Tuesday, April 5, 2011

Exchange Anonymous Relay for External POP User

I have a friend with an office that is prone to flooding in the springtime. This year, she has moved her office before the flood hits, just in case. She uses a POP account with a third party, not her ISP. However, she uses the SMTP host of her ISP. Basically, she downloads messages from the mail provider and then sends them out through her ISP SMTP host.

One of her clients has been kind enough to provide temporary office space for the next month or so. Unfortunately the ISP servicing this office does not allow anonymous relaying. So, I offered to setup relaying for her on our Exchange 2007 server.

Initially I though it would be as easy as creating a mailbox to allow for authentication. It was a bit more complex than I expected.

Here are the steps that were required:
  1. Create an exchange mailbox for authentication of her traffic (we'll call it EXTERNAL). The POP client authenticates outbound traffic with this username and password. The email address of the account is never used, but is EXTERNAL@mydomain.com.
  2. Add her domain (herdomain.com) as an accepted relay domain. Without this Exchange will not send out the message. Exchange will look at the source email address and error out indicating that it is not allowed.
  3. Create a contact for  heremail@herdomain.com.
  4. Give EXTERNAL SendAs permission for the contact hermail@herdomain.com. If this step is not performed you will get an error about not having SendAs permission.
At that point it was good to go. The POP client is authenticated which avoids the need to create an anonymous relay which is inherently risky. And Exchange allows a message from hermail@herdomain.com to be sent out because it is an accepted relay domain and because EXTERNAL has SendAs permission.

You can't configure Send As permission for a contact in EMC. You can do it either in EMS or AD Users and Computers.

No comments:

Post a Comment