SMTP/IMC Connector relay restrictions
Good morning to everyone: I've looked in the Connectivity guide and the archive of last years messages, but I still need some guidance on an issue that maybe, some of you have run into. My boss wants to limit the use of a site's IMC to just that site, but also wants to prevent users from relaying messages with forged headers through the IMC. Can this be done? We plan on setting the address scope to just the site and not using DNS to deliver mail, but have all mail go to a particular upline server for routing and delivery. We also want to allow only other Exchange servers to connect to this IMC, which can be done via the Routing Restrictions tab (there is only a few servers that would need to connect to this machine anyway). But here comes a kink, if a user needs to use a POP3/IMAP4 client, do all these security measures turn into mush? Discussion? John Matteson; Exchange Manager Geac Corporate Infrastructure Systems and Standards (404) 239 - 2981 My toys! My toys! I can't do this job without my toys! _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Re: SMTP/IMC Connector relay restrictions
If you're on 5.5 and using site connectors other servers won't connect to this box using SMTP anyway. There is a way to allow users to use this connector as a relay but there's no way to detect forged headers; once the user is authenticated and/or his IP is filtered he can send anything he wants. The scope will only matter for Exchange traffic and this comes back to whether you're using the MTA or the SMTP connectors for site connectivity. Within a site it is all RPC (again, talking 5.5). - Original Message - From: John Matteson [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Wednesday, January 30, 2002 10:05 AM Subject: SMTP/IMC Connector relay restrictions Good morning to everyone: I've looked in the Connectivity guide and the archive of last years messages, but I still need some guidance on an issue that maybe, some of you have run into. My boss wants to limit the use of a site's IMC to just that site, but also wants to prevent users from relaying messages with forged headers through the IMC. Can this be done? We plan on setting the address scope to just the site and not using DNS to deliver mail, but have all mail go to a particular upline server for routing and delivery. We also want to allow only other Exchange servers to connect to this IMC, which can be done via the Routing Restrictions tab (there is only a few servers that would need to connect to this machine anyway). But here comes a kink, if a user needs to use a POP3/IMAP4 client, do all these security measures turn into mush? Discussion? John Matteson; Exchange Manager Geac Corporate Infrastructure Systems and Standards (404) 239 - 2981 My toys! My toys! I can't do this job without my toys! _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: SMTP/IMC Connector relay restrictions
SMTP is the only protocol we use site to site, nary an X.400 or site connector in the whole ORG (well, maybe one or two, but none on machines that I worry about on a daily basis). Yep, it's all 5.5 (sorry for not putting that bit of trivia in). The site addressing tab only effects Exchange users, this is understood. What about users outside of Exchange? The little sendmail box sitting in some dusty corner that a die-hard *nix user won't give up. That would have to be taken care of on the connections tab - Accept connections , by only accepting Authenticated connections. Would the Clients can only submit if authentication account matches submission address box allow our infamous POP3/IMAP4 clients to submit mail (everyone that would be using the IMC to relay would be homed on this server, only one server in the site)? Sorry for asking so many admin 101 questions, but the documentation just isn't very definitive and I'm trying to get what's left of my pickled herring brain wrapped around this before starting on the hardware side of things. Planning, planning, planning. Thanks again. John Matteson; Exchange Manager Geac Corporate Infrastructure Systems and Standards (404) 239 - 2981 My toys! My toys! I can't do this job without my toys! -Original Message- From: Daniel Chenault [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 30, 2002 11:13 AM To: Exchange Discussions Subject: Re: SMTP/IMC Connector relay restrictions If you're on 5.5 and using site connectors other servers won't connect to this box using SMTP anyway. There is a way to allow users to use this connector as a relay but there's no way to detect forged headers; once the user is authenticated and/or his IP is filtered he can send anything he wants. The scope will only matter for