Exchange: Export SMTP Relay List
There may come a time where you wish to export your allowed relay list in your SMTP virtual server. There is nothing in the SMTP Virtual server that can export the list. This can become encumbersome if your organization maintains a long list of relay hosts. I first approached this by trying to perform an LDIFDE query for the SMTP VS object in ADSIEDIT.
CN=1,CN=SMTP,CN=Protocols,CN=EXC03,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=MSexchange911,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Msexchange911,DC=net
However after reviewing the output and viewing the msExchSMTPRelayIPList I noticed that the output was in octet format.
After doing some research, I came across the following KB article which converts different string formats.
SAMPLE: ARRAYCONVERT.EXE Variant Conversion Functions
After some testing, I could not get this to work. I came across another utility from the Exchange 2000 resource kit called IPSec.vbs. This script has a wide variety of functions to manage your IP Security settings including exporting your relay list. To export the relay list using IPSec.vbs:
1. Download IPSec.vbs
ftp://ftp.smtp25.org/[ James Chong Scripts ]
Download the entire folder ExIPSecurity and save it to your C:
2. Open command prompt and go to your ExIPSecurity directory.
3. C:\ExIPSecurity>regsvr32 exipsec.dll
4. C:\ExIPSecurity>cscript ipsec.vbs -s Exchangeserver -o e -r relay -d DCServername > c:\ExIPSecurity\relaylist.txt
This will export the relay list to a relaylist.txt file.
Other useful tips using IPsec.vbs
Ipsec.vbs -d dc1 -o e -r connection
Ipsec.vbs -d dc1 -o a -r relay -v 127.0.0.1
Ipsec.vbs -d dc1 -o a -r accept -v 22.214.171.124 -m 255.255.255.0
Ipsec.vbs -d dc1 -s server1 -o d -r connection -t domain -v domain1
Ipsec.vbs -d dc1 -s server1 -o c -r deny
Ipsec.vbs -d dc1 -i 2 -o s -r relay -g grant
Note that options '-o s' and '-t domain' are not allowed in global accept/deny lists.
MCSE M+, S+, MCTS, Security+
How useful was this article? Want to see a tip not listed? Please leave a comment.