Exchange Server Forums

cdosys and exchange 2007

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [Microsoft Exchange 2007] >> Secure Messaging >> cdosys and exchange 2007

Page: [1]

Message

<< Older Topic Newer Topic >>

cdosys and exchange 2007 - 14.May2008 2:18:15 AM

halinab

Posts: 8
Joined: 5.May2008
Status: offline

I'm trialling an asp script for managing email newsletters - anyway it uses cdosys and does allow for authentication.
But when I try and send an email externall I receive the error
error '8004020f'
/newspad/functions/functions_send_mail.asp, line 242

all my googling seems to indicate a problem with relay for exchange - which is possible
I have setup a hub transport receive connector with basic and exchange authentication checked together with allowing annonymous and exchange users.
but no go still an error - I don't want to set up an open relay which has already set me up for spammers to use my system.

i checked the logs
and it authenticates the user and then I seem to be getting a
550 5.7.1 Client does not have permissions to send as this sender
though I have annoymous users checked

any suggestions am I on the right track?

Post #: 1

Featured Links*

RE: cdosys and exchange 2007 - 14.May2008 11:45:59 AM

John Weber

Posts: 490
Joined: 20.Apr.2005
From: Portland, Oregon
Status: offline

I am just swagging here...
But look at this:
Get-ReceiveConnector "CRM Application" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"

And then read all of this:
http://tsoorad.blogspot.com/2008/01/allowing-application-servers-to-relay.html

I always put together distinct receive connectors to handle things like this - it is one of the things about e2k7 that I really like.

_____________________________

-jmw
http://tsoorad.blogspot.com

(in reply to halinab)

Post #: 2

RE: cdosys and exchange 2007 - 14.May2008 7:20:13 PM

halinab

Posts: 8
Joined: 5.May2008
Status: offline

boy do I know I can do that - but that opens me up to open relay. and have already been hit by spammers taking over exchange and sending over 100,000 emails

so I don't want to do that - but what I did do was put verbose logging on my receive connectors and found the defulat connector was being used for cdosys.

I changed 1 thing on the default connector - removed basic authenication after tls and it worked - hope this does open me up too much to spammers .

will monitor exchange logs for the next couple of days to ensure it is secure.

thanks anyway

(in reply to John Weber)

Post #: 3

RE: cdosys and exchange 2007 - 15.May2008 12:32:20 AM

Elan Shudnow

Posts: 294
Joined: 4.Jan.2007
From: Chicago, IL
Status: offline

What he said would not open you up to Open Relay. On the connector you open it up, you restrict IP Addresses of systems that can use that connector to relay. When the application then tries to relay, Exchange sees the IP, sees that the connector explicitly has the IP defined and has the application use that specific connector. Since you've granted relay permission to anonymous group on that connector, the application will successfully be able to relay using that connector.

I would do this over what you do by removing basic authentication on your Default Connector. That would be less secure than doing what was explained above.

_____________________________

Elan Shudnow
http://www.shudnow.net

(in reply to halinab)

Post #: 4

RE: cdosys and exchange 2007 - 15.May2008 7:32:55 AM

halinab

Posts: 8
Joined: 5.May2008
Status: offline

thanks for the tip - will give it a try

(in reply to halinab)

Post #: 5

RE: cdosys and exchange 2007 - 15.May2008 7:40:17 AM

halinab

Posts: 8
Joined: 5.May2008
Status: offline

a question though - how do I know what connector it is going through - even though I setup a custom one - it goes through the default - according to the logs?

(in reply to halinab)

Post #: 6