Yes, you can do it there as well. _____ From: David Liles [mailto:dliles@xxxxxxxxxxxx] Sent: 20 August 2003 12:12 AM To: [ExchangeList] Subject: [exchangelist] RE: can a virus do this? Ok... if I understand you correctly, we are doing this within to recipient policies configuration. That is where we are telling Exchange to also deliver email for the other domains.... -----Original Message----- From: Craig Haywood [mailto:craig@xxxxxxxxxxxxxx] Sent: Tue 8/19/2003 5:03 PM To: [ExchangeList] Cc: Subject: [exchangelist] RE: can a virus do this? I think you r misunderstanding me. let's say you host mail for alias@xxxxxxx, alias@xxxxxxx and your exchage domain is xyz.com, then exchange would automatically be configured to accept mail on behalf of xyz.com. However, you must then specify that mail may be relayed to abc.com and def.com. You don't have to specify domains for people who may send to these domains. I support a small isp, and this how we do it. The server is completely closed for relays. for our email users, they can send to any domain as long as they r authenticated. poeple sending mail to them obviously don't authenticate, so we tell exchange it is okay to relay mail to these domains (We're hosting +- 150 domains) so that users who have domains registered with the isp can receive mail at user@their domain.com Regards Craig _____ From: David Liles [mailto:dliles@xxxxxxxxxxxx] Sent: 19 August 2003 09:35 PM To: [ExchangeList] Subject: [exchangelist] RE: can a virus do this? To the best of my knowledge, there shouldn't be any relaying..... The email account that is erroring is on our exchange server so nothing should be passing through our SMTP service. Our server is the end point in the process.... I'm currently using an external email account to test by sending an email to my account on our new exchange server. If we need to specify external domains that can relay just so we can receive email it seems we would be turnning ourself into an open relay.... -----Original Message----- From: Craig Haywood [mailto:craig@xxxxxxxxxxxxxx] Sent: Tue 8/19/2003 3:29 PM To: [ExchangeList] Cc: Subject: [exchangelist] RE: can a virus do this? I take it, when you send mail internally, you have the option to relay for authenticated users ticked. However, external users don't authenticate. On your internet mail smtp connector, you need to specify domains which may relay through your server. Hope this helps Craig _____ From: David Liles [mailto:dliles@xxxxxxxxxxxx] Sent: 19 August 2003 08:52 PM To: [ExchangeList] Subject: [exchangelist] can a virus do this? Can a virus cause this? Overview: We have one Exchange 2000 server we are trying to replace that is currently exposed (public IP - this is bad... we know). We have just added a new Exchange 2000 server that is on a private IP and behind an MS ISA firewall only box. We have only migrated a couple of email accounts from the old Exchange server to the new one for testing and are experiencing problems when sending to those accounts. We can send internally to any email account without problem, as well as send mail externally without problem. We are unable to send mail to any of the users that we migrated to the new Exchange server from an external email account (fyi... this email address is external), when we try we get the following error: Your message did not reach some or all of the intended recipients. Subject: FW: Welcome to the ISAserver.org Discussion List Sent: 8/19/2003 9:33 AM The following recipient(s) could not be reached: dave@xxxxxxxxxxxxxxxxxxx on 8/19/2003 9:33 AM You do not have permission to send to this recipient. For assistance, contact your system administrator. <exodus.tmfi.com #5.7.1 smtp;550 5.7.1 Unable to relay for xxx@xxxxxxxxxxx> ISA configuration: We have published our Exchange server using the Secure Mail Server publishing wizard. Users are able to access the internet. Protocol Rules allow for DNS Query and DNS Zone Transfers and SMTP to travel out IP Packet Filters configured for SMTP inbound and SMTP outboud (individual filter entries) Other configuration info: The Exchange server has a private IP and is configured with DNS services. The NIC DNS entry points to itself and the DNS service is configured to forward to our ISP's DNS server. The default gate way is the private IP of the ISA box. The recipient policy used for the user accounts having problems is the default for our domain. Any ideas why we are having his problem? Thanks - Dave