RE: Relaying Problem question - still fighting it!
- From: "John Tolmachoff \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
- To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
- Date: Tue, 30 Sep 2003 11:36:11 -0700
Now, the important part, Uncheck the "Allow all computers which successfully
authenticate to relay, regardless of the list above." What this will do is
confine relaying to the internal IPs, No longer will an external user be
able to relay using an authenticated user's information.
While that may have worked for you, it will not work if you have users
connecting outside of the local LAN. Also, your setup will allow some one
from an internal IP to relay freely. This could happen in a number of ways,
including an internal user with Kaaza installed, an internal user that is
using software to send out bulk e-mail and so forth.
The point is Microsoft, or any one else, has no need to create any KB
article about how to configure a certain way, as each situation is different
and demands different configurations.
For me or any of my clients, I will never allow free relay from the internal
IP range. You must authenticate. Disallowing authenticated users to relay IS
NOT AN ANSWER TO A WEAK PASSWORD POLICY!
While there can be many right ways of doing things, coming up with a work
around is not one of them.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
Other related posts:
