Exchange Distribution Group restriction
Today one of our customers called me and asked how they can prevent from receiving e-mails from Internet for particular distribution group. They have Exchange 2010 SP2. I instructed him to check field on properties of distribution group called Require that all senders are authentificated.
Require that all senders are authentificated
Customer called me that this switch doesn’t work. They still receive e-mail from Internet for these groups. It was weird. After couple minutes I found out that problem was in Receive Connectors. They had Custom Receive Connector to relay e-mails from outside the world. These relay connectors were set as following:
Authentication tab
and also this:
Permissions Group tab
These receive connectors were set by me to allow relay from outside the world and also from, at that time existing, Exchange 2003. Also relay from printers and other devices. Problem is that if you check Externally Secured (for example with IPsec) option (you need it to be able to check Legacy Exchange Servers) all e-mails received on this connector are trusted and handled as sent from Authentificated users. That means that regardles on settings on mail-enabled accounts (if they can or cannot receive e-mail from un-authentificated users) all mails are delivered. This setting was set during Exchange 2003 -> Exchange 2010 migration and should be set to following scenario when Exchange 2003 is gone:
Authentication tab
and also this:
Permissions Groups tab
I hope this helps and you won’t make mistakes as I did 🙂
Recent Comments