Need remote Clients to have open SMTP relay with windows authentication in Exchange 2003

Hi all ... first time posting here, but i have been able to find many
answers to other questions in the past ...
Unfortunatley I may be in a bit over my head with this one.  I have
about 100 remote users and until now they have not been required to
send email over SMTP to domains out side of ours.  Now we have a
directive from above to allow relaying from dialup and remote users but
need to setup SMTP authentication.

Current config ...

Server:
Windows 2003 server
Exchange 2003 server SP1
Firewall permitting any traffic on ports 110 and 25
Security options for SMTP in the System Manager is set as follows:
Access --> Authen;
Anonymous access is checked
 Resolve anonymous e-mail is checked
Basic Authenication is NOT checked
Integrated Windows Authentication is checked
in the permissions for submit and relay Domain users and Authenticated
users groups both have submit and relay permissions

Clients:
Outlook 2000/2003
POP3/SMTP has had both the IP addy as well as the mailhost.domain.com
.... neither one woks
out bound logon information is set for both POP3 and SMTP servers set
to use same logon info

internal users are able to send and recieve email VIA POP3/SMTP but
remote users fail at finding the SMTP server fails and cannot send
email.

I am completely at a loss here.  If someone could point me in the right
direction that would be totally cool.

Thanks!

0
dogcheese (3)
1/28/2006 1:22:20 AM
exchange.admin 57650 articles. 2 followers. Follow

6 Replies
642 Views

Similar Articles

[PageSpeed] 25

Before you get there what is wrong with OWA or RPC over HTTP(s)?

Nue
"dogcheese" <dogcheese@gmail.com> wrote in message 
news:1138411340.576223.24220@f14g2000cwb.googlegroups.com...
> Hi all ... first time posting here, but i have been able to find many
> answers to other questions in the past ...
> Unfortunatley I may be in a bit over my head with this one.  I have
> about 100 remote users and until now they have not been required to
> send email over SMTP to domains out side of ours.  Now we have a
> directive from above to allow relaying from dialup and remote users but
> need to setup SMTP authentication.
>
> Current config ...
>
> Server:
> Windows 2003 server
> Exchange 2003 server SP1
> Firewall permitting any traffic on ports 110 and 25
> Security options for SMTP in the System Manager is set as follows:
> Access --> Authen;
> Anonymous access is checked
> Resolve anonymous e-mail is checked
> Basic Authenication is NOT checked
> Integrated Windows Authentication is checked
> in the permissions for submit and relay Domain users and Authenticated
> users groups both have submit and relay permissions
>
> Clients:
> Outlook 2000/2003
> POP3/SMTP has had both the IP addy as well as the mailhost.domain.com
> ... neither one woks
> out bound logon information is set for both POP3 and SMTP servers set
> to use same logon info
>
> internal users are able to send and recieve email VIA POP3/SMTP but
> remote users fail at finding the SMTP server fails and cannot send
> email.
>
> I am completely at a loss here.  If someone could point me in the right
> direction that would be totally cool.
>
> Thanks!
> 


0
imaneophyte (3004)
1/28/2006 1:50:57 AM
You also may want to consider looking into a VPN solution and configure the 
clients for Cached Mode.


RPC/HTTP (which was already recommended, but may require ISA server).

As a bonus you can have users keep their mail on the Exchange server then 
you can ensure it is getting properly backed up.
-- 
Jonathan
No Warrenties Implied, Did you do a FULL backup today??????




"dogcheese" wrote:

> Hi all ... first time posting here, but i have been able to find many
> answers to other questions in the past ...
> Unfortunatley I may be in a bit over my head with this one.  I have
> about 100 remote users and until now they have not been required to
> send email over SMTP to domains out side of ours.  Now we have a
> directive from above to allow relaying from dialup and remote users but
> need to setup SMTP authentication.
> 
> Current config ...
> 
> Server:
> Windows 2003 server
> Exchange 2003 server SP1
> Firewall permitting any traffic on ports 110 and 25
> Security options for SMTP in the System Manager is set as follows:
> Access --> Authen;
> Anonymous access is checked
>  Resolve anonymous e-mail is checked
> Basic Authenication is NOT checked
> Integrated Windows Authentication is checked
> in the permissions for submit and relay Domain users and Authenticated
> users groups both have submit and relay permissions
> 
> Clients:
> Outlook 2000/2003
> POP3/SMTP has had both the IP addy as well as the mailhost.domain.com
> .... neither one woks
> out bound logon information is set for both POP3 and SMTP servers set
> to use same logon info
> 
> internal users are able to send and recieve email VIA POP3/SMTP but
> remote users fail at finding the SMTP server fails and cannot send
> email.
> 
> I am completely at a loss here.  If someone could point me in the right
> direction that would be totally cool.
> 
> Thanks!
> 
> 
0
1/28/2006 3:24:27 AM
Since RPC over HTTPS was already recommended in regards to remote 
connectivity for those using Outlook 2003, what you really want to go with 
is multiple SMTP virtual servers.  For example, SMTP virtual server 1 lives 
on port 25 and be nice and secure and only allows inbound mail (e.g. how it 
ships out of the box in regards to Exchange 2003).  SMTP virtual server 2 
can live on the message submission port of 587.  This one should *only* 
allow authenticated sessions (hopefully over SSL if opting to use basic 
auth) and be able to relay.

