Home > Exchange, Security, Windows > Exchange Distribution Group restriction

Exchange Distribution Group restriction

Today one of our customers called me and asked how they can prevent from receiving e-mails from Internet for particular distribution group. They have Exchange 2010 SP2. I instructed him to check field on properties of distribution group called Require that all senders are authentificated.

Require that all senders are authentificated

Require that all senders are authentificated

Customer called me that this switch doesn’t work. They still receive e-mail from Internet for these groups. It was weird. After couple minutes I found out that problem was in Receive Connectors. They had Custom Receive Connector to relay e-mails from outside the world. These relay connectors were set as following:

Authentication tab

Authentication tab

and also this:

Permissions Group tab

Permissions Group tab

These receive connectors were set by me to allow relay from outside the world and also from, at that time existing, Exchange 2003. Also relay from printers and other devices. Problem is that if you check Externally Secured (for example with IPsec) option (you need it to be able to check Legacy Exchange Servers) all e-mails received on this connector are trusted and handled as sent from Authentificated users. That means that regardles on settings on mail-enabled accounts (if they can or cannot receive e-mail from un-authentificated users) all mails are delivered. This setting was set during Exchange 2003 -> Exchange 2010 migration and should be set to following scenario when Exchange 2003 is gone:

Authentication tab

Authentication tab

and also this:

Permissions Groups tab

Permissions Groups tab

I hope this helps and you won’t make mistakes as I did 🙂

  1. No comments yet.
  1. No trackbacks yet.