none
Configure SMTP Auth

    Question

  • Messaging Infrastructure

    ------------------------------

    Mailing Infra - I

    1) Linux based Bulk Email  System.

    Mailing Infra - II

    1) Cisco Ironport

    2) Exchange 2013 CU11

    Mailing infra I  is sending email  over internet to an Exchange 2013 DL, Which is set to not receive unauthentic emails, This email doesn’t’ get delivered because of  the restriction on DL to not receive unauthentic emails.

    We have to come up with a solution where email from mailing infra 1 are treated as authenticated and deliver to DLs without any issue, we do not want to allow unauthentic from whole internet.

    Please help if this can be achieved on Exchange level. 


    Regards, Sourabh Kumar Jha | Please mark it as an answer if it solves your problem or vote as helpful if you like it. |

    Tuesday, June 14, 2016 6:42 PM

Answers

  • You mean "unauthenticated"?  That's a lot different from "unauthentic".

    I believe that you can create a receive connector that has the infra 1's sending server's IP address in RemoteIPRanges, and AuthMechanism set to "ExternalAuthoritative".  What this means is that anything coming from that IP address (or those IP addresses since you can have multiple) is treated as if it were originating from within your organization.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Wednesday, June 15, 2016 5:19 AM
    Moderator

All replies

  • You mean "unauthenticated"?  That's a lot different from "unauthentic".

    I believe that you can create a receive connector that has the infra 1's sending server's IP address in RemoteIPRanges, and AuthMechanism set to "ExternalAuthoritative".  What this means is that anything coming from that IP address (or those IP addresses since you can have multiple) is treated as if it were originating from within your organization.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Wednesday, June 15, 2016 5:19 AM
    Moderator
  • I have another way, too.

    Add an accepted domain "clownpenis.fart" to your organization.

    In infra 1, add a send connector with an address space of "clownpenis.fart" that points to the IP address or FQDN of your Exchange server.

    Add address group@clownpenis.fart as an SMTP address to and remove all other e-mail addresses from the distribution group in question.

    Create a contact in infra 1 with a name "Distribution Group" (or whaterver it's named) and remote routing address of group@clownpenis.fart.

    The result will be a group that nobody on the Internet can send to since clownpenis.fart isn't a routable domain, but infra 1 can send to because you have specifically configured an entry in their GAL and a route to the group.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!


    Wednesday, June 15, 2016 5:24 AM
    Moderator
  • Thanks for response, I meant unauthenticated. I will work on this and see if it works as expected in our infra since email from mailing infra 1 will be coming over internet.


    Regards, Sourabh Kumar Jha | Please mark it as an answer if it solves your problem or vote as helpful if you like it. |

    Wednesday, June 15, 2016 5:27 AM
  • For the first option to work, your firewall and/or load balancer must preserve the source IP address.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Wednesday, June 15, 2016 5:42 AM
    Moderator