Exchange traffic and this comes back to whether you're using the MTA or the SMTP connectors for site connectivity. Within a site it is all RPC (again, talking 5.5). - Original Message - From: John Matteson [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Wednesday, January 30, 2002 10:05 AM Subject: SMTP/IMC Connector relay restrictions Good morning to everyone: I've looked in the Connectivity guide and the archive of last years messages, but I still need some guidance on an issue that maybe, some of you have run into. My boss wants to limit the use of a site's IMC to just that site, but also wants to prevent users from relaying messages with forged headers through the IMC. Can this be done? We plan on setting the address scope to just the site and not using DNS to deliver mail, but have all mail go to a particular upline server for routing and delivery. We also want to allow only other Exchange servers to connect to this IMC, which can be done via the Routing Restrictions tab (there is only a few servers that would need to connect to this machine anyway). But here comes a kink, if a user needs to use a POP3/IMAP4 client, do all these security measures turn into mush? Discussion? John Matteson; Exchange Manager Geac Corporate Infrastructure Systems and Standards (404) 239 - 2981 My toys! My toys! I can't do this job without my toys! _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Re: SMTP/IMC Connector relay restrictions
Yes. Try it out yourself; setting up an OE client is trivial. - Original Message - From: John Matteson [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Wednesday, January 30, 2002 1:52 PM Subject: RE: SMTP/IMC Connector relay restrictions SMTP is the only protocol we use site to site, nary an X.400 or site connector in the whole ORG (well, maybe one or two, but none on machines that I worry about on a daily basis). Yep, it's all 5.5 (sorry for not putting that bit of trivia in). The site addressing tab only effects Exchange users, this is understood. What about users outside of Exchange? The little sendmail box sitting in some dusty corner that a die-hard *nix user won't give up. That would have to be taken care of on the connections tab - Accept connections , by only accepting Authenticated connections. Would the Clients can only submit if authentication account matches submission address box allow our infamous POP3/IMAP4 clients to submit mail (everyone that would be using the IMC to relay would be homed on this server, only one server in the site)? Sorry for asking so many admin 101 questions, but the documentation just isn't very definitive and I'm trying to get what's left of my pickled herring brain wrapped around this before starting on the hardware side of things. Planning, planning, planning. Thanks again. John Matteson; Exchange Manager Geac Corporate Infrastructure Systems and Standards (404) 239 - 2981 My toys! My toys! I can't do this job without my toys! -Original Message- From: Daniel Chenault [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 30, 2002 11:13 AM To: Exchange Discussions Subject: Re: SMTP/IMC Connector relay restrictions If you're on 5.5 and using site connectors other servers won't connect to this box using SMTP anyway. There is a way to allow users to use this connector as a relay but there's no way to detect forged headers; once the user is authenticated and/or his IP is filtered he can send anything he wants. The scope will only matter for Exchange traffic and this comes back to whether you're using the MTA or the SMTP connectors for site connectivity. Within a site it is all RPC (again, talking 5.5). - Original Message - From: John Matteson [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Wednesday, January 30, 2002 10:05 AM Subject: SMTP/IMC Connector relay restrictions Good morning to everyone: I've looked in the Connectivity guide and the archive of last years messages, but I still need some guidance on an issue that maybe, some of you have run into. My boss wants to limit the use of a site's IMC to just that site, but also wants to prevent users from relaying messages with forged headers through the IMC. Can this be done? We plan on setting the address scope to just the site and not using DNS to deliver mail, but have all mail go to a particular upline server for routing and delivery. We also want to allow only other Exchange servers to connect to this IMC, which can be done via the Routing Restrictions tab (there is only a few servers that would need to connect to this machine anyway). But here comes a kink, if a user needs to use a POP3/IMAP4 client, do all these security measures turn into mush? Discussion? John Matteson; Exchange Manager Geac Corporate Infrastructure Systems and Standards (404) 239 - 2981 My toys! My toys! I can't do this job without my toys! _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
