OK, I must be retarded or something...

OK, I must be retarded or something. I am having the hardest time setting up
POP3 mail for external users. When I do, eithe it halts all mail with no
immediate return messages or it only allows delivery from an internal user
to an internal user. I obviously do not want to have the relay open. That is
understood. Here are the latest sub-genius steps I have done with no avail.

Exchange 2003 over 2003 native\native AD domain

All done under properties of <Server>\SMTP:
1. Accesss tab, Authentication button. Anonymous unchecked, Basic
Authentication checked, and the default domain is listed correctly. Just for
testing I did not use TLS encryption. (is this absolutely necessary to make
it work?)

2. Click OK, then go to the Relay button. Click the radio button ON for "All
except the list below" and obviously radio button OFF for "Only the list
below".

3. Stop and restart SMTP service to make sure seetings take effect.

4. On the Outlook clients I set "Server requires Auth..." & "Use same
username and password..."

At this point no mail travels. What am I doing wrong. All of the other
settings are basically default, and there are no connnectors set up. Thanks
for your anticipated help because I am new to the whole Exchange and mail
server thing.



-Harry Bates



0
Harry
6/20/2005 2:54:18 PM
exchange.admin 57650 articles. 2 followers. Follow

9 Replies
735 Views

Similar Articles

[PageSpeed] 56

1.  You can't disable anonymous authentication, as that is what all other 
mail servers will use to send mail to your server.  This would result in all 
inbound mail being halted, as you experienced.  Requiring TLS will result in 
the same experience of inbound mail being halted.

2.  For POP3 clients (that relay via SMTP), you should leave the relay 
defaults enabled, which are "Only the list below", and "allow computer that 
authenticate" check box checked.  This allows clients that authenticate to 
send via your server without opening relaying to anyone.  If you want 
additional security, you can try enabling Windows Authentication on the SMTP 
server, and then setting the Outlook clients to use Secure Password 
Authentication (SPA).  You can also set up SSL on the POP3 virtual server 
and the SMTP Virtual Server, but you won't want to require SSL on the SMTP 
VS unless you create a separate one specifically for your POP3 clients.

-- 
Ben Winzenz
Exchange MVP
MessageOne


"Harry Bates" <None> wrote in message 
news:OlrmwfadFHA.1292@tk2msftngp13.phx.gbl...
> OK, I must be retarded or something. I am having the hardest time setting 
> up
> POP3 mail for external users. When I do, eithe it halts all mail with no
> immediate return messages or it only allows delivery from an internal user
> to an internal user. I obviously do not want to have the relay open. That 
> is
> understood. Here are the latest sub-genius steps I have done with no 
> avail.
>
> Exchange 2003 over 2003 native\native AD domain
>
> All done under properties of <Server>\SMTP:
> 1. Accesss tab, Authentication button. Anonymous unchecked, Basic
> Authentication checked, and the default domain is listed correctly. Just 
> for
> testing I did not use TLS encryption. (is this absolutely necessary to 
> make
> it work?)
>
> 2. Click OK, then go to the Relay button. Click the radio button ON for 
> "All
> except the list below" and obviously radio button OFF for "Only the list
> below".
>
> 3. Stop and restart SMTP service to make sure seetings take effect.
>
> 4. On the Outlook clients I set "Server requires Auth..." & "Use same
> username and password..."
>
> At this point no mail travels. What am I doing wrong. All of the other
> settings are basically default, and there are no connnectors set up. 
> Thanks
> for your anticipated help because I am new to the whole Exchange and mail
> server thing.
>
>
>
> -Harry Bates
>
>
> 


0
Ben
6/20/2005 4:23:13 PM
Thanks for your help so far Ben. Here is what I have now in my settings now
that I read your post:

In Exchange Manager:

[Access] Tab

[Authentication] Button:

Anonymous=checked
Basic=unchecked
Integrated Windows Authentication=checked

[Relay] Button:
Only the list below=checked
Allow all computers that successfully authenticate...=checked

No other changes have been made. Do I need to do something under the
[Delivery] tab?

Stop and start SMTP. Do I need to stop and restart any other services?

In Outlook I enabled SPA checkbox, and did a "Test Account Settings" that
came back with a dialog asking for username, password, & domain (not just
username and password).
I put in internal domain (fqdn) user and password, but it kept popping up. I
finally clicked [Cancel] and it returned an error message in Outlook
stating: "The POP3 email account you created does not support SPA..."

Do I need to do something with POP3 Virtual Server?

That you in advance for your help.

-Harry










"Ben Winzenz [Exchange MVP]" <ben_winzenz@NOSPAMdotmessageonedotcom> wrote
in message news:eBlYcRbdFHA.384@TK2MSFTNGP10.phx.gbl...
> 1.  You can't disable anonymous authentication, as that is what all other
> mail servers will use to send mail to your server.  This would result in
all
> inbound mail being halted, as you experienced.  Requiring TLS will result
in
> the same experience of inbound mail being halted.
>
> 2.  For POP3 clients (that relay via SMTP), you should leave the relay
> defaults enabled, which are "Only the list below", and "allow computer
that
> authenticate" check box checked.  This allows clients that authenticate to
> send via your server without opening relaying to anyone.  If you want
> additional security, you can try enabling Windows Authentication on the
SMTP
> server, and then setting the Outlook clients to use Secure Password
> Authentication (SPA).  You can also set up SSL on the POP3 virtual server
> and the SMTP Virtual Server, but you won't want to require SSL on the SMTP
> VS unless you create a separate one specifically for your POP3 clients.
>
> -- 
> Ben Winzenz
> Exchange MVP
> MessageOne
>
>
> "Harry Bates" <None> wrote in message
> news:OlrmwfadFHA.1292@tk2msftngp13.phx.gbl...
> > OK, I must be retarded or something. I am having the hardest time
setting
> > up
> > POP3 mail for external users. When I do, eithe it halts all mail with no
> > immediate return messages or it only allows delivery from an internal
user
> > to an internal user. I obviously do not want to have the relay open.
That
> > is
> > understood. Here are the latest sub-genius steps I have done with no
> > avail.
> >
> > Exchange 2003 over 2003 native\native AD domain
> >
> > All done under properties of <Server>\SMTP:
> > 1. Accesss tab, Authentication button. Anonymous unchecked, Basic
> > Authentication checked, and the default domain is listed correctly. Just
> > for
> > testing I did not use TLS encryption. (is this absolutely necessary to
> > make
> > it work?)
> >
> > 2. Click OK, then go to the Relay button. Click the radio button ON for
> > "All
> > except the list below" and obviously radio button OFF for "Only the list
> > below".
> >
> > 3. Stop and restart SMTP service to make sure seetings take effect.
> >
> > 4. On the Outlook clients I set "Server requires Auth..." & "Use same
> > username and password..."
> >
> > At this point no mail travels. What am I doing wrong. All of the other
> > settings are basically default, and there are no connnectors set up.
> > Thanks
> > for your anticipated help because I am new to the whole Exchange and
mail
> > server thing.
> >
> >
> >
> > -Harry Bates
> >
> >
> >
>
>


0
Harry
6/20/2005 7:27:02 PM
Some firewalls will not support passing NTLM (Integrated Windows Auth).  If 
this is the case, you'll have to revert back to Basic, and optionally set up 
SSL.

