You could also configure permissions to determine
who could submit a message to the SMTP virtual server. The same can be accomplished in Exchange
Server 2007 when you specify permission groups for the connector. In Figure 7 - 11 you saw the
permission groups assigned to each type of Receive Connector created. There are specific permissions
associated with these permission groups. For example, the ms-Exch-SMTP-Accept-Any-Recipient
permission allows the session to relay messages through the connector. To view the permissions, use the
Get-ADPermission cmdlet in conjunction with the Get-ReceiveConnector cmdlet, as shown in
Figure 7 - 13 . Such granular changes can be made directly to Active Directory or by using the
Add/Remove-ADPermission cmdlet. On the other hand, the Set-ReceiveConnector cmdlet can be
used to add/remove permission groups.
For example, you may have created a Receive Connector with a Partner domain. By default the
permission group associated with that connector allows for the partner server account to submit
( ms-Exch-SMTP-Submit ) messages and retain all the receive headers ( ms-Exch-Accept-Headers-Routing )
over a secure TLS session. If due to acquisition or some other valid reason you later choose to allow the
partner server account to relay messages through the connector, then simply grant the granular permission
Ms-Exch-SMTP-Accept-Any-Recipient or add the ExchangeUsers permission group to the Receive
Connector, as shown in Figure 7 - 14 .
Pages:
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312