IMAP and SMTP relay restrictions
Does anyone know a good way to allow IMAP access while restricting SMTP relay? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: IMAP and SMTP relay restrictions
Require authentication to relay. Ed Crowley MCSE+I MVP Tech Consultant Compaq Computer There are seldom good technological solutions to behavioral problems. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Bob Sent: Tuesday, January 15, 2002 3:43 PM To: Exchange Discussions Subject: IMAP and SMTP relay restrictions Does anyone know a good way to allow IMAP access while restricting SMTP relay? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Relay Restrictions
I have a problem that, hopefully, someone could help me out with. I have a app that provides customers with an online store that includes a form that they can fill out to order product. This form fires off 2 emails, one to our internal people to let them know a new order as been placed and the other email is a confirmation sent to the user to acknowledge receipt of their order. The app uses Miva script (similar to XML) to create the email and it runs on a server in our network. The problem is our mail server (Exchange 5.5 SP4) is not allowing the acknowledgment to be delivered because relaying is prohibited. So the original mail (internal) gets delivered fine but the mail that gets sent externally (to the users email) never gets sent. When I review the logs I see: RCPT TO: [EMAIL PROTECTED] 550 Relaying is prohibited I have gone to the routing restrictions enabled the hosts and clients w/ these ip addresses and entered the IP address and mask of the system generating the emails as outlined in KB q196626 but the error is the same. I've reviewed q259531 on how to configure smtp relay for domains but I don't believe it is applicable to my case. Is there someway around this? If anyone has any suggestions I'd appreciate it. Thanks, Mark _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Relay Restrictions
Did you restart the IMC service? and Is the system attempting to send the mail multihomed or have more than one ip address bound? Brian Murphy, MCSE, CCNA, CCA Director of Network Services Privacy Officer Carter Bloodcare (www.carterbloodcare.org) 817.412.5406 -Original Message- From: Ludwig, Mark [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 1:00 PM To: Exchange Discussions Subject: Relay Restrictions I have a problem that, hopefully, someone could help me out with. I have a app that provides customers with an online store that includes a form that they can fill out to order product. This form fires off 2 emails, one to our internal people to let them know a new order as been placed and the other email is a confirmation sent to the user to acknowledge receipt of their order. The app uses Miva script (similar to XML) to create the email and it runs on a server in our network. The problem is our mail server (Exchange 5.5 SP4) is not allowing the acknowledgment to be delivered because relaying is prohibited. So the original mail (internal) gets delivered fine but the mail that gets sent externally (to the users email) never gets sent. When I review the logs I see: RCPT TO: [EMAIL PROTECTED] 550 Relaying is prohibited I have gone to the routing restrictions enabled the hosts and clients w/ these ip addresses and entered the IP address and mask of the system generating the emails as outlined in KB q196626 but the error is the same. I've reviewed q259531 on how to configure smtp relay for domains but I don't believe it is applicable to my case. Is there someway around this? If anyone has any suggestions I'd appreciate it. Thanks, Mark _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Relay Restrictions
The IP address is the address of the internal server that is running the app: IP 192.206.170.200 SM 255.255.255.0 It IS a multihomed server I did restart the IMC service (several times by now...) Thanks -Original Message- From: Steve Johnston [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 2:28 PM To: Ludwig, Mark; [EMAIL PROTECTED] Subject: Re: Relay Restrictions Mark, What IP address and subnet mask are you specifying under Routing Restrictions? Steve [EMAIL PROTECTED] 01/10/02 01:59PM I have a problem that, hopefully, someone could help me out with. I have a app that provides customers with an online store that includes a form that they can fill out to order product. This form fires off 2 emails, one to our internal people to let them know a new order as been placed and the other