-- 
Ben Winzenz
Exchange MVP
MessageOne


"Harry Bates" <None> wrote in message 
news:%23ycWK4cdFHA.2688@TK2MSFTNGP14.phx.gbl...
> Thanks for your help so far Ben. Here is what I have now in my settings 
> now
> that I read your post:
>
> In Exchange Manager:
>
> [Access] Tab
>
> [Authentication] Button:
>
> Anonymous=checked
> Basic=unchecked
> Integrated Windows Authentication=checked
>
> [Relay] Button:
> Only the list below=checked
> Allow all computers that successfully authenticate...=checked
>
> No other changes have been made. Do I need to do something under the
> [Delivery] tab?
>
> Stop and start SMTP. Do I need to stop and restart any other services?
>
> In Outlook I enabled SPA checkbox, and did a "Test Account Settings" that
> came back with a dialog asking for username, password, & domain (not just
> username and password).
> I put in internal domain (fqdn) user and password, but it kept popping up. 
> I
> finally clicked [Cancel] and it returned an error message in Outlook
> stating: "The POP3 email account you created does not support SPA..."
>
> Do I need to do something with POP3 Virtual Server?
>
> That you in advance for your help.
>
> -Harry
>
>
>
>
>
>
>
>
>
>
> "Ben Winzenz [Exchange MVP]" <ben_winzenz@NOSPAMdotmessageonedotcom> wrote
> in message news:eBlYcRbdFHA.384@TK2MSFTNGP10.phx.gbl...
>> 1.  You can't disable anonymous authentication, as that is what all other
>> mail servers will use to send mail to your server.  This would result in
> all
>> inbound mail being halted, as you experienced.  Requiring TLS will result
> in
>> the same experience of inbound mail being halted.
>>
>> 2.  For POP3 clients (that relay via SMTP), you should leave the relay
>> defaults enabled, which are "Only the list below", and "allow computer
> that
>> authenticate" check box checked.  This allows clients that authenticate 
>> to
>> send via your server without opening relaying to anyone.  If you want
>> additional security, you can try enabling Windows Authentication on the
> SMTP
>> server, and then setting the Outlook clients to use Secure Password
>> Authentication (SPA).  You can also set up SSL on the POP3 virtual server
>> and the SMTP Virtual Server, but you won't want to require SSL on the 
>> SMTP
>> VS unless you create a separate one specifically for your POP3 clients.
>>
>> -- 
>> Ben Winzenz
>> Exchange MVP
>> MessageOne
>>
>>
>> "Harry Bates" <None> wrote in message
>> news:OlrmwfadFHA.1292@tk2msftngp13.phx.gbl...
>> > OK, I must be retarded or something. I am having the hardest time
> setting
>> > up
>> > POP3 mail for external users. When I do, eithe it halts all mail with 
>> > no
>> > immediate return messages or it only allows delivery from an internal
> user
>> > to an internal user. I obviously do not want to have the relay open.
> That
>> > is
>> > understood. Here are the latest sub-genius steps I have done with no
>> > avail.
>> >
>> > Exchange 2003 over 2003 native\native AD domain
>> >
>> > All done under properties of <Server>\SMTP:
>> > 1. Accesss tab, Authentication button. Anonymous unchecked, Basic
>> > Authentication checked, and the default domain is listed correctly. 
>> > Just
>> > for
>> > testing I did not use TLS encryption. (is this absolutely necessary to
>> > make
>> > it work?)
>> >
>> > 2. Click OK, then go to the Relay button. Click the radio button ON for
>> > "All
>> > except the list below" and obviously radio button OFF for "Only the 
>> > list
>> > below".
>> >
>> > 3. Stop and restart SMTP service to make sure seetings take effect.
>> >
>> > 4. On the Outlook clients I set "Server requires Auth..." & "Use same
>> > username and password..."
>> >
>> > At this point no mail travels. What am I doing wrong. All of the other
>> > settings are basically default, and there are no connnectors set up.
>> > Thanks
>> > for your anticipated help because I am new to the whole Exchange and
> mail
>> > server thing.
>> >
>> >
>> >
>> > -Harry Bates
>> >
>> >
>> >
>>
>>
>
> 


0
Ben
6/20/2005 7:52:18 PM
OK looks like I have it part of the way working. I turned off SPA on the
main Outlook setup page and enabled it only on the "My SMTP server requires
me to log on..." I put in my username and password in there separately and
it worked sending and recieving. Now, how do I get it to work on the POP3
access side so that I can just have SPA checked on the main page and on the
"More Settings\Outgoing Server" section of Outlook, make it "Use the same
settings as my incoming mail server..."?

Thank you so much in advance,

-Harry


"Harry Bates" <None> wrote in message
news:%23ycWK4cdFHA.2688@TK2MSFTNGP14.phx.gbl...
> Thanks for your help so far Ben. Here is what I have now in my settings
now
> that I read your post:
>
> In Exchange Manager:
>
> [Access] Tab
>
> [Authentication] Button:
>
> Anonymous=checked
> Basic=unchecked
> Integrated Windows Authentication=checked
>
> [Relay] Button:
> Only the list below=checked
> Allow all computers that successfully authenticate...=checked
>
> No other changes have been made. Do I need to do something under the
> [Delivery] tab?
>
> Stop and start SMTP. Do I need to stop and restart any other services?
>
> In Outlook I enabled SPA checkbox, and did a "Test Account Settings" that
> came back with a dialog asking for username, password, & domain (not just
> username and password).
> I put in internal domain (fqdn) user and password, but it kept popping up.
I
> finally clicked [Cancel] and it returned an error message in Outlook
> stating: "The POP3 email account you created does not support SPA..."
>
> Do I need to do something with POP3 Virtual Server?
>
> That you in advance for your help.
>
> -Harry
>
>
>
>
>
>
>
>
>
>
> "Ben Winzenz [Exchange MVP]" <ben_winzenz@NOSPAMdotmessageonedotcom> wrote
> in message news:eBlYcRbdFHA.384@TK2MSFTNGP10.phx.gbl...
> > 1.  You can't disable anonymous authentication, as that is what all
other
> > mail servers will use to send mail to your server.  This would result in

> all
> > inbound mail being halted, as you experienced.  Requiring TLS will
result
> in
> > the same experience of inbound mail being halted.
> >
> > 2.  For POP3 clients (that relay via SMTP), you should leave the relay
> > defaults enabled, which are "Only the list below", and "allow computer
> that
> > authenticate" check box checked.  This allows clients that authenticate
to
> > send via your server without opening relaying to anyone.  If you want
> > additional security, you can try enabling Windows Authentication on the
> SMTP
> > server, and then setting the Outlook clients to use Secure Password
> > Authentication (SPA).  You can also set up SSL on the POP3 virtual
server
> > and the SMTP Virtual Server, but you won't want to require SSL on the
SMTP
> > VS unless you create a separate one specifically for your POP3 clients.
> >
> > -- 
> > Ben Winzenz
> > Exchange MVP
> > MessageOne
> >
> >
> > "Harry Bates" <None> wrote in message
> > news:OlrmwfadFHA.1292@tk2msftngp13.phx.gbl...
> > > OK, I must be retarded or something. I am having the hardest time
> setting
> > > up
> > > POP3 mail for external users. When I do, eithe it halts all mail with
no
> > > immediate return messages or it only allows delivery from an internal
> user
> > > to an internal user. I obviously do not want to have the relay open.
> That
> > > is
> > > understood. Here are the latest sub-genius steps I have done with no
> > > avail.
> > >
> > > Exchange 2003 over 2003 native\native AD domain
> > >
> > > All done under properties of <Server>\SMTP:
> > > 1. Accesss tab, Authentication button. Anonymous unchecked, Basic
> > > Authentication checked, and the default domain is listed correctly.
Just
> > > for
> > > testing I did not use TLS encryption. (is this absolutely necessary to
> > > make
> > > it work?)
> > >
> > > 2. Click OK, then go to the Relay button. Click the radio button ON
for
> > > "All
> > > except the list below" and obviously radio button OFF for "Only the
list
> > > below".
> > >
> > > 3. Stop and restart SMTP service to make sure seetings take effect.
> > >
> > > 4. On the Outlook clients I set "Server requires Auth..." & "Use same
> > > username and password..."
> > >
> > > At this point no mail travels. What am I doing wrong. All of the other
> > > settings are basically default, and there are no connnectors set up.
> > > Thanks
> > > for your anticipated help because I am new to the whole Exchange and
> mail
> > > server thing.
> > >
> > >
> > >
> > > -Harry Bates
> > >
> > >
> > >
> >
> >
>
>


0
Harry
6/20/2005 8:01:32 PM
Ah - I see.  Check the same settings on your POP3 Virtual Server.  Under 
POP3, I believe it is termed SASL (Simple Authentication and Security 
Layer).  If you Edit the SASL settings, you'll see NTLM listed.  Make sure 
that both layers there are checked (NTLM, and SASL).  See if that does it 
for you.

