Hi Amy and the rest of you!
The setup I run is the following:
* Exchange 2000 with single SMTP Virtual Server.
* Server receives Internet mail directly and has therefore “Anonymous Access” enabled.
* Users can use the server to relay (by means of POP3 or IMAP) if they authenticate, which is why “Allow all computers…” is checked.
* The only computers IP:s on “Only the list below” are servers that require relay (i.e. web server with mail component).
* Server has SSL certificate, but secure channel is not required as this can potentially create problems for remote mail servers that send mail to us (all remote servers do not support encryption, plus, we have issued our own certificate which means that the certificate normally is not trusted by remote servers).
This setup enables us to:
* Send and receive Internet e-mail from any domain.
* Remote users using POP3 or IMAP have to provide correct credentials before relay is allowed.
* Server is NOT listed at http://www.ordb.org or http://orbz.org (server has been submitted several times to really make sure no relay of email is possible). These sites actually try to send email so you can see the results in your SMTP log files as well.
I have tested to:
1) Relay mail from home (through IMAP) without authentication, resulting in RELAY PROHIBITED (550 5.7.1 unable to relay for etc).
2) Relay mail from home with authentication, but with a bogus user name and password, resulting in server requiring correct credentials.
3) Relay mail from home with correct credentials, resulting in proper behavior e.g. delivery of the mail.
So, Amy, back to your question. In my experience the settings you have applied allows incoming email (because of the anonymous access setting), but also prevents relay from trusted users as you didn’t check the “Allow all computers…”!
Proper settings IMO (i.e. the way things work for my three exchange servers at different unrelated sites) are the following:
* Allow anonymous access to accept incoming internet email directly to the server
* Set “Only the list below” and check “Allow all computers…” (if users need to send mail by POP3 or IMAP)
You can find screenshots at http://www.sandqvist.pp.se/smtp if you need more help. The server shown uses a SMTP connector (which is not necessary in many cases) so skip that part if you don’t use one. The results are still the same.
[ January 14, 2002: Message edited by: Johan Sandqvist ]