The type of configuration described above allows users to submit messages 
even if said users are on an unfriendly network that blocks port 25, they 
should still be able to perform remote mail functionality since many ISPs do 
not block non-standard ports.

"dogcheese" <dogcheese@gmail.com> wrote in message 
news:1138411340.576223.24220@f14g2000cwb.googlegroups.com...
> Hi all ... first time posting here, but i have been able to find many
> answers to other questions in the past ...
> Unfortunatley I may be in a bit over my head with this one.  I have
> about 100 remote users and until now they have not been required to
> send email over SMTP to domains out side of ours.  Now we have a
> directive from above to allow relaying from dialup and remote users but
> need to setup SMTP authentication.
>
> Current config ...
>
> Server:
> Windows 2003 server
> Exchange 2003 server SP1
> Firewall permitting any traffic on ports 110 and 25
> Security options for SMTP in the System Manager is set as follows:
> Access --> Authen;
> Anonymous access is checked
> Resolve anonymous e-mail is checked
> Basic Authenication is NOT checked
> Integrated Windows Authentication is checked
> in the permissions for submit and relay Domain users and Authenticated
> users groups both have submit and relay permissions
>
> Clients:
> Outlook 2000/2003
> POP3/SMTP has had both the IP addy as well as the mailhost.domain.com
> ... neither one woks
> out bound logon information is set for both POP3 and SMTP servers set
> to use same logon info
>
> internal users are able to send and recieve email VIA POP3/SMTP but
> remote users fail at finding the SMTP server fails and cannot send
> email.
>
> I am completely at a loss here.  If someone could point me in the right
> direction that would be totally cool.
>
> Thanks!
> 


0
neo7948 (622)
1/30/2006 12:28:53 PM
Unfortunatley the powers that be will not allow me to dictate that
solution to the end user ... we have already setup OWA and all users
have access to it.  but the users i have are non techies, and my
superiors will not force them to change from what they know (pop3/smtp
in outlook).

0
dogcheese (3)
1/30/2006 2:40:56 PM
thanks group for the reply ...

Neo, when you said that :
> The type of configuration described above allows users to submit messages
> even if said users are on an unfriendly network that blocks port 25, they
> should still be able to perform remote mail functionality since many ISPs do
> not block non-standard ports.

does that mean that anyone should be able to send out VIA my SMTP
server from a POP3/smtp account?  That was my assumtion as well, but at
this point users cannot send out over smtp.  That was my understanding
of having the anonymous access button checked that anyone should be
able to send out over the SMTP server ...

I didn't however tell state earlier that relaying is restricted to a
subnet, that covers our VPN users as well as all the corp users,
however the check box below the ip address ranges to relay is checked
(Allow all computers which successfully authenticate to relay,
regardless of the list above).  Wouldn't that over ride the subnet
filter that is in place when a remote user, supplies credentials with
rights to send VIA SMTP?

0
dogcheese (3)
1/30/2006 3:19:02 PM
comments inline...

"dogcheese" <dogcheese@gmail.com> wrote in message 
news:1138634342.849259.257030@g14g2000cwa.googlegroups.com...
> thanks group for the reply ...
>
> Neo, when you said that :
>> The type of configuration described above allows users to submit messages
>> even if said users are on an unfriendly network that blocks port 25, they
>> should still be able to perform remote mail functionality since many ISPs 
>> do
>> not block non-standard ports.
>
> does that mean that anyone should be able to send out VIA my SMTP
> server from a POP3/smtp account?  That was my assumtion as well, but at
> this point users cannot send out over smtp.  That was my understanding
> of having the anonymous access button checked that anyone should be
> able to send out over the SMTP server ...