-- 
Ben Winzenz
Exchange MVP
MessageOne


"Harry Bates" <None> wrote in message 
news:u4B4bLddFHA.3040@TK2MSFTNGP14.phx.gbl...
> OK looks like I have it part of the way working. I turned off SPA on the
> main Outlook setup page and enabled it only on the "My SMTP server 
> requires
> me to log on..." I put in my username and password in there separately and
> it worked sending and recieving. Now, how do I get it to work on the POP3
> access side so that I can just have SPA checked on the main page and on 
> the
> "More Settings\Outgoing Server" section of Outlook, make it "Use the same
> settings as my incoming mail server..."?
>
> Thank you so much in advance,
>
> -Harry
>
>
> "Harry Bates" <None> wrote in message
> news:%23ycWK4cdFHA.2688@TK2MSFTNGP14.phx.gbl...
>> Thanks for your help so far Ben. Here is what I have now in my settings
> now
>> that I read your post:
>>
>> In Exchange Manager:
>>
>> [Access] Tab
>>
>> [Authentication] Button:
>>
>> Anonymous=checked
>> Basic=unchecked
>> Integrated Windows Authentication=checked
>>
>> [Relay] Button:
>> Only the list below=checked
>> Allow all computers that successfully authenticate...=checked
>>
>> No other changes have been made. Do I need to do something under the
>> [Delivery] tab?
>>
>> Stop and start SMTP. Do I need to stop and restart any other services?
>>
>> In Outlook I enabled SPA checkbox, and did a "Test Account Settings" that
>> came back with a dialog asking for username, password, & domain (not just
>> username and password).
>> I put in internal domain (fqdn) user and password, but it kept popping 
>> up.
> I
>> finally clicked [Cancel] and it returned an error message in Outlook
>> stating: "The POP3 email account you created does not support SPA..."
>>
>> Do I need to do something with POP3 Virtual Server?
>>
>> That you in advance for your help.
>>
>> -Harry
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> "Ben Winzenz [Exchange MVP]" <ben_winzenz@NOSPAMdotmessageonedotcom> 
>> wrote
>> in message news:eBlYcRbdFHA.384@TK2MSFTNGP10.phx.gbl...
>> > 1.  You can't disable anonymous authentication, as that is what all
> other
>> > mail servers will use to send mail to your server.  This would result 
>> > in
>
>> all
>> > inbound mail being halted, as you experienced.  Requiring TLS will
> result
>> in
>> > the same experience of inbound mail being halted.
>> >
>> > 2.  For POP3 clients (that relay via SMTP), you should leave the relay
>> > defaults enabled, which are "Only the list below", and "allow computer
>> that
>> > authenticate" check box checked.  This allows clients that authenticate
> to
>> > send via your server without opening relaying to anyone.  If you want
>> > additional security, you can try enabling Windows Authentication on the
>> SMTP
>> > server, and then setting the Outlook clients to use Secure Password
>> > Authentication (SPA).  You can also set up SSL on the POP3 virtual
> server
>> > and the SMTP Virtual Server, but you won't want to require SSL on the
> SMTP
>> > VS unless you create a separate one specifically for your POP3 clients.
>> >
>> > -- 
>> > Ben Winzenz
>> > Exchange MVP
>> > MessageOne
>> >
>> >
>> > "Harry Bates" <None> wrote in message
>> > news:OlrmwfadFHA.1292@tk2msftngp13.phx.gbl...
>> > > OK, I must be retarded or something. I am having the hardest time
>> setting
>> > > up
>> > > POP3 mail for external users. When I do, eithe it halts all mail with
> no
>> > > immediate return messages or it only allows delivery from an internal
>> user
>> > > to an internal user. I obviously do not want to have the relay open.
>> That
>> > > is
>> > > understood. Here are the latest sub-genius steps I have done with no
>> > > avail.
>> > >
>> > > Exchange 2003 over 2003 native\native AD domain
>> > >
>> > > All done under properties of <Server>\SMTP:
>> > > 1. Accesss tab, Authentication button. Anonymous unchecked, Basic
>> > > Authentication checked, and the default domain is listed correctly.
> Just
>> > > for
>> > > testing I did not use TLS encryption. (is this absolutely necessary 
>> > > to
>> > > make
>> > > it work?)
>> > >
>> > > 2. Click OK, then go to the Relay button. Click the radio button ON
> for
>> > > "All
>> > > except the list below" and obviously radio button OFF for "Only the
> list
>> > > below".
>> > >
>> > > 3. Stop and restart SMTP service to make sure seetings take effect.
>> > >
>> > > 4. On the Outlook clients I set "Server requires Auth..." & "Use same
>> > > username and password..."
>> > >
>> > > At this point no mail travels. What am I doing wrong. All of the 
>> > > other
>> > > settings are basically default, and there are no connnectors set up.
>> > > Thanks
>> > > for your anticipated help because I am new to the whole Exchange and
>> mail
>> > > server thing.
>> > >
>> > >
>> > >
>> > > -Harry Bates
>> > >
>> > >
>> > >
>> >
>> >
>>
>>
>
> 


0
Ben
6/20/2005 8:17:51 PM
Ok Ben, getting there. I wen into those properties and there are 2 check box
selections and 2 are checked "on" by default.

Basic Auth...=on
Simple Auth... =on

I turned off Basic Auth, restarted POP & SMTP virtual servers, then went
into Outlook to change the properties. This is where I was running into a
little problem.

I turned on "Log on using SPA" on the main page and left the SMTP part alone
that i finally got authenticating correctly. I do a TEST SETTINGS, and it
gets fine all the way up to "Log on to incoming mail server..." and it
constantly pops up a window that asks me for username, password and domain
name.

Internal fqdn is different than external, and username is different than
email address name. I tried using

username: username of internal domain
password: password
domain: internaldomain.local

The window keeps popping up.

I also tried the following:

username@internaldomain.local
and password with a blank domain name and still pops up.

Along with

internalnetbiosdomainname\username
password and leaving domain blank still pops up.

I believe I remember something about this being strange in the ngs. Is there
some other way I need to put in as login name\domain?


Much appreciated,
-Harry



"Ben Winzenz [Exchange MVP]" <ben_winzenz@NOSPAMdotmessageonedotcom> wrote
in message news:%23tEejUddFHA.796@TK2MSFTNGP09.phx.gbl...
> Ah - I see.  Check the same settings on your POP3 Virtual Server.  Under
> POP3, I believe it is termed SASL (Simple Authentication and Security
> Layer).  If you Edit the SASL settings, you'll see NTLM listed.  Make sure
> that both layers there are checked (NTLM, and SASL).  See if that does it
> for you.
>
> -- 
> Ben Winzenz
> Exchange MVP
> MessageOne
>
>
> "Harry Bates" <None> wrote in message
> news:u4B4bLddFHA.3040@TK2MSFTNGP14.phx.gbl...
> > OK looks like I have it part of the way working. I turned off SPA on the
> > main Outlook setup page and enabled it only on the "My SMTP server
> > requires
> > me to log on..." I put in my username and password in there separately
and
> > it worked sending and recieving. Now, how do I get it to work on the
POP3
> > access side so that I can just have SPA checked on the main page and on
> > the
> > "More Settings\Outgoing Server" section of Outlook, make it "Use the
same
> > settings as my incoming mail server..."?
> >
> > Thank you so much in advance,
> >
> > -Harry
> >
> >
> > "Harry Bates" <None> wrote in message
> > news:%23ycWK4cdFHA.2688@TK2MSFTNGP14.phx.gbl...
> >> Thanks for your help so far Ben. Here is what I have now in my settings
> > now
> >> that I read your post:
> >>
> >> In Exchange Manager:
> >>
> >> [Access] Tab
> >>
> >> [Authentication] Button:
> >>
> >> Anonymous=checked
> >> Basic=unchecked
> >> Integrated Windows Authentication=checked
> >>
> >> [Relay] Button:
> >> Only the list below=checked
> >> Allow all computers that successfully authenticate...=checked
> >>
> >> No other changes have been made. Do I need to do something under the
> >> [Delivery] tab?
> >>
> >> Stop and start SMTP. Do I need to stop and restart any other services?
> >>
> >> In Outlook I enabled SPA checkbox, and did a "Test Account Settings"
that
> >> came back with a dialog asking for username, password, & domain (not
just
> >> username and password).
> >> I put in internal domain (fqdn) user and password, but it kept popping
> >> up.
> > I
> >> finally clicked [Cancel] and it returned an error message in Outlook
> >> stating: "The POP3 email account you created does not support SPA..."
> >>
> >> Do I need to do something with POP3 Virtual Server?
> >>
> >> That you in advance for your help.
> >>
> >> -Harry
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> "Ben Winzenz [Exchange MVP]" <ben_winzenz@NOSPAMdotmessageonedotcom>
> >> wrote
> >> in message news:eBlYcRbdFHA.384@TK2MSFTNGP10.phx.gbl...
> >> > 1.  You can't disable anonymous authentication, as that is what all
> > other
> >> > mail servers will use to send mail to your server.  This would result
> >> > in
> >
> >> all
> >> > inbound mail being halted, as you experienced.  Requiring TLS will
> > result
> >> in
> >> > the same experience of inbound mail being halted.
> >> >
> >> > 2.  For POP3 clients (that relay via SMTP), you should leave the
relay
> >> > defaults enabled, which are "Only the list below", and "allow
computer
> >> that
> >> > authenticate" check box checked.  This allows clients that
authenticate
> > to
> >> > send via your server without opening relaying to anyone.  If you want
> >> > additional security, you can try enabling Windows Authentication on
the
> >> SMTP
> >> > server, and then setting the Outlook clients to use Secure Password
> >> > Authentication (SPA).  You can also set up SSL on the POP3 virtual
> > server
> >> > and the SMTP Virtual Server, but you won't want to require SSL on the
> > SMTP
> >> > VS unless you create a separate one specifically for your POP3
clients.
> >> >
> >> > -- 
> >> > Ben Winzenz
> >> > Exchange MVP
> >> > MessageOne
> >> >
> >> >
> >> > "Harry Bates" <None> wrote in message
> >> > news:OlrmwfadFHA.1292@tk2msftngp13.phx.gbl...
> >> > > OK, I must be retarded or something. I am having the hardest time
> >> setting
> >> > > up
> >> > > POP3 mail for external users. When I do, eithe it halts all mail
with
> > no
> >> > > immediate return messages or it only allows delivery from an
internal
> >> user
> >> > > to an internal user. I obviously do not want to have the relay
open.
> >> That
> >> > > is
> >> > > understood. Here are the latest sub-genius steps I have done with
no
> >> > > avail.
> >> > >
> >> > > Exchange 2003 over 2003 native\native AD domain
> >> > >
> >> > > All done under properties of <Server>\SMTP:
> >> > > 1. Accesss tab, Authentication button. Anonymous unchecked, Basic
> >> > > Authentication checked, and the default domain is listed correctly.
> > Just
> >> > > for
> >> > > testing I did not use TLS encryption. (is this absolutely necessary
> >> > > to
> >> > > make
> >> > > it work?)
> >> > >
> >> > > 2. Click OK, then go to the Relay button. Click the radio button ON
> > for
> >> > > "All
> >> > > except the list below" and obviously radio button OFF for "Only the
> > list
> >> > > below".
> >> > >
> >> > > 3. Stop and restart SMTP service to make sure seetings take effect.
> >> > >
> >> > > 4. On the Outlook clients I set "Server requires Auth..." & "Use
same
> >> > > username and password..."
> >> > >
> >> > > At this point no mail travels. What am I doing wrong. All of the
> >> > > other
> >> > > settings are basically default, and there are no connnectors set
up.
> >> > > Thanks
> >> > > for your anticipated help because I am new to the whole Exchange
and
> >> mail
> >> > > server thing.
> >> > >
> >> > >
> >> > >
> >> > > -Harry Bates
> >> > >
> >> > >
> >> > >
> >> >
> >> >
> >>
> >>
> >
> >
>
>


