Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Accepted Domains wierdo!

Status
Not open for further replies.

TheMisio

Technical User
Sep 26, 2005
229
BE
Dear All,

I thought I understood the concept of the accepted domains quite well. However, I've just started working for an Org, and I just cannot see the organization’s domain suffix in the accepted domains list. We are still receiving emails though. There are several sub domains of our main one i.e.

sub1.domain.com
sub2.domain.com
sub3.domain.com

Should I presume that if I create a sub domain in the Accepted Domains List, all domains within the DNS namespace will also be accepted?

Any clarification would be much appreciated.

Regards.

Michael.
 
ShackDaddy,

Thanks for the reply. However, it gets better: I've realised (tested it) that our Exchange Org will accept emails for any domain! For example if I crate a domain: justanexample.com, create mx record for it and add an email address to my account with this suffix, our Exchange will deliver email sent to this address even though it doesn't exist anywhere within our Exchange Org (apart from an additional custom address in my account).

I just don't get this. I checked our receive connectors, and can't find anything unusual there.

According to all documentation out there, the Exchange Org should only accept messages destined for domains in its Accepted Domains list and reject all other.

Regards.

Michael.
 
So when you look at your Accepted Domains list, there are no domains that are just a wildcard? Did you do a migration from Exchange 2003 at some point and fail to remove a legacy email address policy that had a wildcard domain in it?

Dave Shackelford
ThirdTier.net
TrainSignal.com
 
ShackDaddy,

Nope. No wildcards there. Also (just for the sanity) I used PS to check Accepted Domain list. Only our subdomains are listed.

It isn't a massive issue, but I thought I knew Exchange well. It appears I don't.

Regards.

Michael.
 
Maybe it works like this:

You can't add a domain to the Email Address Policy unless it's listed in Accepted domains. But you can bypass both AcceptedDomains and the Address policy by manually adding an address to a mailbox. If the mail can get there by some means (MX record) then it will be delivered if it matches a local mailbox.

Dave Shackelford
ThirdTier.net
TrainSignal.com
 
My understanding is it should NOT accept mail for a domain that's not listed in the accepted domains list.

Time for some lab testing....<scurries off to the lab>

Do you have your Tek-Tips.com Swag? I've got mine!

Stop by the new Tek-Tips group at LinkedIn.
 
58sniper,

That is exactly what I thought was the case. There's got to be something with this org (I've just inherited it from another admin) that allows all domains to get through.

Please let us know if you can find something in you the lab.

Here's the setup if it helps: Exchange 2007 SP1 RU6 running on Windows 2003 R2.

Regards.

Michael.
 
Is this a relaying issue rather than an accepted domains issue? Since you are internal, you're able to send in to anyone?
 
Can you confirm that these tests were sent from EXTERNAL mailboxes and were then routed to the server for delivery?

I am wondering whether certain other conditions could account for internal mailboxes behaving as you described: add Johnboy@boyscoutcabal.org as an email address on an internal user and another internal user may be able to reach it, but an external user probably would not.

What are you seeing?

Dave Shackelford
ThirdTier.net
TrainSignal.com
 
ShackDaddy,

Definitely from external mailboxes: (gmail). I wasn't much surprised when it worked internally (although I still thought it should have NDR'ed).

I'm just not sure if it's a bug, a feature or there is another setting somewhere in our Org overwriting the "default" behavior.

Regards.

Michael
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top