email is a confirmation sent to the user to acknowledge receipt of their order. The app uses Miva script (similar to XML) to create the email and it runs on a server in our network. The problem is our mail server (Exchange 5.5 SP4) is not allowing the acknowledgment to be delivered because relaying is prohibited. So the original mail (internal) gets delivered fine but the mail that gets sent externally (to the users email) never gets sent. When I review the logs I see: RCPT TO: [EMAIL PROTECTED] 550 Relaying is prohibited I have gone to the routing restrictions enabled the hosts and clients w/ these ip addresses and entered the IP address and mask of the system generating the emails as outlined in KB q196626 but the error is the same. I've reviewed q259531 on how to configure smtp relay for domains but I don't believe it is applicable to my case. Is there someway around this? If anyone has any suggestions I'd appreciate it. Thanks, Mark _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Relay Restrictions
The Exch Server Webserver are separate The Webserver is a W2000 Server\IIS 5.0 IP settings are set to all unassigned Thanks for the suggestions I will look into trying the scenario's you've suggested. -Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 3:25 PM To: Exchange Discussions Subject: RE: Relay Restrictions I'm assuming (I do this alot) that the Exch 5.5 server is seperate from the webserver attempting to send mail. You probably have some type of SMTP component running on this box that relay's mail to the Exchange Server. If this component is SMTP service that comes with IIS 5.0 (or 4.0) then you probably have the IP settings set to All unassigned. Or, you could be sending all requests to your internal mail server? In the first scenario I would suggest this: Is there anyway to configure your app to use different mail relays depending on the domain name. For example, you could modify your app to use the local relay (127.0.0.1) to send non-internal mail. Setup the local relay to use DNS for resolution type. Send all internal (your domain) to the internal address. If your sending all requests to the internal mail server you might try adding both IP addresses to the ACL list for routing then restart the IMC service. Murphy -Original Message- From: Ludwig, Mark [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 2:09 PM To: Exchange Discussions Subject: RE: Relay Restrictions The IP address is the address of the internal server that is running the app: IP 192.206.170.200 SM 255.255.255.0 It IS a multihomed server I did restart the IMC service (several times by now...) Thanks -Original Message- From: Steve Johnston [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 2:28 PM To: Ludwig, Mark; [EMAIL PROTECTED] Subject: Re: Relay Restrictions Mark, What IP address and subnet mask are you specifying under Routing Restrictions? Steve [EMAIL PROTECTED] 01/10/02 01:59PM I have a problem that, hopefully, someone could help me out with. I have a app that provides customers with an online store that includes a form that they can fill out to order product. This form fires off 2 emails, one to our internal people to let them know a new order as been placed and the other email is a confirmation sent to the user to acknowledge receipt of their order. The app uses Miva script (similar to XML) to create the email and it runs on a server in our network. The problem is our mail server (Exchange 5.5 SP4) is not allowing the acknowledgment to be delivered because relaying is prohibited. So the original mail (internal) gets delivered fine but the mail that gets sent externally (to the users email) never gets sent. When I review the logs I see: RCPT TO: [EMAIL PROTECTED] 550 Relaying is prohibited I have gone to the routing restrictions enabled the hosts and clients w/ these ip addresses and entered the IP address and mask of the system generating the emails as outlined in KB q196626 but the error is the same. I've reviewed q259531 on how to configure smtp relay for domains but I don't believe it is applicable to my case. Is there someway around this? If anyone has any suggestions I'd appreciate it. Thanks, Mark _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Relay Restrictions