0
Harry
6/20/2005 8:39:20 PM
Not that I know of.  The dns domain names being different external vs. 
internal really shouldn't matter.  Authentication doesn't care about those. 
It just passes the credentials to the server you are trying to connect to. 
Does it work fine internally?

-- 
Ben Winzenz
Exchange MVP
MessageOne


"Harry Bates" <None> wrote in message 
news:%23L$MkgddFHA.3880@tk2msftngp13.phx.gbl...
> Ok Ben, getting there. I wen into those properties and there are 2 check 
> box
> selections and 2 are checked "on" by default.
>
> Basic Auth...=on
> Simple Auth... =on
>
> I turned off Basic Auth, restarted POP & SMTP virtual servers, then went
> into Outlook to change the properties. This is where I was running into a
> little problem.
>
> I turned on "Log on using SPA" on the main page and left the SMTP part 
> alone
> that i finally got authenticating correctly. I do a TEST SETTINGS, and it
> gets fine all the way up to "Log on to incoming mail server..." and it
> constantly pops up a window that asks me for username, password and domain
> name.
>
> Internal fqdn is different than external, and username is different than
> email address name. I tried using
>
> username: username of internal domain
> password: password
> domain: internaldomain.local
>
> The window keeps popping up.
>
> I also tried the following:
>
> username@internaldomain.local
> and password with a blank domain name and still pops up.
>
> Along with
>
> internalnetbiosdomainname\username
> password and leaving domain blank still pops up.
>
> I believe I remember something about this being strange in the ngs. Is 
> there
> some other way I need to put in as login name\domain?
>
>
> Much appreciated,
> -Harry
>
>
>
> "Ben Winzenz [Exchange MVP]" <ben_winzenz@NOSPAMdotmessageonedotcom> wrote
> in message news:%23tEejUddFHA.796@TK2MSFTNGP09.phx.gbl...
>> Ah - I see.  Check the same settings on your POP3 Virtual Server.  Under
>> POP3, I believe it is termed SASL (Simple Authentication and Security
>> Layer).  If you Edit the SASL settings, you'll see NTLM listed.  Make 
>> sure
>> that both layers there are checked (NTLM, and SASL).  See if that does it
>> for you.
>>
>> -- 
>> Ben Winzenz
>> Exchange MVP
>> MessageOne
>>
>>
>> "Harry Bates" <None> wrote in message
>> news:u4B4bLddFHA.3040@TK2MSFTNGP14.phx.gbl...
>> > OK looks like I have it part of the way working. I turned off SPA on 
>> > the
>> > main Outlook setup page and enabled it only on the "My SMTP server
>> > requires
>> > me to log on..." I put in my username and password in there separately
> and
>> > it worked sending and recieving. Now, how do I get it to work on the
> POP3
>> > access side so that I can just have SPA checked on the main page and on
>> > the
>> > "More Settings\Outgoing Server" section of Outlook, make it "Use the
> same
>> > settings as my incoming mail server..."?
>> >
>> > Thank you so much in advance,
>> >
>> > -Harry
>> >
>> >
>> > "Harry Bates" <None> wrote in message
>> > news:%23ycWK4cdFHA.2688@TK2MSFTNGP14.phx.gbl...
>> >> Thanks for your help so far Ben. Here is what I have now in my 
>> >> settings
>> > now
>> >> that I read your post:
>> >>
>> >> In Exchange Manager:
>> >>
>> >> [Access] Tab
>> >>
>> >> [Authentication] Button:
>> >>
>> >> Anonymous=checked
>> >> Basic=unchecked
>> >> Integrated Windows Authentication=checked
>> >>
>> >> [Relay] Button:
>> >> Only the list below=checked
>> >> Allow all computers that successfully authenticate...=checked
>> >>
>> >> No other changes have been made. Do I need to do something under the
>> >> [Delivery] tab?
>> >>
>> >> Stop and start SMTP. Do I need to stop and restart any other services?
>> >>
>> >> In Outlook I enabled SPA checkbox, and did a "Test Account Settings"
> that
>> >> came back with a dialog asking for username, password, & domain (not
> just
>> >> username and password).
>> >> I put in internal domain (fqdn) user and password, but it kept popping
>> >> up.
>> > I
>> >> finally clicked [Cancel] and it returned an error message in Outlook
>> >> stating: "The POP3 email account you created does not support SPA..."
>> >>
>> >> Do I need to do something with POP3 Virtual Server?
>> >>
>> >> That you in advance for your help.
>> >>
>> >> -Harry
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> "Ben Winzenz [Exchange MVP]" <ben_winzenz@NOSPAMdotmessageonedotcom>
>> >> wrote
>> >> in message news:eBlYcRbdFHA.384@TK2MSFTNGP10.phx.gbl...
>> >> > 1.  You can't disable anonymous authentication, as that is what all
>> > other
>> >> > mail servers will use to send mail to your server.  This would 
>> >> > result
>> >> > in
>> >
>> >> all
>> >> > inbound mail being halted, as you experienced.  Requiring TLS will
>> > result
>> >> in
>> >> > the same experience of inbound mail being halted.
>> >> >
>> >> > 2.  For POP3 clients (that relay via SMTP), you should leave the
> relay
>> >> > defaults enabled, which are "Only the list below", and "allow
> computer
>> >> that
>> >> > authenticate" check box checked.  This allows clients that
> authenticate
>> > to
>> >> > send via your server without opening relaying to anyone.  If you 
>> >> > want
>> >> > additional security, you can try enabling Windows Authentication on
> the
>> >> SMTP
>> >> > server, and then setting the Outlook clients to use Secure Password
>> >> > Authentication (SPA).  You can also set up SSL on the POP3 virtual
>> > server
>> >> > and the SMTP Virtual Server, but you won't want to require SSL on 
>> >> > the
>> > SMTP
>> >> > VS unless you create a separate one specifically for your POP3
> clients.
>> >> >
>> >> > -- 
>> >> > Ben Winzenz
>> >> > Exchange MVP
>> >> > MessageOne
>> >> >
>> >> >
>> >> > "Harry Bates" <None> wrote in message
>> >> > news:OlrmwfadFHA.1292@tk2msftngp13.phx.gbl...
>> >> > > OK, I must be retarded or something. I am having the hardest time
>> >> setting
>> >> > > up
>> >> > > POP3 mail for external users. When I do, eithe it halts all mail
> with
>> > no
>> >> > > immediate return messages or it only allows delivery from an
> internal
>> >> user
>> >> > > to an internal user. I obviously do not want to have the relay
> open.
>> >> That
>> >> > > is
>> >> > > understood. Here are the latest sub-genius steps I have done with
> no
>> >> > > avail.
>> >> > >
>> >> > > Exchange 2003 over 2003 native\native AD domain
>> >> > >
>> >> > > All done under properties of <Server>\SMTP:
>> >> > > 1. Accesss tab, Authentication button. Anonymous unchecked, Basic
>> >> > > Authentication checked, and the default domain is listed 
>> >> > > correctly.
>> > Just
>> >> > > for
>> >> > > testing I did not use TLS encryption. (is this absolutely 
>> >> > > necessary
>> >> > > to
>> >> > > make
>> >> > > it work?)
>> >> > >
>> >> > > 2. Click OK, then go to the Relay button. Click the radio button 
>> >> > > ON
>> > for
>> >> > > "All
>> >> > > except the list below" and obviously radio button OFF for "Only 
>> >> > > the
>> > list
>> >> > > below".
>> >> > >
>> >> > > 3. Stop and restart SMTP service to make sure seetings take 
>> >> > > effect.
>> >> > >
>> >> > > 4. On the Outlook clients I set "Server requires Auth..." & "Use
> same
>> >> > > username and password..."
>> >> > >
>> >> > > At this point no mail travels. What am I doing wrong. All of the
>> >> > > other
>> >> > > settings are basically default, and there are no connnectors set
> up.
>> >> > > Thanks
>> >> > > for your anticipated help because I am new to the whole Exchange
> and
>> >> mail
>> >> > > server thing.
>> >> > >
>> >> > >
>> >> > >
>> >> > > -Harry Bates
>> >> > >
>> >> > >
>> >> > >
>> >> >
>> >> >
>> >>
>> >>
>> >
>> >
>>
>>
>
> 


