How to Restrict Relaying Based on a Security Group

  • Article

 

It is useful to restrict relaying on virtual servers if you want to allow a group of users to relay mail to the Internet and deny relay privileges for a different group.

Before You Begin

Before you perform the procedure in this topic, read Securing Your Exchange Server.

The following permissions are required to perform this procedure:

  • Member of the local administrators group and a member of a group that has had the Exchange Administrators role applied at the administrative group level

Procedure

To restrict relaying based on a security group

  1. Start Exchange System Manager: Click Start, point to All Programs, point to Microsoft Exchange, and then click System Manager.

  2. In the console tree, expand Servers, expand the server that you want, expand Protocols, and then expand SMTP.

  3. Right-click the SMTP virtual server on which you want to apply relay restrictions, and then click Properties.

  4. In <SMTP Virtual Server> Properties, click the Access tab, and then click Relay.

  5. In Relay Restrictions, clear the Allow all computers which successfully authenticate to relay, regardless of the list below check box, and then click Users to specify a subset of users that you want to grant relay permissions on this SMTP virtual server.

  6. In Permissions for Submit and Relay, to remove a user or group, select the group or user, and then click Remove.

  7. To add a group or user, click Add, and then select the users or group for which you want to specify permissions. Select from one of the following options:

    • On Windows Server 2003, in Select Users, Computers or Groups, under Enter the object name to select, type the name of the user or the group. If you want to search for the user or group, click Advanced, search for the user or group name, and then click Check Names to validate your entry. Click the examples link to view the acceptable formats for your entries.

    • On Windows 2000 Server, in Select Users, Computers or Groups, select the group or user that you want to grant submit permissions, and then click Add.

  8. Click OK to return to the Permissions for Submit and Relay dialog box.

  9. Under Group or user names list, select the group you just added.

  10. Under Permissions for <selected group>, next to Submit Permission, if necessary, select the check box under Allow to allow the selected user or group to submit mail through this SMTP virtual server.

  11. Next to Relay Permissions, select the check box under Allow to permit the selected object to relay through this SMTP virtual server, or select the check box under Deny to prevent the selected object from relaying through this virtual server.

    Note

    You must allow Submit Permissions if you want to allow Relay Permissions.

  12. Click OK.