Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Restrict outbound relay domain
- Thread starter tdrew
- Start date
ShackDaddy
MIS
There are two approaches to this:
First:
Add the additional domains to the Accepted Domains list as External Relay type domains. Then inbound messages to your organizations with those domains as the recipient domains would then be forwarded on to them. The senders would not need to authenticate to do that. If non-authenticated users tried to relay anywhere else, they'd get a bounceback.
---------------------------
Second:
If you could reliably identify the IP addresses that DOMAINA would be using to send from, it would be easier to do this. That takes care of the initial "allowed to relay" issue, since you could create a custom receive connector to handle their inbound connections, and allow relaying of all their mail. There's nothing in the ReceiveConnector settings that will allow the receive connector to parse the destination domain to see if it's allowed (unless you added the destination domains to your Remote Domains list in Org->Hub).
From there you could create a transport rule that would look for "*@domainA.com" sender addresses on outbound emails and delete/drop them unless they were going to specific remote domains.
Dave Shackelford
ThirdTier.net
TrainSignal.com
First:
Add the additional domains to the Accepted Domains list as External Relay type domains. Then inbound messages to your organizations with those domains as the recipient domains would then be forwarded on to them. The senders would not need to authenticate to do that. If non-authenticated users tried to relay anywhere else, they'd get a bounceback.
---------------------------
Second:
If you could reliably identify the IP addresses that DOMAINA would be using to send from, it would be easier to do this. That takes care of the initial "allowed to relay" issue, since you could create a custom receive connector to handle their inbound connections, and allow relaying of all their mail. There's nothing in the ReceiveConnector settings that will allow the receive connector to parse the destination domain to see if it's allowed (unless you added the destination domains to your Remote Domains list in Org->Hub).
From there you could create a transport rule that would look for "*@domainA.com" sender addresses on outbound emails and delete/drop them unless they were going to specific remote domains.
Dave Shackelford
ThirdTier.net
TrainSignal.com
- Status
Similar threads
- Locked
- Question
- Locked
- Question