0
Ben
6/21/2005 4:39:58 PM
Hi Ben, Thanks for getting back to me again. Internally with Outlook Express
on the actual Exchange server itself I get the same thing. Even using the
internal addressing like server-mx1 instead of mail.domain.com for external
resolution. It still pops up with username, password & domain. I was
supposed to turn off "Basic authen...." on the POP server right?

Any ideas?

-H


"Ben Winzenz [Exchange MVP]" <ben_winzenz@NOSPAMdotmessageonedotcom> wrote
in message news:eVrDe$ndFHA.3012@tk2msftngp13.phx.gbl...
> Not that I know of.  The dns domain names being different external vs.
> internal really shouldn't matter.  Authentication doesn't care about
those.
> It just passes the credentials to the server you are trying to connect to.
> Does it work fine internally?
>
> -- 
> Ben Winzenz
> Exchange MVP
> MessageOne
>
>
> "Harry Bates" <None> wrote in message
> news:%23L$MkgddFHA.3880@tk2msftngp13.phx.gbl...
> > Ok Ben, getting there. I wen into those properties and there are 2 check
> > box
> > selections and 2 are checked "on" by default.
> >
> > Basic Auth...=on
> > Simple Auth... =on
> >
> > I turned off Basic Auth, restarted POP & SMTP virtual servers, then went
> > into Outlook to change the properties. This is where I was running into
a
> > little problem.
> >
> > I turned on "Log on using SPA" on the main page and left the SMTP part
> > alone
> > that i finally got authenticating correctly. I do a TEST SETTINGS, and
it
> > gets fine all the way up to "Log on to incoming mail server..." and it
> > constantly pops up a window that asks me for username, password and
domain
> > name.
> >
> > Internal fqdn is different than external, and username is different than
> > email address name. I tried using
> >
> > username: username of internal domain
> > password: password
> > domain: internaldomain.local
> >
> > The window keeps popping up.
> >
> > I also tried the following:
> >
> > username@internaldomain.local
> > and password with a blank domain name and still pops up.
> >
> > Along with
> >
> > internalnetbiosdomainname\username
> > password and leaving domain blank still pops up.
> >
> > I believe I remember something about this being strange in the ngs. Is
> > there
> > some other way I need to put in as login name\domain?
> >
> >
> > Much appreciated,
> > -Harry
> >
> >
> >
> > "Ben Winzenz [Exchange MVP]" <ben_winzenz@NOSPAMdotmessageonedotcom>
wrote
> > in message news:%23tEejUddFHA.796@TK2MSFTNGP09.phx.gbl...
> >> Ah - I see.  Check the same settings on your POP3 Virtual Server.
Under
> >> POP3, I believe it is termed SASL (Simple Authentication and Security
> >> Layer).  If you Edit the SASL settings, you'll see NTLM listed.  Make
> >> sure
> >> that both layers there are checked (NTLM, and SASL).  See if that does
it
> >> for you.
> >>
> >> -- 
> >> Ben Winzenz
> >> Exchange MVP
> >> MessageOne
> >>
> >>
> >> "Harry Bates" <None> wrote in message
> >> news:u4B4bLddFHA.3040@TK2MSFTNGP14.phx.gbl...
> >> > OK looks like I have it part of the way working. I turned off SPA on
> >> > the
> >> > main Outlook setup page and enabled it only on the "My SMTP server
> >> > requires
> >> > me to log on..." I put in my username and password in there
separately
> > and
> >> > it worked sending and recieving. Now, how do I get it to work on the
> > POP3
> >> > access side so that I can just have SPA checked on the main page and
on
> >> > the
> >> > "More Settings\Outgoing Server" section of Outlook, make it "Use the
> > same
> >> > settings as my incoming mail server..."?
> >> >
> >> > Thank you so much in advance,
> >> >
> >> > -Harry
> >> >
> >> >
> >> > "Harry Bates" <None> wrote in message
> >> > news:%23ycWK4cdFHA.2688@TK2MSFTNGP14.phx.gbl...
> >> >> Thanks for your help so far Ben. Here is what I have now in my
> >> >> settings
> >> > now
> >> >> that I read your post:
> >> >>
> >> >> In Exchange Manager:
> >> >>
> >> >> [Access] Tab
> >> >>
> >> >> [Authentication] Button:
> >> >>
> >> >> Anonymous=checked
> >> >> Basic=unchecked
> >> >> Integrated Windows Authentication=checked
> >> >>
> >> >> [Relay] Button:
> >> >> Only the list below=checked
> >> >> Allow all computers that successfully authenticate...=checked
> >> >>
> >> >> No other changes have been made. Do I need to do something under the
> >> >> [Delivery] tab?
> >> >>
> >> >> Stop and start SMTP. Do I need to stop and restart any other
services?
> >> >>
> >> >> In Outlook I enabled SPA checkbox, and did a "Test Account Settings"
> > that
> >> >> came back with a dialog asking for username, password, & domain (not
> > just
> >> >> username and password).
> >> >> I put in internal domain (fqdn) user and password, but it kept
popping
> >> >> up.
> >> > I
> >> >> finally clicked [Cancel] and it returned an error message in Outlook
> >> >> stating: "The POP3 email account you created does not support
SPA..."
> >> >>
> >> >> Do I need to do something with POP3 Virtual Server?
> >> >>
> >> >> That you in advance for your help.
> >> >>
> >> >> -Harry
> >> >>
> >> >>
> >> >>
> >> >>
> >> >>
> >> >>
> >> >>
> >> >>
> >> >>
> >> >>
> >> >> "Ben Winzenz [Exchange MVP]" <ben_winzenz@NOSPAMdotmessageonedotcom>
> >> >> wrote
> >> >> in message news:eBlYcRbdFHA.384@TK2MSFTNGP10.phx.gbl...
> >> >> > 1.  You can't disable anonymous authentication, as that is what
all
> >> > other
> >> >> > mail servers will use to send mail to your server.  This would
> >> >> > result
> >> >> > in
> >> >
> >> >> all
> >> >> > inbound mail being halted, as you experienced.  Requiring TLS will
> >> > result
> >> >> in
> >> >> > the same experience of inbound mail being halted.
> >> >> >
> >> >> > 2.  For POP3 clients (that relay via SMTP), you should leave the
> > relay
> >> >> > defaults enabled, which are "Only the list below", and "allow
> > computer
> >> >> that
> >> >> > authenticate" check box checked.  This allows clients that
> > authenticate
> >> > to
> >> >> > send via your server without opening relaying to anyone.  If you
> >> >> > want
> >> >> > additional security, you can try enabling Windows Authentication
on
> > the
> >> >> SMTP
> >> >> > server, and then setting the Outlook clients to use Secure
Password
> >> >> > Authentication (SPA).  You can also set up SSL on the POP3 virtual
> >> > server
> >> >> > and the SMTP Virtual Server, but you won't want to require SSL on
> >> >> > the
> >> > SMTP
> >> >> > VS unless you create a separate one specifically for your POP3
> > clients.
> >> >> >
> >> >> > -- 
> >> >> > Ben Winzenz
> >> >> > Exchange MVP
> >> >> > MessageOne
> >> >> >
> >> >> >
> >> >> > "Harry Bates" <None> wrote in message
> >> >> > news:OlrmwfadFHA.1292@tk2msftngp13.phx.gbl...
> >> >> > > OK, I must be retarded or something. I am having the hardest
time
> >> >> setting
> >> >> > > up
> >> >> > > POP3 mail for external users. When I do, eithe it halts all mail
> > with
> >> > no
> >> >> > > immediate return messages or it only allows delivery from an
> > internal
> >> >> user
> >> >> > > to an internal user. I obviously do not want to have the relay
> > open.
> >> >> That
> >> >> > > is
> >> >> > > understood. Here are the latest sub-genius steps I have done
with
> > no
> >> >> > > avail.
> >> >> > >
> >> >> > > Exchange 2003 over 2003 native\native AD domain
> >> >> > >
> >> >> > > All done under properties of <Server>\SMTP:
> >> >> > > 1. Accesss tab, Authentication button. Anonymous unchecked,
Basic
> >> >> > > Authentication checked, and the default domain is listed
> >> >> > > correctly.
> >> > Just
> >> >> > > for
> >> >> > > testing I did not use TLS encryption. (is this absolutely
> >> >> > > necessary
> >> >> > > to
> >> >> > > make
> >> >> > > it work?)
> >> >> > >
> >> >> > > 2. Click OK, then go to the Relay button. Click the radio button
> >> >> > > ON
> >> > for
> >> >> > > "All
> >> >> > > except the list below" and obviously radio button OFF for "Only
> >> >> > > the
> >> > list
> >> >> > > below".
> >> >> > >
> >> >> > > 3. Stop and restart SMTP service to make sure seetings take
> >> >> > > effect.
> >> >> > >
> >> >> > > 4. On the Outlook clients I set "Server requires Auth..." & "Use
> > same
> >> >> > > username and password..."
> >> >> > >
> >> >> > > At this point no mail travels. What am I doing wrong. All of the
> >> >> > > other
> >> >> > > settings are basically default, and there are no connnectors set
> > up.
> >> >> > > Thanks
> >> >> > > for your anticipated help because I am new to the whole Exchange
> > and
> >> >> mail
> >> >> > > server thing.
> >> >> > >
> >> >> > >
> >> >> > >
> >> >> > > -Harry Bates
> >> >> > >
> >> >> > >
> >> >> > >
> >> >> >
> >> >> >
> >> >>
> >> >>
> >> >
> >> >
> >>
> >>
> >
> >
>
>


0
Harry
6/21/2005 5:33:10 PM
If you're using SSL, then no, you would leave Basic enabled.  If you aren't 
using SSL, and want a higher level of security (NTLM/Windows Integrated), 
then you can uncheck Basic.  I don't have POP3 or IMAP users, so I can't 
(currently) test this setup.  If I get some time later this week, I can 
configure it in a test environment, though.

-- 
Ben Winzenz
Exchange MVP
MessageOne


"Harry Bates" <None> wrote in message 
news:eRWNMdodFHA.1504@TK2MSFTNGP15.phx.gbl...
> Hi Ben, Thanks for getting back to me again. Internally with Outlook 
> Express
> on the actual Exchange server itself I get the same thing. Even using the
> internal addressing like server-mx1 instead of mail.domain.com for 
> external
> resolution. It still pops up with username, password & domain. I was
> supposed to turn off "Basic authen...." on the POP server right?
>
> Any ideas?
>
> -H
>
>
> "Ben Winzenz [Exchange MVP]" <ben_winzenz@NOSPAMdotmessageonedotcom> wrote
> in message news:eVrDe$ndFHA.3012@tk2msftngp13.phx.gbl...
>> Not that I know of.  The dns domain names being different external vs.
>> internal really shouldn't matter.  Authentication doesn't care about
> those.
>> It just passes the credentials to the server you are trying to connect 
>> to.
>> Does it work fine internally?
>>
>> -- 
>> Ben Winzenz
>> Exchange MVP
>> MessageOne
>>
>>
>> "Harry Bates" <None> wrote in message
>> news:%23L$MkgddFHA.3880@tk2msftngp13.phx.gbl...
>> > Ok Ben, getting there. I wen into those properties and there are 2 
>> > check
>> > box
>> > selections and 2 are checked "on" by default.
>> >
>> > Basic Auth...=on
>> > Simple Auth... =on
>> >
>> > I turned off Basic Auth, restarted POP & SMTP virtual servers, then 
>> > went
>> > into Outlook to change the properties. This is where I was running into
> a
>> > little problem.
>> >
>> > I turned on "Log on using SPA" on the main page and left the SMTP part
>> > alone
>> > that i finally got authenticating correctly. I do a TEST SETTINGS, and
> it
>> > gets fine all the way up to "Log on to incoming mail server..." and it
>> > constantly pops up a window that asks me for username, password and
> domain
>> > name.
>> >
>> > Internal fqdn is different than external, and username is different 
>> > than
>> > email address name. I tried using
>> >
>> > username: username of internal domain
>> > password: password
>> > domain: internaldomain.local
>> >
>> > The window keeps popping up.
>> >
>> > I also tried the following:
>> >
>> > username@internaldomain.local
>> > and password with a blank domain name and still pops up.
>> >
>> > Along with
>> >
>> > internalnetbiosdomainname\username
>> > password and leaving domain blank still pops up.
>> >
>> > I believe I remember something about this being strange in the ngs. Is
>> > there
>> > some other way I need to put in as login name\domain?
>> >
>> >
>> > Much appreciated,
>> > -Harry
>> >
>> >
>> >
>> > "Ben Winzenz [Exchange MVP]" <ben_winzenz@NOSPAMdotmessageonedotcom>
> wrote
>> > in message news:%23tEejUddFHA.796@TK2MSFTNGP09.phx.gbl...
>> >> Ah - I see.  Check the same settings on your POP3 Virtual Server.
> Under
>> >> POP3, I believe it is termed SASL (Simple Authentication and Security
>> >> Layer).  If you Edit the SASL settings, you'll see NTLM listed.  Make
>> >> sure
>> >> that both layers there are checked (NTLM, and SASL).  See if that does
> it
>> >> for you.
>> >>
>> >> -- 
>> >> Ben Winzenz
>> >> Exchange MVP
>> >> MessageOne
>> >>
>> >>
>> >> "Harry Bates" <None> wrote in message
>> >> news:u4B4bLddFHA.3040@TK2MSFTNGP14.phx.gbl...
>> >> > OK looks like I have it part of the way working. I turned off SPA on
>> >> > the
>> >> > main Outlook setup page and enabled it only on the "My SMTP server
>> >> > requires
>> >> > me to log on..." I put in my username and password in there
> separately
>> > and
>> >> > it worked sending and recieving. Now, how do I get it to work on the
>> > POP3
>> >> > access side so that I can just have SPA checked on the main page and
> on
>> >> > the
>> >> > "More Settings\Outgoing Server" section of Outlook, make it "Use the
>> > same
>> >> > settings as my incoming mail server..."?
>> >> >
>> >> > Thank you so much in advance,
>> >> >
>> >> > -Harry
>> >> >
>> >> >
>> >> > "Harry Bates" <None> wrote in message
>> >> > news:%23ycWK4cdFHA.2688@TK2MSFTNGP14.phx.gbl...
>> >> >> Thanks for your help so far Ben. Here is what I have now in my
>> >> >> settings
>> >> > now
>> >> >> that I read your post:
>> >> >>
>> >> >> In Exchange Manager:
>> >> >>
>> >> >> [Access] Tab
>> >> >>
>> >> >> [Authentication] Button:
>> >> >>
>> >> >> Anonymous=checked
>> >> >> Basic=unchecked
>> >> >> Integrated Windows Authentication=checked
>> >> >>
>> >> >> [Relay] Button:
>> >> >> Only the list below=checked
>> >> >> Allow all computers that successfully authenticate...=checked
>> >> >>
>> >> >> No other changes have been made. Do I need to do something under 
>> >> >> the
>> >> >> [Delivery] tab?
>> >> >>
>> >> >> Stop and start SMTP. Do I need to stop and restart any other
> services?
>> >> >>
>> >> >> In Outlook I enabled SPA checkbox, and did a "Test Account 
>> >> >> Settings"
>> > that
>> >> >> came back with a dialog asking for username, password, & domain 
>> >> >> (not
>> > just
>> >> >> username and password).
>> >> >> I put in internal domain (fqdn) user and password, but it kept
> popping
>> >> >> up.
>> >> > I
>> >> >> finally clicked [Cancel] and it returned an error message in 
>> >> >> Outlook
>> >> >> stating: "The POP3 email account you created does not support
> SPA..."
>> >> >>
>> >> >> Do I need to do something with POP3 Virtual Server?
>> >> >>
>> >> >> That you in advance for your help.
>> >> >>
>> >> >> -Harry
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >> >> "Ben Winzenz [Exchange MVP]" 
>> >> >> <ben_winzenz@NOSPAMdotmessageonedotcom>
>> >> >> wrote
>> >> >> in message news:eBlYcRbdFHA.384@TK2MSFTNGP10.phx.gbl...
>> >> >> > 1.  You can't disable anonymous authentication, as that is what
> all
>> >> > other
>> >> >> > mail servers will use to send mail to your server.  This would
>> >> >> > result
>> >> >> > in
>> >> >
>> >> >> all
>> >> >> > inbound mail being halted, as you experienced.  Requiring TLS 
>> >> >> > will
>> >> > result
>> >> >> in
>> >> >> > the same experience of inbound mail being halted.
>> >> >> >
>> >> >> > 2.  For POP3 clients (that relay via SMTP), you should leave the
>> > relay
>> >> >> > defaults enabled, which are "Only the list below", and "allow
>> > computer
>> >> >> that
>> >> >> > authenticate" check box checked.  This allows clients that
>> > authenticate
>> >> > to
>> >> >> > send via your server without opening relaying to anyone.  If you
>> >> >> > want
>> >> >> > additional security, you can try enabling Windows Authentication
> on
>> > the
>> >> >> SMTP
>> >> >> > server, and then setting the Outlook clients to use Secure
> Password
>> >> >> > Authentication (SPA).  You can also set up SSL on the POP3 
>> >> >> > virtual
>> >> > server
>> >> >> > and the SMTP Virtual Server, but you won't want to require SSL on
>> >> >> > the
>> >> > SMTP
>> >> >> > VS unless you create a separate one specifically for your POP3
>> > clients.
>> >> >> >
>> >> >> > -- 
>> >> >> > Ben Winzenz
>> >> >> > Exchange MVP
>> >> >> > MessageOne
>> >> >> >
>> >> >> >
>> >> >> > "Harry Bates" <None> wrote in message
>> >> >> > news:OlrmwfadFHA.1292@tk2msftngp13.phx.gbl...
>> >> >> > > OK, I must be retarded or something. I am having the hardest
> time
>> >> >> setting
>> >> >> > > up
>> >> >> > > POP3 mail for external users. When I do, eithe it halts all 
>> >> >> > > mail
>> > with
>> >> > no
>> >> >> > > immediate return messages or it only allows delivery from an
>> > internal
>> >> >> user
>> >> >> > > to an internal user. I obviously do not want to have the relay
>> > open.
>> >> >> That
>> >> >> > > is
>> >> >> > > understood. Here are the latest sub-genius steps I have done
> with
>> > no
>> >> >> > > avail.
>> >> >> > >
>> >> >> > > Exchange 2003 over 2003 native\native AD domain
>> >> >> > >
>> >> >> > > All done under properties of <Server>\SMTP:
>> >> >> > > 1. Accesss tab, Authentication button. Anonymous unchecked,
> Basic
>> >> >> > > Authentication checked, and the default domain is listed
>> >> >> > > correctly.
>> >> > Just
>> >> >> > > for
>> >> >> > > testing I did not use TLS encryption. (is this absolutely
>> >> >> > > necessary
>> >> >> > > to
>> >> >> > > make
>> >> >> > > it work?)
>> >> >> > >
>> >> >> > > 2. Click OK, then go to the Relay button. Click the radio 
>> >> >> > > button
>> >> >> > > ON
>> >> > for
>> >> >> > > "All
>> >> >> > > except the list below" and obviously radio button OFF for "Only
>> >> >> > > the
>> >> > list
>> >> >> > > below".
>> >> >> > >
>> >> >> > > 3. Stop and restart SMTP service to make sure seetings take
>> >> >> > > effect.
>> >> >> > >
>> >> >> > > 4. On the Outlook clients I set "Server requires Auth..." & 
>> >> >> > > "Use
>> > same
>> >> >> > > username and password..."
>> >> >> > >
>> >> >> > > At this point no mail travels. What am I doing wrong. All of 
>> >> >> > > the
>> >> >> > > other
>> >> >> > > settings are basically default, and there are no connnectors 
>> >> >> > > set
>> > up.
>> >> >> > > Thanks
>> >> >> > > for your anticipated help because I am new to the whole 
>> >> >> > > Exchange
>> > and
>> >> >> mail
>> >> >> > > server thing.
>> >> >> > >
>> >> >> > >
>> >> >> > >
>> >> >> > > -Harry Bates
>> >> >> > >
>> >> >> > >
>> >> >> > >
>> >> >> >
>> >> >> >
>> >> >>
>> >> >>
>> >> >
>> >> >
>> >>
>> >>
>> >
>> >
>>
>>
>
> 