Mark, When you add this IP address to the relay restriction tab, make sure to use the subnet mask of 255.255.255.255. Lynne -Original Message- From: Ludwig, Mark [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 1:09 PM To: Exchange Discussions Subject: RE: Relay Restrictions The IP address is the address of the internal server that is running the app: IP 192.206.170.200 SM 255.255.255.0 It IS a multihomed server I did restart the IMC service (several times by now...) Thanks -Original Message- From: Steve Johnston [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 2:28 PM To: Ludwig, Mark; [EMAIL PROTECTED] Subject: Re: Relay Restrictions Mark, What IP address and subnet mask are you specifying under Routing Restrictions? Steve [EMAIL PROTECTED] 01/10/02 01:59PM I have a problem that, hopefully, someone could help me out with. I have a app that provides customers with an online store that includes a form that they can fill out to order product. This form fires off 2 emails, one to our internal people to let them know a new order as been placed and the other email is a confirmation sent to the user to acknowledge receipt of their order. The app uses Miva script (similar to XML) to create the email and it runs on a server in our network. The problem is our mail server (Exchange 5.5 SP4) is not allowing the acknowledgment to be delivered because relaying is prohibited. So the original mail (internal) gets delivered fine but the mail that gets sent externally (to the users email) never gets sent. When I review the logs I see: RCPT TO: [EMAIL PROTECTED] 550 Relaying is prohibited I have gone to the routing restrictions enabled the hosts and clients w/ these ip addresses and entered the IP address and mask of the system generating the emails as outlined in KB q196626 but the error is the same. I've reviewed q259531 on how to configure smtp relay for domains but I don't believe it is applicable to my case. Is there someway around this? If anyone has any suggestions I'd appreciate it. Thanks, Mark _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Relay Restrictions
Thanks to all that replied. This looks like the fix as it is working now for me when I test it. My customer I've been working with is gone until tomorrow but I feel pretty confidant that it's fixed. Thanks again, Mark -Original Message- From: Steve Johnston [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 3:53 PM To: Ludwig, Mark; [EMAIL PROTECTED] Subject: RE: Relay Restrictions Mark, Don't over-complicate this. You almost had it before. Just change the mask to 255.255.255.255 and you'll be OK. Steve [EMAIL PROTECTED] 01/10/02 03:40PM The Exch Server Webserver are separate The Webserver is a W2000 Server\IIS 5.0 IP settings are set to all unassigned Thanks for the suggestions I will look into trying the scenario's you've suggested. -Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 3:25 PM To: Exchange Discussions Subject: RE: Relay Restrictions I'm assuming (I do this alot) that the Exch 5.5 server is seperate from the webserver attempting to send mail. You probably have some type of SMTP component running on this box that relay's mail to the Exchange Server. If this component is SMTP service that comes with IIS 5.0 (or 4.0) then you probably have the IP settings set to All unassigned. Or, you could be sending all requests to your internal mail server? In the first scenario I would suggest this: Is there anyway to configure your app to use different mail relays depending on the domain name. For example, you could modify your app to use the local relay (127.0.0.1) to send non-internal mail. Setup the local relay to use DNS for resolution type. Send all internal (your domain) to the internal address. If your sending all requests to the internal mail server you might try adding both IP addresses to the ACL list for routing then restart the IMC service. Murphy -Original Message- From: Ludwig, Mark [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 2:09 PM To: Exchange Discussions Subject: RE: Relay Restrictions The IP address is the address of the internal server that is running the app: IP 192.206.170.200 SM 255.255.255.0 It IS a multihomed server I did restart the IMC service (several times by now...) Thanks -Original Message- From: Steve Johnston [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 2:28 PM To: Ludwig, Mark; [EMAIL PROTECTED] Subject: Re: Relay Restrictions Mark, What IP address and subnet mask are you specifying under Routing Restrictions? Steve [EMAIL PROTECTED] 01/10/02 01:59PM I have a problem that, hopefully, someone could help me out with. I have a app that provides customers with an online store that includes a form that they can fill out to order product. This form fires off 2 emails, one to our internal people to let them know a new order as been placed and the other email is a confirmation sent to the user to acknowledge receipt of their order. The app uses Miva script (similar to XML) to create the email and it runs on a server in our network. The problem is our mail server (Exchange 5.5 SP4) is not allowing the acknowledgment to be delivered because relaying