Allow certain IP(s) to send almost any e-mail through Exchange 2010

exchange-2010 smtp
18,785

Yup, it's quite easy with a Receive Connector. I do this on Exchange 2010 at my organization, for example.

Server Configuration -> Hub Transport -> Receive Connectors -> New Receive Connector

Name it something like "Trusted IP's", leave the default "listen on all interfaces on port 25" rule, then finish the wizard with defaults.

Right-click on the resulting connector and set all (and only) the IP's you want to trust under "Receive mail from remote servers that have these IP addresses" under the Network tab.

Under authentication, click "Externally Secure (for example, with IPsec). This is the magic sauce, though it's not well-explained in the GUI. It means you flat-out trust these IP's to send good mail, no matter how spammy they appear.

Share:
18,785

Related videos on Youtube

hachi
Author by

hachi

I like JavaScript just for fun and rapid creation of code that is usable for me and can be usable for others. I also speak other programming languages ;-). As for me on Stacks - I ask hard questions, but I really appreciate even when someone gives me clues on how to get to the answer :-].

Updated on September 17, 2022

Comments

  • hachi
    hachi over 1 year

    We recently migrated form Exchange 2000 (yes I know...) to Exchange 2010 and went through the horror of configuring it. First of all we don't use ForeFront, sadly(?) we can't.

    Before I ask my question here is what we've already done:

    • We have configured the Organization -> HUB -> SendConnector to be scoped to disallow mailing through us (yet another stupid name for such important option).
    • We have installed Anti-SPAM futures (for HUB if that is relevant)
    • In Sender ID filter we have set the reject option (without this some spammer was still able to send stuff through our server somehow)
    • Content filtering is disabled (it filtered out more good things then bad)
    • We've also set Accepted domains to be only from our domain.

    So the question is if it is possible to set up filtering so it only works for certain IPs? Specifically to be able to send e-mails with "From" addresses outside of our domain (with Return-Path in our domain) and send e-mails without authorization from a certain IP. Effectively set an option like "we know this IP, we know it sends crap but it's our internal stuff".

  • hachi
    hachi over 13 years
    Great! It works fine. It's kinda strange that I cannot authenticate then, but it's not a big problem (just have two receivers - one with auth and one without).
  • hachi
    hachi over 13 years
    Unfortunately that didn't work after all... I can send e-mails with any Return-Path (which I don't want really), but I cannot send e-mails with From set from outside of my domain. It seems to fail do to the Sender ID reject rule.
  • hachi
    hachi over 13 years
    OK. Now it works - I just needed to add the IP to IP Allow list.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Create a blackhole mailbox in exchange 2010 and relay
Exchange 2010 periodically stops responding to SMTP events with error 421 4.4.1 Connection timed out
Enabling Basic Authentication on Exchange 2010 SP1
Exchange Server is rejecting message after "MAIL FROM" with "500 5.3.3" with tarpit despite being a Trusted Receiver
IMAP/POP won't send allow emails to outside with SBS 2011
Reverse DNS does not match SMTP banner vs Reverse DNS mismatch
Storing emails elsewhere when Exchange server goes down
Preventing email blasts with Exchange 2010 IP Throttling (or any other technology)
How to unassign self-signed cert from SMTP on Exchange 2010?
How to remove the SMTP address for a secondary domain from all Exchange mailboxes?