0
Ben
6/21/2005 8:18:00 PM
Reply:

Similar Artilces:

ok
ok! tanks!! -- tanks you obrigada e aguardo Critsina Cristina Vieira <CristinaVieira@discussions.microsoft.com> was very recently heard to utter: > ok! tanks!! Yo welcub. (I hab a bid of a code too) -- Ed Beddedd - MBP Microsoft Bublisher man you must have one heck of a toad up ur node...MBP ? ! I lub et. ...

What must I do to get gridlines printed for both filled and empty cells?
Hi, What must I do to get gridlines printed for both filled and empty cells? I'm a teacher, and I'm trying to replicate and print, in Excel, an attendance book format, with a series of tiny squares next to each student's name. The printed form of this would allow me to register if a student were present or absent on a particular day. Hubert -- Hubert Earl, vendor of fine Jamaican art, coffee, etc. on eBay: http://www.stores.ebay.com/id=12295024&ssPageName=L2?refid=store; Fine Jablum Blue Mountain Coffee sales page: http://stores.ebay.com/Jamaican-Coffee-Art-and-More-Store_Jab...

Number OK in multiplication, NOT in Sum ?
My A/c s/w exports data to Excel in Indian Number formats with lacs comma at 5th place. I have to remove (with Find - Replace command) this comma in order for excel to make it amenable for processing. Strangely, after removing the comma, I I can do valid multiplications on the numeric data. However, when I try to do the Sum of the data range, it gives 'Zero' result ! When I do the further refinement of the numbers by 'Value ( )' function, the data gives correct result with 'Sum ( )' function. I discovered this after sweating it out for a long time. -- Shrikant ...

Something keeps changing mail settings
In accounts, properties, servers My incoming POP3 mail server setting and account name setting are unstable. Soemthing keeps changing them. The incoming mail server is being changed to "localhost" and the account name keeps being changed to have my e-mail address appended onto the end of it. Very vexing and frustrating matter. Running Outlook 2000 (9.0.0.2711) and Outlook Express 5 (5.00.2615.200) Running five machines in peer to peer home network. This is happ[enbijg to th4e two machiunes that use OPutlook and Outlook Express as mail, managers. Anybody seen or heard...

PO Returns Processing Must be Reworked
You solution for PO returns processing requires (1) the user know how many units of the item being returned exist in inventory in each receipt record (2) whether the receipt records are PO receipts or Inventory receipts (3) that the user in some cases perform two different receipts for a product that was received on a po, issued from inventory through some process, and returned to inventory (ie a sale that was returned defective) (4) and the user cannot return more parts than the inventory system believes are on hand (to allow returns to be entered when inventory counts are inaccurate o...

AfxBeginThread
Hello I am wondering, which way is better to stop running the thread, for example: /************************************************************/ BOOL CNewDlg::OnInitDialog() { .... //calling the first thread m_pThread[0] = ::AfxBeginThread(FirsThread,this,0,0,0,NULL); //calling second thread - suspended m_pThread[1] = ::AfxBeginThread(SecondThread, this,0,0,CREATE_SUSPENDED,NULL); } /************************************************************/ //both functions of threads (FirstThread and SecondThread) has similiar body: UINT CNewDlg::FirstThread(LPVOID pParam) //and UINT CNewDlg::FirstThre...