is prohibited. So the original mail (internal) gets delivered fine but the mail that gets sent externally (to the users email) never gets sent. When I review the logs I see: RCPT TO: [EMAIL PROTECTED] 550 Relaying is prohibited I have gone to the routing restrictions enabled the hosts and clients w/ these ip addresses and entered the IP address and mask of the system generating the emails as outlined in KB q196626 but the error is the same. I've reviewed q259531 on how to configure smtp relay for domains but I don't believe it is applicable to my case. Is there someway around this? If anyone has any suggestions I'd appreciate it. Thanks, Mark _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL
RE: Relay Restrictions
Good eye Mark.. I missed the incomplete subnet mask. :( -Original Message- From: Ludwig, Mark [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 3:44 PM To: Exchange Discussions Subject: RE: Relay Restrictions Thanks to all that replied. This looks like the fix as it is working now for me when I test it. My customer I've been working with is gone until tomorrow but I feel pretty confidant that it's fixed. Thanks again, Mark -Original Message- From: Steve Johnston [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 3:53 PM To: Ludwig, Mark; [EMAIL PROTECTED] Subject: RE: Relay Restrictions Mark, Don't over-complicate this. You almost had it before. Just change the mask to 255.255.255.255 and you'll be OK. Steve [EMAIL PROTECTED] 01/10/02 03:40PM The Exch Server Webserver are separate The Webserver is a W2000 Server\IIS 5.0 IP settings are set to all unassigned Thanks for the suggestions I will look into trying the scenario's you've suggested. -Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 3:25 PM To: Exchange Discussions Subject: RE: Relay Restrictions I'm assuming (I do this alot) that the Exch 5.5 server is seperate from the webserver attempting to send mail. You probably have some type of SMTP component running on this box that relay's mail to the Exchange Server. If this component is SMTP service that comes with IIS 5.0 (or 4.0) then you probably have the IP settings set to All unassigned. Or, you could be sending all requests to your internal mail server? In the first scenario I would suggest this: Is there anyway to configure your app to use different mail relays depending on the domain name. For example, you could modify your app to use the local relay (127.0.0.1) to send non-internal mail. Setup the local relay to use DNS for resolution type. Send all internal (your domain) to the internal address. If your sending all requests to the internal mail server you might try adding both IP addresses to the ACL list for routing then restart the IMC service. Murphy -Original Message- From: Ludwig, Mark [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 2:09 PM To: Exchange Discussions Subject: RE: Relay Restrictions The IP address is the address of the internal server that is running the app: IP 192.206.170.200 SM 255.255.255.0 It IS a multihomed server I did restart the IMC service (several times by now...) Thanks -Original Message- From: Steve Johnston [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 2:28 PM To: Ludwig, Mark; [EMAIL PROTECTED] Subject: Re: Relay Restrictions Mark, What IP address and subnet mask are you specifying under Routing Restrictions? Steve [EMAIL PROTECTED] 01/10/02 01:59PM I have a problem that, hopefully, someone could help me out with. I have a app that provides customers with an online store that includes a form that they can fill out to order product. This form fires off 2 emails, one to our internal people to let them know a new order as been placed and the other email is a confirmation sent to the user to acknowledge receipt of their order. The app uses Miva script (similar to XML) to create the email and it runs on a server in our network. The problem is our mail server (Exchange 5.5 SP4) is not allowing the acknowledgment to be delivered because relaying is prohibited. So the original mail (internal) gets delivered fine but the mail that gets sent externally (to the users email) never gets sent. When I review the logs I see: RCPT TO: [EMAIL PROTECTED] 550 Relaying is prohibited I have gone to the routing restrictions enabled the hosts and clients w/ these ip addresses and entered the IP address and mask of the system generating the emails as outlined in KB q196626 but the error is the same. I've reviewed q259531 on how to configure smtp relay for domains but I don't believe it is applicable to my case. Is there someway around this? If anyone has any suggestions I'd appreciate it. Thanks, Mark _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED
