Authenticating to Exchange 2010 smarthost?

email postfix exchange exchange-2010 smarthost

I usually don't have my Linux and internal servers authenticate to the Exchange server if they're on the same network. Same for other devices that may need to relay (copiers, monitoring systems, etc.). I still may need the smarthost funcationality, though.

The approach I take to enable a dumb server/device-to-server relay like what you're looking for is to enable the smarthost on the Postfix or Sendmail system. It seems as though you know that part. For Sendmail, it's a matter of uncommenting the "dnl" line related to the SMARTHOST entry in /etc/mail/sendmail.mc, and defining an address. For Postfix, it's defining relayhost in /etc/postfix/main.cf. (restart both daemons after the change)

On the Exchange 2010 side, you need to create a new Receive Connector:

Exchange System Manager -> Server Configuration -> Hub Transport -> Receive Connector

Add a new one by right-clicking the frame and selecting "New Receive Connector".

Name it something descriptive, like the FQDN of the Linux server you wish to send from (e.g. postfix.abc.com).

enter image description here

Specify the address/mask of the relaying server; 172.16.2.30/32 in this example.

enter image description here

Continue through the prompts and add the receive connector.

Open the Exchange Management Shell command line window.

You'll want to grant your new receive connector Anonymous privileges.

Execute:

Get-ReceiveConnector RelayConnector | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"

...where "RelayConnector" is postfix.abc.com in my example.

Immediately select the newly-created entry in the Management GUI and select "Properties".

In the "Authentication" tab, deselect all entries. In the "Permission Groups" tab, ensure "Anonymous users" is checked. That's all!

enter image description hereenter image description here


I believe there are 2 components to the solution:

  • Configure postfix to relay: There's a guide here which details the sendmail config. http://www.walkernews.net/2010/05/18/how-to-configure-sendmail-to-relay-email-to-exchange-server/
  • Exchange Server Config to relay emails sent by postfix: You need to configure Exchange server to allow emails from Unix to be relayed. Guide here: http://blogs.technet.com/b/exchange/archive/2006/12/28/3397620.aspx

You can control email relay in exchange by IP, by permission, by using IPSec or mTLS. For an internal unix postfix box, the easiest would be to restrict by IP. You need to create a Send Connector and limit the IP-scope, as detailed in the guide above.

You may need to look-up specific smarthost forwarding guides for postfix.

Configuring Server-Server Authentication between postfix and exchange: Exchange 2010 uses mTLS for externally secured mail relay. Here's a guide on how to set this up from Exchange end. http://technet.microsoft.com/en-us/library/bb123543.aspx

Postfix also supports TLS authentication, but I am not sure how to configure the postfix side of the solution. http://www.postfix.org/TLS_README.html

Related

RAID card w/1x mini-SAS connector : how do I physically connect 16 disks?
Why can I define structures and classes within a function in C++?
How to log exception and message with placeholders with SLF4J
Abstract attribute (not property)?
Maven: How do I activate a profile from command line?
android toolbar popupTheme vs theme
Emacs: reopen buffers from last session on startup?
What is the correct HTTP status code to send when a site is down for maintenance?
Which is the best way to allow configuration options be overridden at the command line in Python?
Precompiled headers with GCC
The SqlParameter is already contained by another SqlParameterCollection - Does using() {} cheat?
Is there a way to guarantee hierarchical output from NetworkX?