Can't set cell.formula in Excel XP but Excel 2000 is OK
Hi! I have created a VB 6.0 app that read/writes to Excel Templates via OLE using late binding. The main problem is that it seems impossible to write a formula to a cell in sheet in Excel XP, but it works OK for one formula (or reference) in Excel 2000. The VB code looks like below, '--- xlWB.Sheets("Report").Activate xlWB.Sheets("Report").Range("B5").Select xlWB.Sheets("Report").Range("B5").Formula = _ IIf(Left$(sFormula, 1) = "=", sFormula, "=" & sFormula) '--- The formula in the example is like, sFormula ...

OK
...

MINIF /MAXIF Or something similar
I have a spreadsheet with a number of stores on it. The data is such that each store is ranked based on their sales. However, I need to break them out into their respective Districts and am running into some issues there, as I need to keep the current layout of the data, and need to have the ranking numbers be dynamic once the numbers are pulled in. The catch is, that I need to do this (if possible) with only using Excel Formulas (No VBA). Basically this is a sample of what I have ---A---|---B---|---C---|---D---| DMA2 |STO1 | $400 | 5 | DMA1 |STO2 | $700 | 2 | DMA2 |STO3 | $500 |...

Scatter plot - macro OK
If I have 2 rows of data, say, A1 to C1 and A2 to C2 and record a macro :- Charts Add ActiveChart.ChartType = xlXYScatter ActiveChart.SetSourceData Source := Sheets ( " Sheet1 " ).Range ( " A1 : C2 " ), plotby := xlrows This works - I get 3 pairs of co-ordinates in a graph. When I use the equivalent code in a VB6 program :- Set ch = wbook1.Charts.Add With ch ..ChartType = xlXYScatter ..ChartWizard Source := wsheet1.Range ( " A1 : C2 " ) , plotby := xlRows End With I get SIX separate points , 2 at x axis co-ordinate 1 , 2 more at x=2 etc. I hav...

text box must be empty error
Has anyone come across that error that says the "text box must be empty" when doing a Create Text Block Link, and the text box is empty? Any solutions? -- Robert Pearson ParaMind Brainstorming Software http://www.paramind.net Creative Virtue Press/Telical Books/Regenerative Music http://www.rspearson.com You can only link to an empty text box. Copy the text in box two, paste it to the end of box one, create an empty text box, link box one to box three, delete box two. -- Mary Sauer MSFT MVP http://office.microsoft.com/ http://msauer.mvps.org/ news://msnews.microsoft.com <...

Protocol SMTP (Exhange) is OK to send but is not OK to receiver
Hello, guy Look i my configuration => SBS server 2003 Active directory Exhange 6 currently situation => Mail send and receive witch only smtp exhange => OK After, I setup POP3 to test it and I configure : 1/ Start 2 services (Microsoft Exchange and Microsaft connector manager) 2/ Add a two acess relay on the server and my computer 3/ Test POP3 => KO So, I return the first configuration (witch SMTP Exchange), but the problem is that all users can't received mails. Why this problem? PS : - Mails can be send - Don't have a log into exchange and event viewer. T...

Must click Send/Receive to receive Exchange e-mail
Not sure if this is an Outlook issue or Exchange to I am posting to both groups. I am using Outlook 2003 SP2 with an Exchange 2003 SP2 server. The only way I can get new mail is if I click the Send/Receive button, or set a Send/Receive schedule. Out of 25 computers this is the only one this happens to. I tried completely deleting the Outlook profile and recreating and it still does it. Any suggestions? Thanks. Check the firewall. New mail notifications from Exchange to Outlook is sent via UDP. Maybe there's a block there. -- Ed Crowley MVP "There are seldo...

Not to display "OK" button
Hi I want the dialog not to display the "OK" button at the top left corner. So what should i do for this....... lucky wrote: > Hi > > I want the dialog not to display the "OK" button at the top left > corner. > So what should i do for this....... > What do you want? Open the dialog resource (double click on dialog ID in resource view). You can use the mouse to move the button (if that is what you want) or you can click on the button and use the Delete key (if that is what you want). -- Scott McPhillips [VC++ MVP] I am assuming you are talking a...

OK 02-05-08
IE 7 le permite ver m�ltiples p�ginas Web en una sola ventana del explorador ...

ok
ok ...

I deleted something then hit save
I had deleted something in excel xp and saved my file. I immediately realized what I had done and need that stuff back. is there any way to retrieve information after you've deleted it and then saved it? sincerely, nate If you don't have a backup, no, there probably isn't. If you have an Undelete program that catches files deleted from within a program (as opposed to you manually deleting them from Windows' Explorer), that would be the thing to try. The program I use, Undelete, does NOT trap that kind of deletion. On 28 Oct 2004 18:30:21 -0700, nfarley@gmail.com (nfarl...

"merged cells must be identical size."
HELP! I have a multiple sheet workbook each with an identical table that needs to be sorted on a specific column at the end of the month. When I attempt the sort, however, I get "Merged cells need to be identical size." The merged cells in question arent even part of the sort range. They are nothing more than window dressing in the first two rows of the chart -- NOT the actual data. I attempted to define an area and name it "Database. That works for one sheet but I CANNOT get it to work for and of the other sheets. What do I do? Jaycee. Insert a blank row below t...

Must restart RUS to generate SMTP Proxy Addresses
I have an Exchange 2003 server that seems to be working perfectly. From time to time though, when adding new users, the SA doesn't generate proxy addresses for freshly created users. I can go into system manager and force the Recipient Update Service to rebuild and update with no success. New users still aren't stamped with e-mail addresses. If Restart the System Attendant, which in turn restarts the Information Store and MTA Stacks, the new users have x.400 and smtp addresses generated for them. While this seems to fix the issue, I don't like that I'm having to restart critica...

ok to disable trace verbs?
Does exh 2003 need http trace method verbs enabled in iis for any reason? Ok to disable them? If you are thinking about locking down IIS so that it only supports specific verbs, I don't *think* that the TRACE verb is required. I'm basing this on a recommended OWA configuration for the URLSCAN.INI. See KB 309508 for more information. -- Jim McBee - MostlyExchange Blog: http://mostlyexchange.blogspot.com - Exchange FAQ: http://www.swinc.com/resources/exchange/ "ksb" <ksb@discussions.microsoft.com> wrote in message news:18F6822E-6115-4E0C-B938...

Pub2003 Bug: Right aligned tabs must be smaller than width of text box
I have a Publisher 2003 Trial, and found an issue that drives me crazy. In a text box a right-aligned tab must be at least 0.02" from the right border of the box. Try the following: 1) create a text box of size, say 3" x 1" 2) make sure all text box margins are set to 0" (right-click -> Format Text Box, select tab Text Box) 3) type two words separated with a single tab; the goal is now to have the first word flush left and the other flush right with the edges of the box 4) change the tabs (right-click -> Change Text -> Tabs...) by introducing a single, right-ali...

outlook '03
receiving all emails, but outbound emails not being received by anyone even though emails going into "sent" queue and appears to have been sent. using norton 2004 internet security. please help?? Does it work when you disable NIS? (for troubleshooting purpose only) -- Robert Sparnaaij [MVP-Outlook] www.howto-outlook.com Tips of the month: -Backup and Restore -Create an Office XP CD slipstreamed with Service Pack 3 ----- "chandra" <anonymous@discussions.microsoft.com> wrote in message news:2b6f01c4585f$0bae82a0$3a01280a@phx.gbl... > receiving all emails, bu...

OK
Thanks everyone, my investment account now contains Janus Balanced with the correct symbol, but it is called Roth IRA. Works for me! Your Investment Account should be called Roth IRA. Your Investment should be called Janus Balanced. If you want to change the name of the Investment, go to Portfolio|Work with investments|Choose a specific investment|Roth IRA and it its details, change the name to Janus Balanced. It's always a good idea to keep it in the same thread, BTW. <anonymous@discussions.microsoft.com> wrote in message news:037801c3a253$1c7ee790$a601280a@phx.gbl... > T...

To log onto this comp, you must be granted
Hi all I have full admin rights on my exchange server. There is a junior guy in the IT department which i want to give access the change mailbox sizes, display names, etc (just the basic stuff). I have created an account for him and made he a member of Domain Users and Exchg Domain Servers but if i try to log-on as him through a Terminal session i get the message : " To log onto this computer, you must be granted the Allow logon through Terminal Services right. by default, members of the Remote Desktop Users group have this right......" even if i add the right to his account ...

Is this a permissions issue or something else?
Hi everyone, Basically when I try to do new work to a Phone Call or Fax I can't do simple things like make a new relationship or change picklists. I can do this with order and case, but not sub items like those. Are there some sort of permissions I need to alter? It's nothing to do with permissions, just limitations in how far you can customise activities. You've met 2 separate issues: 1. The only additonal relationship that can be added to activities is for custom entities to also appear in the regardingobjectid field 2. Some attributes of an activity, for example p...