If it is configured correctly, no.  It means that only those that can 
authenticate with a valid domain userid/password combination should be able 
to submit messages to it.  Remember, you are turning off anonymous access to 
this secondary virtual server.  (okay, it could go everyone if your site 
uses weak/easy to guess userid/password combinations or the site leaves the 
guest account enabled.)

> I didn't however tell state earlier that relaying is restricted to a
> subnet, that covers our VPN users as well as all the corp users,
> however the check box below the ip address ranges to relay is checked
> (Allow all computers which successfully authenticate to relay,
> regardless of the list above).  Wouldn't that over ride the subnet
> filter that is in place when a remote user, supplies credentials with
> rights to send VIA SMTP?

I hate messing with IP restrictions on SMTP virtual servers.  It makes 
things a little too complex for me. :)  Basically what I'm suggesting is 
taking the concepts mentioned in 
http://209.34.241.68/exchange/archive/2005/01/24/359677.aspx and twisting it 
to fit your needs. 


0
neo7948 (622)
1/30/2006 11:34:28 PM
Reply:

Similar Artilces:

Need Help, Task Start Date is wrong
I’m using MS Project 2007, have several task linked with finish to start. I have set date to schedule from, hours per day set to 8 and Working Monday thru Friday. My schedule shows Task 1 Duration 4 days, start Wed 6/2/10, Finish Mon 6/7/10 Task 2 Duration 3 days, start Mon 6/7/10, Finish Thu 6/10/10 Task 2 should have a Start Date of 6/8/10 not 6/7/10; what is causing this? Thanks in advance for your help. ...

WCF Client serialization problem
I posted the problem on another forum, and to prevent duplicate posts, but get as many professionals as possible to look at it, I include the url in this post. Please help! http://stackoverflow.com/questions/2948657/migrating-webclient-to-wcf-wcf-client-serializes-parametername-of-method ...

Unable to open .docx documents in Word 2002
I cannot open word documents sent with .docx extendion in word 2002. I checked my language setting and it is English. What is wrong? Download the Compatibility Pack. http://www.microsoft.com/downloads/details.aspx?familyid=941b3470-3ae9-4aee-8f43-c6bb74cd1466&displaylang=en -- JoAnn Paules MVP Microsoft [Publisher] Tech Editor for "Microsoft Publisher 2007 For Dummies" "Johnpm" <Johnpm@discussions.microsoft.com> wrote in message news:43E248E8-5D83-4E91-9743-CE12CCD6A443@microsoft.com... >I cannot open word documents sent with .docx extendi...

allowing relaying... security issues
We are using Exchange 2000 on an SBS 2000 machine. We signed up with Spam Soap - an outside company to provide incoming/outgoing SMTP mail filtering . As part of their service, you also configure them as a "smart host". This is configured in the virtual SMTP Server area - in the advanced options for delivery. Also, in order to have this work properly, the SMTP Connector we had configured in the 'Connectors' area also had to be removed. We have an in-house VB .net application that automatically sends auto-generated emails. This particular application is configured and...

From Outlook 2000 to Outllook 2003
How do I migrate I personal folders file (.pst) from Outlook 2000 to Outlook 2003? Read the Help Files: http://office.microsoft.com/en-us/assistance/HA010771141033.aspx -- Russ Valentine [MVP-Outlook] "rolo" <rolo@discussions.microsoft.com> wrote in message news:706405A0-2971-409F-B213-67714B12713C@microsoft.com... > How do I migrate I personal folders file (.pst) from Outlook 2000 to > Outlook > 2003? Thanks Russ it helped. By the way how can I get to this useful help files? "Russ Valentine [MVP-Outlook]" wrote: > Read the Help Files: > htt...

WebDav authentication
Anyone knows what would could change WebDav authentication from requiring the domain/username to accepting the UPN? My assumption is that Webdav authentication is over HTTP and it's behavior is eqivalent to OWA authentication. -- Jay H. I will post my own solution...when it comes to Authentication........ you can allow UPN authentication by adding a "\" to the Exchange Virtual directory in Exchange System Manager HTTP Protocol default domain field....stop restart HTTP Virtual Server -- Jay H. "JayH" wrote: > Anyone knows what would could change WebDa...

Voice connector on Exchange server 2007.
Is there any functionality available in exchange server 2007 regarding voice connector? If not how can we create it? Thanks in advance. Ashwin Exchange 2007 has the "Universal Messaging" role which is intended for this purpose. Do you have a PBX? -- Ed Crowley MVP - Exchange "Protecting the world from PSTs and brick backups!" "Microsoft Exchange 2007 command shell" <MicrosoftExchange2007commandshell@discussions.microsoft.com> wrote in message news:FAE20A61-AD17-4218-90C2-9356CA90B2A0@microsoft.com... > Is there any functionality available in exch...

New to excel
Hi All, I'm new to Excel ( and to this forum :) ) and so I hope somebody may b able to help me. I've got 2 questions.... QUESTION 1 I've got a spreadsheet which takes data from one worksheet and uses i to calculate data in a second worksheet using the following code formula: =IF('4th November 2005'!B19="","nothing here dude",IF(B19<'4th Novembe 2005'!B19,"UP",IF(B19='4th November 2005'!B19,"Same",IF(B19>'4t November 2005'!B19,"DOWN")))) The problem is, when I create a new worksheet I have...

Stop My Documents from opening all the time?
Is there anyway to stop My Documents from opening everytimg I start a Windows Explorer session? I guess there's no future in trying to delete it, because so many products try to put stuff there. Right? Laurel wrote: > Is there anyway to stop My Documents from opening everytimg I start a > Windows Explorer session? > If you want Explorer to open somewhere else, simply modify the properties of the shortcut you're using to open it. All you need do is create/modify the target field of your Windows Explorer shortcut to point where you want it. Co...

owa cant open ppt attachments
i have an exchange 2003 cluster when a user tries to open or save a powerpoint attachment it hangs at 97% all other attachments open fine any ideas thanks ...

Outlook 2003 Drag and Drop Emails
I have an issue where there is a SBS 2003 server (newly installed) & when I drag emails to the file system (explorer window) in order to create file records of the emails it generates an error. Dialog Box Name: Error Copying File or Folder Error Msg: Not enough storage is available to process this command. I can't find an error logged anywhere, either on the server event logs or on the local machine event logs... I have searched the MS KB & Office online, but no joy yet... If anyone can help that would be great!!! R ...

Redirect Exchange 2000 IS backup to different Exchange 2003 server
I recently added an Exchange 2003 server to the same org as a 2000 server. I have dbs from the 2000 server that I need to restore to retrieve email from a user whose mailbox was moved to 2003. So I need to restore the db for that mailbox from BEFORE it was moved because when you move mailboxes you lose any deleted items that were being saved by retention policy. Is this possible? I'm using Veritas Backup Exec 10 but nothing in their support KB seems to follow this exact scenario. If it helps, the old Exch 2000 server is currently empty of users and is ready to be uninstalled. W...

Filters not working in Exchange 2003
I have been trying to turn on the Recipient, Connection, and Sender filters. I have gone to the Default SMTP Virtual Server and turned it on there without getting an error but when I go to the Properties and add senders to block and the hit Apply, it tells me that I must manually turn the filtering on in the SMTP VS. I have stopped and started the Default SMTP VS but still no luck. Any ideas? Hi Wayne That is a standard dialog box, it does not check to see if it is already enabled, have you tested the sender filtering? -- Mark Fugatt Microsoft Limited This posting is provided &quo...

setup Windows Mail as Word 2003 default emailer
All I can do is setup Outlook. I do not use Outlook. I would like to email Word docs using MS Windows Mail (new version of Express) In the Windows Start area, type Regedit into the search bar and then start the Registry Editor and go to HKEY_CURRENT_USER>Software>Clients>Mail Right Click on the (Default) item and then on Modify and in the Value data: field enter Windows Mail so that after you click OK, you have (Default) REG_SZ WIndows Mail -- Hope this helps. Please reply to the newsgroup unless you wish to avail yourself of my services on a pa...

Contacts in Exchange #2
We are running Exchange 2003 and Outlook 2003. I have tried to give a user rights to her boss's contacts through delegation and setting the rights on the contacts folder, however, while she has the rights she is unable to add or see her boss's contact folder in her Outlook. She can see it if she runs a search, but can not permanently put it in her list of contact folders. IS there a way that I can accomplish this through the back-end? Thanks, Joseph rapoport jrapoport@insurmark.net ...

will CRM load on a 2003 server?
will CRM load on a 2003 server? Microsoft CRM v1.2 supports Windows 2000/2003 Server. Frank Lee Workopia, Inc. >> Other Microsoft CRM Online Forum Resources: http://www.workopia.com/Links.htm >-----Original Message----- >will CRM load on a 2003 server? >. > No problem. We just completed a 1.2 installation on a 2003 server, without any problems. Brian Demoe "Troy Hicks" <tlhicks@nc.rr.com> wrote in message news:03dd01c3dcb2$93653a00$a501280a@phx.gbl... > will CRM load on a 2003 server? CRM 1.2 will also load on Small business server 2003 as wel...

