I want to let POP3 users who authenticate by sending credentials to the mail server send email messages from outside the office, but I want to prevent all other relaying. On my organization's SMTP virtual server, in the Properties dialog box, I select the Only the list below and the Allow all computers which successfully authenticate to relay, regardless of the list above check boxes. However, these selections don't accomplish what I want. When I send an email message from an Outlook Express machine outside the office, I get a 550 5.7.1 unable to relay for <addressee> error. However, if I select the All except the list below check box, everything works smoothly. Why doesn't my initial set of selections work?

—John Hall

Good news: You're close to a working solution. The wording in the Authentication dialog box of the virtual server properties (which you reach by opening the SMTP virtual server's Properties dialog box, selecting the Access tab, and clicking Authentication) is a little confusing. When you select the Only the list below check box, the virtual server accepts relaying only from the specific IP addresses or domains you add to the list. By default, that list is blank. In your case, if you don't add your clients' IP addresses, the server will quite properly reject their mail—you've told the server to reject any relay attempt from computers that aren't on the (empty) list. That's why the process works properly when you select the All except the list below check box.

What about the Allow all computers which successfully authenticate to relay, regardless of the list above check box? Note that the server doesn't know that a machine has successfully authenticated until after that computer has tried to make a POP3 or IMAP4 connection to pick up mail. The behavior you see probably occurs because your users are queuing up email messages to send, then sending the email messages without checking for new email messages first. Overall, however, All except the list below is probably the better choice because you probably won't know your roaming users' IP addresses.

End of Article


You must log on before posting a comment.

If you don't have a username & password, please register now.

Reader Comments

Does this open the server for all relaying then?

Rosemary Caluori- May 30, 2003

i have a problem. In this solutions the Relay is open and then all computer world will can make spamming thought this virtual server. That is correct?

juan- July 23, 2003

dont't say nothing. anything solution. this is not the solution. Becouse "All except the list below" let the malicious spam relay for our server. I looking for a solution....

Fernando- December 19, 2003

this comment not say nothing. I founded the solution. 1. You must put in Virtual SMTP --> Acces --> Relay : Only the List Below Mark Allow all computers which successfully ...... bla bla bla

2. You must put in Virtual SMTP --> Acces --> Authentification: Annonymous Acces Basic Authentification Integrated windows authentification

Nothing else Work very goog if you send email from computer inside your organizacion and outside your organizacion.

Fernando Torres

Fernando- December 19, 2003

Opens the server for relay to anyone?! Must be a better way!

dan- June 20, 2004

I just paid 14.95 to see "the rest of this article" - only to find it may very well open a relay for the world to use. Paul - what's the deal? Is this a responsible way to configure relay for outside users?????

bdunsing- October 20, 2004

Article Rating 1 out of 5

Paul, I've set up our smtp virtual server to "allow all computers which successfully authenticate to relay, regardless of the list above". However, the authentication from external emailclients does not seem to work; retrieving mail works, but relaying mail does not work. In the clients configuration (outlook express) I use the same credentials for sending / receiving mail. HELP? thnx, Berry Straver

lordw- October 22, 2004

Article Rating 1 out of 5

As Fernando said, you can improve on this solution by enabling authentication for users who send mail through your SMTP server. I assumed that most admnistrators were already doing this, but I should have been more explicit. Sorry about the confusion.

bdunsing: email me privately and I'll refund your $15. You'd probably get more value out of a subscription than the a-la-carte access :)

paulrobichaux- November 15, 2004

Article Rating 3 out of 5

I've done all of this. Authenticated Users...blah blah blah. Still doesn't work.

qmacker- December 21, 2004

Article Rating 1 out of 5