Skip to main content

How to configure Exchange Receive Connector for Postini or any hosted antispam service

 Create the Receive Connector

Set up a new Receive Connector on the Hub Server to allow relaying. This step is the same for either method of reinjection setup.
1.
Expand Server Configuration from the Exchange Management Console

2.
Choose Hub Transport from the server roles list.

3.
In the Details Pane choose the appropriate hub transport server

4.
In the Properties Pane right click in the Receive Connectors tab and choose New Receive Connector. The following screen will appear:


5.
Name the connector “Reinjection” and choose Next

6.
You will see the Local Network Settings page. If you haven’t made any customization to the IP settings of the Hub Server, keep the defaults. Otherwise, use the settings appropriate for your customization.


7.
Click Next to go to the Remote Network settings page. Click the default range that is input by the system and click Edit.



8.
You will see the Edit Remote Servers box. Enter the appropriate IP range. For a list of IP ranges, see IP Ranges.


9.
Click OK, then click Next to continue.


10.
Click New, then click Finish on the Completion page.

Method One: Apply Anonymous user access to the connector
The first method to allow reinjection is to set the receive connector to allow Anonymous Users. This is recommended for most configurations.
The first step in this process is to add the Anonymous Permissions Group to the connector.
1.
Double click your new connector and choose the Permission Groups tab.

2.
Check the Anonymous Users checkbox.

3.
Choose OK.



4.
Open the Exchange Management Shell from Start -> Programs -> Microsoft Exchange Server 2007 -> Exchange Management Shell

5.
Type the following command:

Get-ReceiveConnector "Reinjection" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient" 6.
You will see a results screen:


Method Two: Externally Secured Connector
If you do not allow Anonymous Access, you can instead create a connector as an externally secured connector. This option allows you to bypass Exchange’s anti-spam filters.
1.
Open the newly created connector and click the Permissions Groups tab.

2.
Check Exchange Servers and click Apply.


3.
Click the Authentication tab.

4.
Check “Externally secured.”


Using the externally secured setting applies the following permissions:
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Authoritative-Domain}
MS Exchange\Externally Secured Servers {ms-Exch-Bypass-Anti-Spam}
MS Exchange\Externally Secured Servers {ms-Exch-Bypass-Message-Size-Limit}
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Exch50}
MS Exchange\Externally Secured Servers {ms-Exch-Accept-Headers-Routing}
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Submit}
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Any-Recipient}
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Authentication-Flag}
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Any-Sender}

If you chooses the externally secured you will bybass the exchange antispam feature and you will not be able to block spoofing so it's highly recommended to use the first way to configure postini receive connector and you have to do a new command to remove a permission from receive connector as explained in this EgyEng.com thread.
http://egyeng.com/forums/showthread....8504#post28504


Be aware as it's currently postini for some reason is listed in spam lists as ones disabeld below in the screen so if you face any issues configuring the first way with anonymous permission check your RBLs



That takes from me days to know the cause of the issue not receiving any mails from outside if using first way.

Comments

Popular posts from this blog

Question كيفية عمل share للـ outlook conntact لكل الـ Domain Users

  الحل بسيط جدا عايز الكونتاكت تتحدث دايما بحيث انك لما تضيف يوزر جديد يسمع في الكونتاكت اول حاجه بتدخل علي in office 2003 tools --- email account ---- add address book --- internet directory service (LDAP) type your server name then login info . mark this server require me to logon type any user on active directory and its password then save and close outlook and open it again now you will find all your active directory users in address book

3 things has to be done for better performance

  Tips from Goutham: 3 things has to be done for better performance: By default, XP displays extra graphic objects for menu items which can slow down your display. 1. To turn off these selectively... Right click My Computer Select Properties Click Advanced tab Under Performance, click Settings button To turn them all off, select Adjust for best performance Preference is to leave them all off except for Show shadows under mouse pointer and Show window contents while dragging 2. To speed up the display of the Start Menu Items, turn off the menu shadow. Right click open area of the Desktop Select Properties Click Appearance tab Click Effects button Uncheck Show shadows under menus 3. You can increase system performance by loading more of the system into memory. DO NOT attempt this with less then 512MBs of ram. Your system will become unstable. Click Start Click Run Enter regedit Click OK Go to HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Control Session Manager Memory Management Double cli

The difference between DNS and NDS

  Novell Directory Services(NDS) - Novell Directory Services (NDS) is a popular software product for managing access to computer resources and keeping track of the users of a  network , such as a company's  intranet , from a single point of administration. Using NDS, a network administrator can set up and control a  database  of users and manage them using a  directory  with an easy-to-use graphical user interface ( GUI ). Users of computers at remote locations can be added, updated, and managed centrally. Applications can be distributed electronically and maintained centrally. NDS can be installed to run under  Windows NT , Sun Microsystem's Solaris, and IBM's  OS/390  as well as under Novell's own  NetWare  so that it can be used to control a multi-platform network. NDS is generally considered an industry  benchmark  against which other products, such as Microsoft's Active Directory, must compete. Lucent Technologies plans to integrate NDS into its own QIP product