Skip to main content

How to configure Exchange Receive Connector for Postini or any hosted antispam service

 Create the Receive Connector

Set up a new Receive Connector on the Hub Server to allow relaying. This step is the same for either method of reinjection setup.
1.
Expand Server Configuration from the Exchange Management Console

2.
Choose Hub Transport from the server roles list.

3.
In the Details Pane choose the appropriate hub transport server

4.
In the Properties Pane right click in the Receive Connectors tab and choose New Receive Connector. The following screen will appear:


5.
Name the connector “Reinjection” and choose Next

6.
You will see the Local Network Settings page. If you haven’t made any customization to the IP settings of the Hub Server, keep the defaults. Otherwise, use the settings appropriate for your customization.


7.
Click Next to go to the Remote Network settings page. Click the default range that is input by the system and click Edit.



8.
You will see the Edit Remote Servers box. Enter the appropriate IP range. For a list of IP ranges, see IP Ranges.


9.
Click OK, then click Next to continue.


10.
Click New, then click Finish on the Completion page.

Method One: Apply Anonymous user access to the connector
The first method to allow reinjection is to set the receive connector to allow Anonymous Users. This is recommended for most configurations.
The first step in this process is to add the Anonymous Permissions Group to the connector.
1.
Double click your new connector and choose the Permission Groups tab.

2.
Check the Anonymous Users checkbox.

3.
Choose OK.



4.
Open the Exchange Management Shell from Start -> Programs -> Microsoft Exchange Server 2007 -> Exchange Management Shell

5.
Type the following command:

Get-ReceiveConnector "Reinjection" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient" 6.
You will see a results screen:


Method Two: Externally Secured Connector
If you do not allow Anonymous Access, you can instead create a connector as an externally secured connector. This option allows you to bypass Exchange’s anti-spam filters.
1.
Open the newly created connector and click the Permissions Groups tab.

2.
Check Exchange Servers and click Apply.


3.
Click the Authentication tab.

4.
Check “Externally secured.”


Using the externally secured setting applies the following permissions:
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Authoritative-Domain}
MS Exchange\Externally Secured Servers {ms-Exch-Bypass-Anti-Spam}
MS Exchange\Externally Secured Servers {ms-Exch-Bypass-Message-Size-Limit}
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Exch50}
MS Exchange\Externally Secured Servers {ms-Exch-Accept-Headers-Routing}
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Submit}
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Any-Recipient}
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Authentication-Flag}
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Any-Sender}

If you chooses the externally secured you will bybass the exchange antispam feature and you will not be able to block spoofing so it's highly recommended to use the first way to configure postini receive connector and you have to do a new command to remove a permission from receive connector as explained in this EgyEng.com thread.
http://egyeng.com/forums/showthread....8504#post28504


Be aware as it's currently postini for some reason is listed in spam lists as ones disabeld below in the screen so if you face any issues configuring the first way with anonymous permission check your RBLs



That takes from me days to know the cause of the issue not receiving any mails from outside if using first way.

Comments

Popular posts from this blog

ما هى ال FSMO Roles

  بأختصار ال FSMO Roles هى اختصار ل Flexible Single Operation Master و هى عباره عن 5 Roles فى ال Active Directory و هما بينقسموا لقسمين A - Forest Roles 1- Schema Master Role و هى ال Role اللى بتتحكم فى ال schema و بيكون فى Schema Master Role واحد فى ال Forest بيكون موجود على Domain Controller و بيتم التحكم فيها من خلال ال Active Directory Schema Snap in in MMC بس بعد ما يتعمل Schema Register بواسطه الامر التالى من ال Cmd regsvr32 schmmgmt.dll 2-Domin Naming Master و هى ال Role المسئوله عن تسميه ال Domains و بتتأكد ان مفيش 2 Domain ليهم نفس الاسم فى ال Forest و بيتم التحكم فيها من خلال ال Active Directory Domains & Trusts B- Domain Roles 1-PDC Emulator و هى ال Role اللى بتتحكم فى ال Password change فى ال domain و بتتحكم فى ال time synchronization و هى تعتبر المكان الافتراضى لل GPO's و هى تعتبر Domain Role مش زى الاتنين الاولانيين و بيتم التحكم فيها من خلال ال Active directory Users & Computers عن طريق عمل كليك يمين على اسم الدومين و نختار operations master فى تاب ال PDC Emu

Recreating a missing VMFS datastore partition in VMware vSphere 5.x and 6.x

    Symptoms A datastore has become inaccessible. A VMFS partition table is missing.   Purpose The partition table is required only during a rescan. This means that the datastore may become inaccessible on a host during a rescan if the VMFS partition was deleted after the last rescan. The partition table is physically located on the LUN, so all vSphere hosts that have access to this LUN can see the change has taken place. However, only the hosts that do a rescan will be affected.   This article provides information on: Determining whether this is the same problem Resolving the problem   Cause This issue occurs because the VMFS partition can be deleted by deleting the datastore from the vSphere Client. This is prevented by the software, if the datastore is in use. It can also happen if a physical server has access to the LUN on the SAN and does an install, for example.   Resolution To resolve this issue: Run the  partedUtil  command on the host with the issues and verify if your output

Unlock the VMware VM vmdk file

  Unlock the VMware VM vmdk file Kill -9 PID Sometimes a file or set of files in a VMFS become locked and any attempts to edit them or delete will give a device or resource busy error, even though the vm associated with the files is not running. If the vm is running then you would need to stop the vm to manipulate the files. If you know that the vm is stopped then you need to find the ESX server that has the files locked and then stop the process that is locking the file(s). 1. Logon to the ESX host where the VM was last known to be running. 2.  vmkfstools -D /vmfs/volumes/path/to/file  to dump information on the file into /var/log/vmkernel 3.  less /var/log/vmkernel  and scroll to the bottom, you will see output like below: a. Nov 29 15:49:17 vm22 vmkernel: 2:00:15:18.435 cpu6:1038)FS3: 130: <START vmware-16.log> b. Nov 29 15:49:17 vm22 vmkernel: 2:00:15:18.435 cpu6:1038)Lock [type 10c00001 offset 30439424 v 21, hb offset 4154368 c. Nov 29 15:49:17 vm22 vmkernel: gen 664