cdosys and exchange 2007 (Full Version)

All Forums >> [Microsoft Exchange 2007] >> Secure Messaging



Message

halinab -> cdosys and exchange 2007 (14.May2008 2:18:15 AM)

I'm trialling an asp script for managing email newsletters - anyway it uses cdosys and does allow for authentication.
But when I try and send an email externall I receive the error
error '8004020f'
/newspad/functions/functions_send_mail.asp, line 242

all my googling seems to indicate a problem with relay for exchange - which is possible
I have setup a hub transport receive connector with basic and exchange authentication checked together with allowing annonymous and exchange users.
but no go still an error - I don't want to set up an open relay which has already set me up for spammers to use my system.

i checked the logs
and it authenticates the user  and then I seem to be getting a
550 5.7.1 Client does not have permissions to send as this sender
though I have annoymous users checked

any suggestions am I on the right track?



John Weber -> RE: cdosys and exchange 2007 (14.May2008 11:45:59 AM)

I am just swagging here...
But look at this:
Get-ReceiveConnector "CRM Application"  | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"

And then read all of this:
http://tsoorad.blogspot.com/2008/01/allowing-application-servers-to-relay.html

I always put together distinct receive connectors to handle things like this - it is one of the things about e2k7 that I really like.



halinab -> RE: cdosys and exchange 2007 (14.May2008 7:20:13 PM)

boy do I know I can do that - but that opens me up to open relay. and have already been hit by spammers taking over exchange and sending over 100,000 emails

so I don't want to do that - but what I did do was put verbose logging on my receive connectors and found the defulat connector was being used for cdosys.

I changed 1 thing on the default connector - removed basic authenication after tls and it worked - hope this does open me up too much to spammers .

will monitor exchange logs for the next couple of days to ensure it is secure.

thanks anyway



Elan Shudnow -> RE: cdosys and exchange 2007 (15.May2008 12:32:20 AM)

What he said would not open you up to Open Relay.  On the connector you open it up, you restrict IP Addresses of systems that can use that connector to relay.  When the application then tries to relay, Exchange sees the IP, sees that the connector explicitly has the IP defined and has the application use that specific connector.  Since you've granted relay permission to anonymous group on that connector, the application will successfully be able to relay using that connector.

I would do this over what you do by removing basic authentication on your Default Connector.  That would be less secure than doing what was explained above.



halinab -> RE: cdosys and exchange 2007 (15.May2008 7:32:55 AM)

thanks for the tip - will give it a try



halinab -> RE: cdosys and exchange 2007 (15.May2008 7:40:17 AM)

a question though - how do I know what connector it is going through - even though I setup a custom one - it goes through the default - according to the logs?



Page: [1]