unable to paste Excel 2003 chart into Outlook 2003
(This was posted on "excel.charting" group.) I have a user who's unable to paste an Excel 2003 chart into Outlook 2003 email message. In Outlook options, the checkbox is selected for "Use Microsoft Office Word 2003 to edit e-mail messages". When I tested this on my own computer running the same version of Office, if the box is check, I have no problem pasting; if this box is cleared, I cannot paste. But on his computer, it doesn't work regardless. Thanks and regards, TL ...

question on os authenticity
I purchased a laptop with Windows 2000 preinstalled from a dealer who claims to be a Microsoft Authorized Refurbisher. There was no COA attached to the body of the computer and he claims that he was not required to because he owns the license to it, not me. Is this correct? -- julesrh77 Good question but not for this community. You need to post your question in a Windows community. But, I think he's wrong and you should call Microsoft directly to ask them. You can find their phone number by going to www.microsoft.com. -- Charles Allen, MVP "julesrh77" wrote: > ...

How do I Remove a Split from my Comments in Excel 2003? #2
I have set my current workbook to split/freeze the first column and first 2 rows. Now, when I add a comment to the second row (in any column) my comments are cut off if I should scroll down. I don't ever remember the behavior before. And I don't know what I've done to enable it but it's really annoying. How do turn this off ? ...

Disable Secure Sockets Layer on exchange server when using RPC over HTTP
Hi im trying to enable RPC over HTTP to enable users to establish contact to my Excahger server 2003 over the internet. Now, I dont want to use SSL (security not that important) and i am told by this article that i can disable SSL in windows registry. Quote: Note While RPC over HTTP does not require Secure Sockets Layer, you must modify the registry to enable RPC over HTTP if you do not want to use Secure Sockets Layer. Microsoft recommends that you enable and require Secure Sockets Layer for your RPC over HTTP communications. At this address: http://support.microsoft.com/?id=833401 But i ...

cannot open hyper links in outlook
when I try to open a hyperlink in outlook, I get the following message: This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator. ----- I am the system administrator. HELP This is a problem with IE, not Outlook. You need to reset your internet settings in IE's Tools, Internet Options, Advanced tab. (Or Control Panel, Internet options, Advanced tab). See http://www.slipstick.com/problems/link_restrict.htm for more information. "Donald McNeely" <Donald McNeely@discussions.microsoft.com>...

I need a macro
I would like a macro to do the following: I would place the the cursor in any cell and this macro would give me the average of all the entries to the left if the selected cell. EX: I place the cursor in cell M12. I want this macro on display in cell M12 the average of all the values from Col C12 to Col L12. Note that there may NOT be entries in all the cells in that range. Also the start point would always be col C .Thanks You can do this easily with a worksheet_selection event in the sheet module but you would probably want to restrict to a certain range or columns and rows or it woul...

Cannot open Outlook, keep getting Send error report of Microsoft.
We are having problems with Outlook 2003. Everytime we try to open, we get this: Send error report to Microsoft. Any ideas why? All windows and office update have been completed. ...

Error 550 Relaying denied
I get this nearly every time I try to send information using MS Outlook email. Any suggestions? You probably need to turn on authentication to your outgoing server. You can do so on the "Outgoing Server" tab for your mail account. -- Jocelyn Fiorello MVP - Outlook *** Messages sent to my e-mail address will NOT be answered -- please reply only to the newsgroup to preserve the message thread. *** In news:9cf101c3eacf$a3250cb0$a401280a@phx.gbl, Dick Brenneke wrote: > I get this nearly every time I try to send information > using MS Outlook email. Any suggestions? Th...

MOVE TO FOLDER... only appears. I need MOVE TO FOLDER
This is very odd and I've found that I've had this problem before with not finding icons. Some I've found at the office don't appear here and vice versa, or they act differently. I have Outlook 2000 in both places! Very odd. At home, I couldn't find the HIGH IMPORTANCE icon under the list of items available in the customize. Yet I have it at work. That's the one where when the HIGH IMPORTANCE is on, it shows a depressed button state. I really need that in both places. Anyway, simple (or so I thought) - I ended up just brining the toolbar from work on a floppy, a...