RSS

匿名权限账户在接受连接器上的四个默认权限

04 Feb

此文是为了更新up砖头6那篇文档而发的。请查看:Exchange2007 接收发送连接器的安全权限

 

接受连接器上默认是没有匿名账户权限的,如果你没有edge,又要收公网的邮件,那么就需要勾选匿名。

[PS] C:\>Get-ExchangeServer | ? {$_.serverrole -like "hub*" } | Get-ReceiveConne
ctor | ? {$_.name -like "de*" } | Get-ADPermission  | where {$_.user -like "*ano
n*"}

勾选前后的权限差异

[PS] C:\>Get-ExchangeServer | ? {$_.serverrole -like "hub*" } | Get-ReceiveConne
ctor | ? {$_.name -like "de*" } | Get-ADPermission  | where {$_.user -like "*ano
n*"} | fl extendedrights

主要差异的权限为:

{ms-Exch-SMTP-Submit}

{ms-Exch-SMTP-Accept-Any-Sender}

{ms-Exch-SMTP-Accept-Authoritative-Domain-Sender}

{ms-Exch-Accept-Headers-Routing}

ok,重新去掉匿名权限后来测试一下:

1. ms-Exch-SMTP-Submit
如果smtp线程没有该权限,远端将无法通过该连接器提交邮件

添加上权限

[PS] C:\>Get-ExchangeServer | ? {$_.serverrole -like "hub*" } | Get-ReceiveConne
ctor | ? {$_.name -like "de*" } | Add-ADPermission –user “nt authority\anonymo
us logon” –extendedrights ms-exch-smtp-submit

再测试,出现下面的错误,这是正常的

2-ms-Exch-SMTP-Accept-Any-Sender

要解决上面的错误需要另外一个权限ms-Exch-SMTP-Accept-Any-Sender

[PS] C:\>Get-ExchangeServer | ? {$_.serverrole -like "hub*" } | Get-ReceiveConne
ctor | ? {$_.name -like "de*" } | Add-ADPermission –user “nt authority\anonymo
us logon” –extendedrights ms-exch-smtp-accept-any-sender

测试,ok了

可是为什么会出现下面的错误呢?

3-ms-Exch-SMTP-Accept-Authoritative-Domain-Sender

其实很简单,测试环境中的权威域设置为contoso.com了,匿名用户没有权限呀。添加权限后测试:

[PS] C:\>Get-ExchangeServer | ? {$_.serverrole -like "hub*" } | Get-ReceiveConne
ctor | ? {$_.name -like "de*" } | Add-ADPermission –user “nt authority\anonymo
us logon” –extendedrights ms-Exch-SMTP-Accept-Authoritative-Domain-Sender

现在测试就通过了。

可是你测试:

报open relay错误了。要了解该问题,请去winos 查看砖头文06了解此问题。

4-ms-Exch-SMTP-Accept-Any-Recipient

[PS] C:\>Get-ExchangeServer | ? {$_.serverrole -like "hub*" } | Get-ReceiveConne
ctor | ? {$_.name -like "de*" } | Add-ADPermission –user “nt authority\anonymo
us logon” –extendedrights ms-Exch-SMTP-Accept-Any-Recipient

这样,你的exchange服务器就是一个非常优秀的openrelay服务器了。

Advertisements
 
Leave a comment

Posted by on February 4, 2010 in Exchange Server

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: