Exchange Server Forums

Secure routing of messages

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [Microsoft Exchange 2003] >> Message Routing >> Secure routing of messages

Page: [1]

Message

<< Older Topic Newer Topic >>

Secure routing of messages - 28.Sep.2009 8:53:43 AM

ljones10

Posts: 19
Joined: 31.Jul.2009
Status: offline

Hi Everyone,

I need to be able to route messages for a secure network which has been setup which does not go across the internet. We need to be able to select messages which go down the secure route via the email box (not the address) that the messages are coming from. We need to ensure that only certain users can send secure email through the dedicated line but normal users can still send to these addresses across the internet.

i have looked at methods for doing this and it appears that i need a SMTP connector which can route the traffic on to the second MIMESWEEPER server we are proposing to put in at the front end. Can anyone give me any advice of what i would need to achieve this? I am sorry if it sounds vague but it is quite difficult to explain.

Any help would be much appreciated.

Cheers

Lee

Post #: 1

Featured Links*

RE: Secure routing of messages - 28.Sep.2009 1:11:43 PM

ljones10

Posts: 19
Joined: 31.Jul.2009
Status: offline

Hi Neko,

Thanks for you reply regarding this and this information is really helpful.

I am still unclear if what is been asked is possible to achieve. I have now set this up in our test lab and have found the following issues.

There is a MX record on the internet and on the secure network which resolves to exactly the same domain name. When i setup a SMTP connector for the domain this routes the secure users but also the non secure users down the secure pipe. What i want to achieve is any secure users which i specify in accepted messages from box to only be able to deliever down the secure pipe. Any users which are not specified on this connector should go out through the internet route.

I have been asked to ensure that only users who are secure users can go down the secure pipe and normal users should be able to send email through the internet. When using exchange to do this it seems that i can either use the internet route for everyone or the secure route for everyone for specified domain name.

I am really finding this difficult to see how this can work when you have MX records in 2 places which resolve to the same name.

Any further help would be much appreciated.

Cheers

Lee

(in reply to ljones10)

Post #: 2

RE: Secure routing of messages - 28.Sep.2009 1:25:03 PM

uemurad

Posts: 8232
Joined: 7.Jan.2004
From: California, USA
Status: offline

Let's take your question in three parts.

1. Is it possible to route outbound mail to one particular SMTP domain in a specific manner? Yes. You specify that SMTP domain on the Address Space tab in the SMTP Connector properties.

2. Is it possible to route those messages via a special gateway? Yes. On the General tab of the SMTP Connector properties, indicate you will forward all messages to a smarthost, and enter the IP address of your second MIMESweeper server.

3. Is it possible to limit this route to a list of users? Yes. On the Delivery Restrictions tab of the SMTP Connector properties, you can specify either individually or via groups who can send through the connector and who cannot. Administratively it would be easier to do via an AD Group, so that you only have to modify the group instead of editing a static list in the Exchange Organization. In addition, you need to check the registry on each of your Exchange servers that acts as a bridgehead for the connector. In the following subkey:

HKLM/System/CurrentControlSet/Services/Resvc/Parameters

You need a REG_DWORD value named CheckConnectorRestrictions. If you have to create it, you'll need to restart the SMTP Service and the Microsoft Exchange Routing Engine services.

Does this answer your questions?

_____________________________

Regards,

Dean T. Uemura
Microsoft MVP - Exchange (2007-2011)
exchangeguy.blogspot.com
uemurad@yahoo.com

(in reply to ljones10)

Post #: 3

RE: Secure routing of messages - 29.Sep.2009 4:36:53 AM

ljones10

Posts: 19
Joined: 31.Jul.2009
Status: offline

Hello Dean,

Thanks for all your help

What Value do i set the registry key to in REsvc\Parameters? Does this key make the restrictions work that you specify on the restrcitions tab within the SMTP connector properties?

I am still confused what will happen to Normal users who need to send to the domain which is specified on the new SMTP connector with the restrictions in place. Will exchange reject these messages and bounce back to the users who are not specified on the secure route or will it then try the internet SMTP connector?

Cheers

Lee

(in reply to uemurad)

Post #: 4

RE: Secure routing of messages - 29.Sep.2009 10:02:51 AM

uemurad

Posts: 8232
Joined: 7.Jan.2004
From: California, USA
Status: offline

quote:

What Value do i set the registry key to in REsvc\Parameters? Does this key make the restrictions work that you specify on the restrcitions tab within the SMTP connector properties?

I guess that would have been helpful, eh?

Set that value to 1 if you want it to check the Restrictions.

_____________________________

Regards,

Dean T. Uemura
Microsoft MVP - Exchange (2007-2011)
exchangeguy.blogspot.com
uemurad@yahoo.com

(in reply to ljones10)

Post #: 5

RE: Secure routing of messages - 29.Sep.2009 10:32:16 AM

ljones10

Posts: 19
Joined: 31.Jul.2009
Status: offline

Thanks Uemurad,

Have you got any idea's to my other question in my last post.

quote:

I am still confused what will happen to Normal users who need to send to the domain which is specified on the new SMTP connector with the restrictions in place. Will exchange reject these messages and bounce back to the users who are not specified on the secure route or will it then try the internet SMTP connector?

quote:

Cheers

Lee

(in reply to uemurad)

Post #: 6

RE: Secure routing of messages - 29.Sep.2009 10:55:51 AM

uemurad

Posts: 8232
Joined: 7.Jan.2004
From: California, USA
Status: offline

According to my old pal Bharat Suneja (okay, "pal" might be a stretch, but I do feel a kinship after sharing a classroom with him for a couple nights a week for several months), Exchange looks at the connector restrictions first before deciding which connector to attempt to use. Here's a nice article he wrote on the subject.

In short, the specific user inclusions and exclusions will be checked first. The others will not have their messages bounced unless there is no connector which fits. Since your default connector should have no restrictions and a global Address Space ("*"), that one should always be available and therefore everyone else's mail should get out through the Internet normally.

_____________________________

Regards,

Dean T. Uemura
Microsoft MVP - Exchange (2007-2011)
exchangeguy.blogspot.com
uemurad@yahoo.com

(in reply to ljones10)

Post #: 7

RE: Secure routing of messages - 29.Sep.2009 11:45:14 AM