Open your newly created internal Receive connector my making right click on it and selecting properties
In order to allow Anonymous Authentication follow the steps in this order. On the Authentication Tab TLS is selected by default.
- Click Permissions and select “Exchange Servers” and click apply
- Now go back to Authentication and select “Externally Secured” this is where the magic starts
- I will explain in details why we selected this option and what happened in the background.
- Go back to Permissions Tab and select this time “Anonymous”
- If you don’t follow the order you will receive error, some controls aren’t valid.
You must set the value for the PermissionGroups to ExchangeServers when you set the AutMechanism parameter to a value of ExternalAuthoritative.
- You got this because you did not follow the order listed above.
- If you enable “Eternally Secured” you will be forced to use limited offer TLS with this connector,
- You can go back and mess with Permissions groups if you do have any requirements.
Step-1 ---------------> Permission Groups, Select Exchange Servers
Step-2 ---------------> Authentication Settings, Select Externally Secured
Step-3 ---------------> Permission Groups, Select Anonymous
Externally Secured meaning is, This Receive connector will lift off most of the restrictions, you are pretty much trusting the internal Servers, the relaying servers are “Trusted: therefore you will be adding the IP address of the relaying servers into here.
Here is list of permissions gets assigned to this connector
| Accept-Authoritative-Domain | MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Authoritative-Domain} |
| Bypass-Anti-Spam | MS Exchange\Externally Secured Servers {ms-Exch-Bypass-Anti-Spam} |
| Bypass-Message-Size-Limit | MS Exchange\Externally Secured Servers {ms-Exch-Bypass-Message-Size-Limit} |
| SMTP-Accept | MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Exch50} |
| Accept-Headers-Routing | MS Exchange\Externally Secured Servers {ms-Exch-Accept-Headers-Routing} |
| SMTP-Submit | MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Submit} |
| Accept-Any-Recipient | MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Any-Recipient} |
| Accept-Authentication-Flag | MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Authentication-Flag} |
| Accept-Any-Sender} | MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Any-Sender} |
See the Receive connectors
|
Get-ReceiveConnectors |
Add AD Permissions to this Receive Connector
| $ReceiveConnector = "E1\Internal_Relay-1" Get-ReceiveConnector "$ReceiveConnector" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient" |
Now let’s see the properties of this connector
| Get-ReceiveConnector -Identity "E1\Internal_Relay-1" | fl |
Now if you have applications will relay off this connector and they are defined with short names, you will need to add your SMTP domain name in this filed, otherwise the short name completion may fail with 501 5.1.3 Invalid address Short Name Rcpt SMTP address etc.
Basically the application server is passing valid from SMTP Address format on the relay submission and on the CC or BB it is passing short names such as casey.Dedeal
From: ApplicationRelay@smtp25.org
To: Casey.Dedeal
Bcc: Jon.Doe
To overcome with this issue allow applications to continue to use short names on the CC or BCC field use
| $ReceiveConnector = "E1\Internal_Relay-1" Set-Receiveconnector "$ReceiveConnector" -defaultdomain ZtekZone.com |
Now this connector will append default specified SMTP domain to short names when application is performing relay submission.
One less to worry , especially for applications who are written poorly. ( none full SMTP compliant)
If you like to see the AD Permissions on this connector
| $ReceiveConnector = "E1\Internal_Relay-1" Get-ReceiveConnector "$ReceiveConnector” | Get-ADPermission | where {$_.extendedrights –like “*Any-Recipient”} |
Lastly , use network sniffer and SMTP loggings options to further troubleshoot any SMTP submission failures on this connector.
Respectfully,
Oz Casey, Dedeal ( MVP north America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)
4 comments:
Stella exchange recovery software recovers all the exchange file data in to pst file. stella exchange recovery software recover all the mailbox items in to pst file. stella exchange recovery software support all the version of the edb file. stella exchange recovery software recover all the edb file data in to pst file. stella exchange recovery software recover all the unmounted edb file data in to pst file. stella exchange recovery software recover all the corrupted edb file data in to pst file. For more info visit this link https://www.stelladatarecovery.com/exchange-edb-recovery.html
The EDB repair Software repairs the lost data into PST, MSG, EML, and HTML. The EDB to PST Converter Software converts any type of faulted data. User can easily install the Enstella EDB to PST software on any windows version. It is the best and amazing too to recover and convert Exchange EDB data into PST.
Get Freeware to click here- https://www.enstella.com/edb-to-pst-conversion.html
Now it becomes possible with Vartika EDB to PST Outlook Tool to convert unlimited EDB files saved on the system to Outlook data file PST format at one time. You can easily generate single PST file for all EDB emails with the help of utility. On the other hand, the software will preserve all the Meta data properties such as To, Cc, date of creation, sender details and etc…
Get more info: - https://www.vartikasoftware.com/product/vs-edb-to-pst-converter-software.html
Edb to pst converter software convert all the edb file data in to pst file. stella edb to pst converter software convert all the edb mailbox items in to pst file. stella edb to pst converter software convert all the corrupted edb file data in to pst file. stella edb to pst converter software convert all the mailbox items in to pst file. edb to pst converter software convert unmounted edb file data in to pst file. for more info visit this link https://www.stelladatarecovery.com/exchange-edb-to-pst-converter.html
Post a Comment