL PROTECTED]
http://www.TechSoftInc.com
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
"This e-mail may contain confidential information and may be legally
privileged and is intended only for the person to whom it is addressed. If
you are not the intended recipient, you are notified that you may not use,
distribute or copy this document in any manner whatsoever. Kindly also
notify the sender immediately by telephone, and delete the e-mail. When
addressed to clients of the company from where this e-mail originates ("the
sending company ") any opinion or advice contained in this e-mail is subject
to the terms and conditions expressed in any applicable terms of business or
client engagement letter . The sending company does not accept liability for
any damage, loss or expense arising from this e-mail and/or from the
accessing of any files attached to this e-mail."
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
"This e-mail may contain confidential information and may be legally
privileged and is intended only for the person to whom it is addressed. If
you are not the intended recipient, you are notified that you may not use,
distribute or copy this document in any manner whatsoever. Kindly also
notify the sender immediately by telephone, and delete the e-mail. When
addressed to clients of the company from where this e-mail originates ("the
sending company ") any opinion or advice contained in this e-mail is subject
to the terms and conditions expressed in any applicable terms of business or
client engagement letter . The sending company does not accept liability for
any damage, loss or expense arising from this e-mail and/or from the
accessing of any files attached to this e-mail."
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
RE: Allowing internal SMTP but not external
Step 3 isn't necessary if you define the MX record in your internal DNS (the
one the AS/400 uses).
I don't understand Step 4.
Ed Crowley MCSE+I MVP
Tech Consultant
Compaq Computer
"There are seldom good technological solutions to behavioral problems."
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Peter Johnson
Sent: Monday, December 17, 2001 11:12 PM
To: Exchange Discussions
Subject: RE: Allowing internal SMTP but not external
Hi Walden
How about this as solution??
1.) Remove the valid internet addresses from the users.
2.) Create invalid, from the perspective of the Internet, addresses for the
users who need to get the mail from the AS400. Route this address as
inbound.
3.) Configure the SMTP service on the AS 400 to deliver mail to the invalid
address directly to the IMS of the Exchange server.
4.) Configure the IMS on Exchange to deliver replies directly to the IMS.
The only issue that I can see is that these users will still be able to send
mail out but will not receive replies since they don't have valid SMTP
addresses.
Regards
Peter Johnson
-Original Message-
From: Walden H. Leverich [mailto:[EMAIL PROTECTED]]
Sent: 17 December 2001 23:41
To: Exchange Discussions
Subject: Allowing internal SMTP but not external
OK, I think I know the answer to this, but I told a customer I'd ask.
I have a customer that wants to limit users from receiving email from the
internet. No problem, remove the SMTP address and they won't be able to
send/receive SMTP mail. However, now they have a requirement for these users
to receive SMTP mail from an internal machine (AS/400 sending e-mail to
local users). Short of going to the SMTP proxy (Firewall-1) and saying drop
messages for user1 and user2 and user3 etc. there is no way I can see of
preventing external SMTP mail while allowing internal SMTP mail. Did I miss
something?
-Walden
Walden H Leverich III
President
Tech Software
(516)627-3800 x11
[EMAIL PROTECTED]
http://www.TechSoftInc.com
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
"This e-mail may contain confidential information and may be legally
privileged and is intended only for the person to whom it is addressed. If
you are not the intended recipient, you are notified that you may not use,
distribute or copy this document in any manner whatsoever. Kindly also
notify the sender immediately by telephone, and delete the e-mail. When
addressed to clients of the company from where this e-mail originates ("the
sending company ") any opinion or advice contained in this e-mail is subject
to the terms and conditions expressed in any applicable terms of business or
client engagement letter . The sending company does not accept liability for
any damage, loss or expense arising from this e-mail and/or from the
accessing of any files attached to this e-mail."
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
RE: Allowing internal SMTP but not external
Hi Walden
How about this as solution??
1.) Remove the valid internet addresses from the users.
2.) Create invalid, from the perspective of the Internet, addresses for the
users who need to get the mail from the AS400. Route this address as
inbound.
3.) Configure the SMTP service on the AS 400 to deliver mail to the invalid
address directly to the IMS of the Exchange server.
4.) Configure the IMS on Exchange to deliver replies directly to the IMS.
The only issue that I can see is that these users will still be able to send
mail out but will not receive replies since they don't have valid SMTP
addresses.
Regards
Peter Johnson
-Original Message-
From: Walden H. Leverich [mailto:[EMAIL PROTECTED]]
Sent: 17 December 2001 23:41
To: Exchange Discussions
Subject: Allowing internal SMTP but not external
OK, I think I know the answer to this, but I told a customer I'd ask.
I have a customer that wants to limit users from receiving email from the
internet. No problem, remove the SMTP address and they won't be able to
send/receive SMTP mail. However, now they have a requirement for these users
to receive SMTP mail from an internal machine (AS/400 sending e-mail to
local users). Short of going to the SMTP proxy (Firewall-1) and saying drop
messages for user1 and user2 and user3 etc. there is no way I can see of
preventing external SMTP mail while allowing internal SMTP mail. Did I miss
something?
-Walden
Walden H Leverich III
President
Tech Software
(516)627-3800 x11
[EMAIL PROTECTED]
http://www.TechSoftInc.com
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
"This e-mail may contain confidential information and may be legally
privileged and is intended only for the person to whom it is addressed. If
you are not the intended recipient, you are notified that you may not use,
distribute or copy this document in any manner whatsoever. Kindly also
notify the sender immediately by telephone, and delete the e-mail. When
addressed to clients of the company from where this e-mail originates ("the
sending company ") any opinion or advice contained in this e-mail is subject
to the terms and conditions expressed in any applicable terms of business or
client engagement letter . The sending company does not accept liability for
any damage, loss or expense arising from this e-mail and/or from the
accessing of any files attached to this e-mail."
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
RE: Allowing internal SMTP but not external
After re-reading the problem I have to agree. I should have read the entire message. I missed the part about being able to receive internal smtp mail. This will only work if the users are located on the GC. -Original Message- From: Ed Crowley [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:12 AM To: Exchange Discussions Subject: RE: Allowing internal SMTP but not external No, there's not. If you know the ugly fully-qualified-object-name-SMTP-address, you can send anyone SMTP mail. Period. There's no way in Exchange to block that. However, nobody need know that, and the address is so ugly that nobody would try to use it unless someone sent out mail from a mailbox that didn't have an SMTP address and that's what got used as the reply address. The best answer was already given, and that was to create an e-mail domain internally that's illegal (unroutable) on the Internet, such as [EMAIL PROTECTED] Ed Crowley MCSE+I MVP Tech Consultant Compaq Computer "There are seldom good technological solutions to behavioral problems." -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Monday, December 17, 2001 3:08 PM To: Exchange Discussions Subject: RE: Allowing internal SMTP but not external Hmm. Well there is an option on each mailbox that you can setup the mailbox so that they only receive mail from internal users. I thought this was what you were requesting. -Original Message- From: Walden H. Leverich [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 4:59 PM To: Exchange Discussions Subject: RE: Allowing internal SMTP but not external Interesting idea. I'm still able to send, but I (obviously?) can't receive from the outside and that may be good enough. BTW, I'm on EX5.5 Thanks, -Walden Walden H Leverich III President Tech Software (516)627-3800 x11 [EMAIL PROTECTED] http://www.TechSoftInc.com -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 16:55 To: Exchange Discussions Subject: RE: Allowing internal SMTP but not external I'm wondering if you could give them an invalid SMTP address, that wouldn't route externally. [EMAIL PROTECTED] or something. Works with Exchange 2000 but you didn't mention if you were using E2k or 5.5. > -Original Message- > From: Walden H. Leverich [mailto:[EMAIL PROTECTED]] Posted At: > Monday, December 17, 2001 03:41 PM Posted To: MSExchange Mailing List > Conversation: Allowing internal SMTP but not external > Subject: Allowing internal SMTP but not external > > > OK, I think I know the answer to this, but I told a customer I'd ask. > > I have a customer that wants to limit users from receiving > email from the > internet. No problem, remove the SMTP address and they won't > be able to > send/receive SMTP mail. However, now they have a requirement > for these users > to receive SMTP mail from an internal machine (AS/400 sending > e-mail to > local users). Short of going to the SMTP proxy (Firewall-1) > and saying drop > messages for user1 and user2 and user3 etc. there is no way I > can see of > preventing external SMTP mail while allowing internal SMTP > mail. Did I miss > something? > > -Walden > > > Walden H Leverich III > President > Tech Software > (516)627-3800 x11 > [EMAIL PROTECTED] > http://www.TechSoftInc.com > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesea
RE: Allowing internal SMTP but not external
I believe that you could also leave the smtp addresses in tact and simply empty the address space on the IMS. Also set the IMS to inbound only. Removing the address space will stop Exchange from sending (route will be removed from the routing table) but the IMS can still receive mail. This might be easier. Mike > -Original Message- > From: Walden H. Leverich [SMTP:[EMAIL PROTECTED]] > Sent: 17 December 2001 21:41 > To: Exchange Discussions > Subject: Allowing internal SMTP but not external > > OK, I think I know the answer to this, but I told a customer I'd ask. > > I have a customer that wants to limit users from receiving email from the > internet. No problem, remove the SMTP address and they won't be able to > send/receive SMTP mail. However, now they have a requirement for these > users > to receive SMTP mail from an internal machine (AS/400 sending e-mail to > local users). Short of going to the SMTP proxy (Firewall-1) and saying > drop > messages for user1 and user2 and user3 etc. there is no way I can see of > preventing external SMTP mail while allowing internal SMTP mail. Did I > miss > something? > > -Walden > > > Walden H Leverich III > President > Tech Software > (516)627-3800 x11 > [EMAIL PROTECTED] > http://www.TechSoftInc.com > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Allowing internal SMTP but not external
No, there's not. If you know the ugly fully-qualified-object-name-SMTP-address, you can send anyone SMTP mail. Period. There's no way in Exchange to block that. However, nobody need know that, and the address is so ugly that nobody would try to use it unless someone sent out mail from a mailbox that didn't have an SMTP address and that's what got used as the reply address. The best answer was already given, and that was to create an e-mail domain internally that's illegal (unroutable) on the Internet, such as [EMAIL PROTECTED] Ed Crowley MCSE+I MVP Tech Consultant Compaq Computer "There are seldom good technological solutions to behavioral problems." -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Monday, December 17, 2001 3:08 PM To: Exchange Discussions Subject: RE: Allowing internal SMTP but not external Hmm. Well there is an option on each mailbox that you can setup the mailbox so that they only receive mail from internal users. I thought this was what you were requesting. -Original Message- From: Walden H. Leverich [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 4:59 PM To: Exchange Discussions Subject: RE: Allowing internal SMTP but not external Interesting idea. I'm still able to send, but I (obviously?) can't receive from the outside and that may be good enough. BTW, I'm on EX5.5 Thanks, -Walden Walden H Leverich III President Tech Software (516)627-3800 x11 [EMAIL PROTECTED] http://www.TechSoftInc.com -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 16:55 To: Exchange Discussions Subject: RE: Allowing internal SMTP but not external I'm wondering if you could give them an invalid SMTP address, that wouldn't route externally. [EMAIL PROTECTED] or something. Works with Exchange 2000 but you didn't mention if you were using E2k or 5.5. > -Original Message- > From: Walden H. Leverich [mailto:[EMAIL PROTECTED]] Posted At: > Monday, December 17, 2001 03:41 PM Posted To: MSExchange Mailing List > Conversation: Allowing internal SMTP but not external > Subject: Allowing internal SMTP but not external > > > OK, I think I know the answer to this, but I told a customer I'd ask. > > I have a customer that wants to limit users from receiving > email from the > internet. No problem, remove the SMTP address and they won't > be able to > send/receive SMTP mail. However, now they have a requirement > for these users > to receive SMTP mail from an internal machine (AS/400 sending > e-mail to > local users). Short of going to the SMTP proxy (Firewall-1) > and saying drop > messages for user1 and user2 and user3 etc. there is no way I > can see of > preventing external SMTP mail while allowing internal SMTP > mail. Did I miss > something? > > -Walden > > > Walden H Leverich III > President > Tech Software > (516)627-3800 x11 > [EMAIL PROTECTED] > http://www.TechSoftInc.com > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Allowing internal SMTP but not external
Hmm. Well there is an option on each mailbox that you can setup the mailbox so that they only receive mail from internal users. I thought this was what you were requesting. -Original Message- From: Walden H. Leverich [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 4:59 PM To: Exchange Discussions Subject: RE: Allowing internal SMTP but not external Interesting idea. I'm still able to send, but I (obviously?) can't receive from the outside and that may be good enough. BTW, I'm on EX5.5 Thanks, -Walden Walden H Leverich III President Tech Software (516)627-3800 x11 [EMAIL PROTECTED] http://www.TechSoftInc.com -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 16:55 To: Exchange Discussions Subject: RE: Allowing internal SMTP but not external I'm wondering if you could give them an invalid SMTP address, that wouldn't route externally. [EMAIL PROTECTED] or something. Works with Exchange 2000 but you didn't mention if you were using E2k or 5.5. > -Original Message- > From: Walden H. Leverich [mailto:[EMAIL PROTECTED]] Posted At: > Monday, December 17, 2001 03:41 PM Posted To: MSExchange Mailing List > Conversation: Allowing internal SMTP but not external > Subject: Allowing internal SMTP but not external > > > OK, I think I know the answer to this, but I told a customer I'd ask. > > I have a customer that wants to limit users from receiving > email from the > internet. No problem, remove the SMTP address and they won't > be able to > send/receive SMTP mail. However, now they have a requirement > for these users > to receive SMTP mail from an internal machine (AS/400 sending > e-mail to > local users). Short of going to the SMTP proxy (Firewall-1) > and saying drop > messages for user1 and user2 and user3 etc. there is no way I > can see of > preventing external SMTP mail while allowing internal SMTP > mail. Did I miss > something? > > -Walden > > > Walden H Leverich III > President > Tech Software > (516)627-3800 x11 > [EMAIL PROTECTED] > http://www.TechSoftInc.com > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Allowing internal SMTP but not external
As stated earlier...validate your MX record and dns records. Install version 6.0 of the PIX IOS. Setup a static route like this: static (inside,outside) tcp (external_ip) www (internal_ip) www netmask 255.255.255.255 With a corresponding Access-list entry: access-list 100 permit tcp any host (external_ip) eq www This is the most "efficient" way to perform what your speaking of. However, if you insist on having the OWA server install on the LAN make sure you perform the following: 1. Install latest service pack. 2. Install latest updates from windowsupdate.microsoft.com 3. Install URL Scan from Microsoft for your IIS. However, be carefull with this one if your using SSL encryption. 4. Obtain a SSL certificate from Verisign if you haven't done so already and setup SSL option on the virtual server (/exchange) -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 3:55 PM To: Exchange Discussions Subject: RE: Allowing internal SMTP but not external I'm wondering if you could give them an invalid SMTP address, that wouldn't route externally. [EMAIL PROTECTED] or something. Works with Exchange 2000 but you didn't mention if you were using E2k or 5.5. > -Original Message- > From: Walden H. Leverich [mailto:[EMAIL PROTECTED]] > Posted At: Monday, December 17, 2001 03:41 PM > Posted To: MSExchange Mailing List > Conversation: Allowing internal SMTP but not external > Subject: Allowing internal SMTP but not external > > > OK, I think I know the answer to this, but I told a customer I'd ask. > > I have a customer that wants to limit users from receiving > email from the > internet. No problem, remove the SMTP address and they won't > be able to > send/receive SMTP mail. However, now they have a requirement > for these users > to receive SMTP mail from an internal machine (AS/400 sending > e-mail to > local users). Short of going to the SMTP proxy (Firewall-1) > and saying drop > messages for user1 and user2 and user3 etc. there is no way I > can see of > preventing external SMTP mail while allowing internal SMTP > mail. Did I miss > something? > > -Walden > > > Walden H Leverich III > President > Tech Software > (516)627-3800 x11 > [EMAIL PROTECTED] > http://www.TechSoftInc.com > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Allowing internal SMTP but not external
Interesting idea. I'm still able to send, but I (obviously?) can't receive from the outside and that may be good enough. BTW, I'm on EX5.5 Thanks, -Walden Walden H Leverich III President Tech Software (516)627-3800 x11 [EMAIL PROTECTED] http://www.TechSoftInc.com -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 16:55 To: Exchange Discussions Subject: RE: Allowing internal SMTP but not external I'm wondering if you could give them an invalid SMTP address, that wouldn't route externally. [EMAIL PROTECTED] or something. Works with Exchange 2000 but you didn't mention if you were using E2k or 5.5. > -Original Message- > From: Walden H. Leverich [mailto:[EMAIL PROTECTED]] Posted At: > Monday, December 17, 2001 03:41 PM Posted To: MSExchange Mailing List > Conversation: Allowing internal SMTP but not external > Subject: Allowing internal SMTP but not external > > > OK, I think I know the answer to this, but I told a customer I'd ask. > > I have a customer that wants to limit users from receiving > email from the > internet. No problem, remove the SMTP address and they won't > be able to > send/receive SMTP mail. However, now they have a requirement > for these users > to receive SMTP mail from an internal machine (AS/400 sending > e-mail to > local users). Short of going to the SMTP proxy (Firewall-1) > and saying drop > messages for user1 and user2 and user3 etc. there is no way I > can see of > preventing external SMTP mail while allowing internal SMTP > mail. Did I miss > something? > > -Walden > > > Walden H Leverich III > President > Tech Software > (516)627-3800 x11 > [EMAIL PROTECTED] > http://www.TechSoftInc.com > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Allowing internal SMTP but not external
Yes. Dunno about Exc 2k but you can enable the option that states "Allow mail from these recipients only!" -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 3:55 PM To: Exchange Discussions Subject: RE: Allowing internal SMTP but not external I'm wondering if you could give them an invalid SMTP address, that wouldn't route externally. [EMAIL PROTECTED] or something. Works with Exchange 2000 but you didn't mention if you were using E2k or 5.5. > -Original Message- > From: Walden H. Leverich [mailto:[EMAIL PROTECTED]] > Posted At: Monday, December 17, 2001 03:41 PM > Posted To: MSExchange Mailing List > Conversation: Allowing internal SMTP but not external > Subject: Allowing internal SMTP but not external > > > OK, I think I know the answer to this, but I told a customer I'd ask. > > I have a customer that wants to limit users from receiving > email from the > internet. No problem, remove the SMTP address and they won't > be able to > send/receive SMTP mail. However, now they have a requirement > for these users > to receive SMTP mail from an internal machine (AS/400 sending > e-mail to > local users). Short of going to the SMTP proxy (Firewall-1) > and saying drop > messages for user1 and user2 and user3 etc. there is no way I > can see of > preventing external SMTP mail while allowing internal SMTP > mail. Did I miss > something? > > -Walden > > > Walden H Leverich III > President > Tech Software > (516)627-3800 x11 > [EMAIL PROTECTED] > http://www.TechSoftInc.com > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Allowing internal SMTP but not external
I'm wondering if you could give them an invalid SMTP address, that wouldn't route externally. [EMAIL PROTECTED] or something. Works with Exchange 2000 but you didn't mention if you were using E2k or 5.5. > -Original Message- > From: Walden H. Leverich [mailto:[EMAIL PROTECTED]] > Posted At: Monday, December 17, 2001 03:41 PM > Posted To: MSExchange Mailing List > Conversation: Allowing internal SMTP but not external > Subject: Allowing internal SMTP but not external > > > OK, I think I know the answer to this, but I told a customer I'd ask. > > I have a customer that wants to limit users from receiving > email from the > internet. No problem, remove the SMTP address and they won't > be able to > send/receive SMTP mail. However, now they have a requirement > for these users > to receive SMTP mail from an internal machine (AS/400 sending > e-mail to > local users). Short of going to the SMTP proxy (Firewall-1) > and saying drop > messages for user1 and user2 and user3 etc. there is no way I > can see of > preventing external SMTP mail while allowing internal SMTP > mail. Did I miss > something? > > -Walden > > > Walden H Leverich III > President > Tech Software > (516)627-3800 x11 > [EMAIL PROTECTED] > http://www.TechSoftInc.com > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
