Google
Search WWW Search msexchangetips.blogspot.com

Friday, September 01, 2006

Exchange: Export SMTP Relay List

Summary:

There may come a time where you wish to export your allowed relay list in your SMTP virtual server. There is nothing in the SMTP Virtual server that can export the list. This can become encumbersome if your organization maintains a long list of relay hosts. I first approached this by trying to perform an LDIFDE query for the SMTP VS object in ADSIEDIT.

CN=1,CN=SMTP,CN=Protocols,CN=EXC03,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=MSexchange911,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Msexchange911,DC=net

However after reviewing the output and viewing the msExchSMTPRelayIPList I noticed that the output was in octet format.

msExchSmtpRelayIpList::
GAAAgCAAAIA8AACARAAAgAEAAABMAAAAAAAAAAAAAAAB
AAAAAQAAAAIAAAACAAAABAAAAAAAAABMAA
CAAAAAAAAAAAAAAAAAAAAAAP////8CAgIC

After doing some research, I came across the following KB article which converts different string formats.

SAMPLE: ARRAYCONVERT.EXE Variant Conversion Functions
http://support.microsoft.com/kb/q250344/

After some testing, I could not get this to work. I came across another utility from the Exchange 2000 resource kit called IPSec.vbs. This script has a wide variety of functions to manage your IP Security settings including exporting your relay list. To export the relay list using IPSec.vbs:

1. Download IPSec.vbs

ftp://ftp.smtp25.org/[ James Chong Scripts ]

Download the entire folder ExIPSecurity and save it to your C:
2. Open command prompt and go to your ExIPSecurity directory.

3. C:\ExIPSecurity>regsvr32 exipsec.dll

4. C:\ExIPSecurity>cscript ipsec.vbs -s Exchangeserver -o e -r relay -d DCServername > c:\ExIPSecurity\relaylist.txt

This will export the relay list to a relaylist.txt file.

Other useful tips using IPsec.vbs

Examples:
Ipsec.vbs -d dc1 -o e -r connection
Ipsec.vbs -d dc1 -o a -r relay -v 127.0.0.1
Ipsec.vbs -d dc1 -o a -r accept -v 123.123.123.0 -m 255.255.255.0
Ipsec.vbs -d dc1 -s server1 -o d -r connection -t domain -v domain1
Ipsec.vbs -d dc1 -s server1 -o c -r deny
Ipsec.vbs -d dc1 -i 2 -o s -r relay -g grant

Note that options '-o s' and '-t domain' are not allowed in global accept/deny lists.




James Chong
MCSE M+, S+, MCTS, Security+
msexchangetips.blogspot.com


How useful was this article? Want to see a tip not listed? Please leave a comment.

4 Comments:

Anonymous Anonymous said...

Thanks for the tips. I am new to scripting and have a large list of ip's with sm's to add. How can a loop be added to achieve this?

11:07 AM  
Blogger TonyC said...

This article was useful as it gave the correct syntax to use to export to a text file, all the IPs which our ORG allows to relay/connect to our front-end SMTPVSs. The article has a hyperlink to an FTP area which no longer exists .... also, it would be great if the article gave the full, correct syntax of how to 'import' or otherwise update a large number of IPs into the 'allowed' list ... this would be great for a very quick and simple 'recovery' of such long lists as (i'm sure) many companies hold in their 'relay or connection granted' lists .... many thanks Tony C.

1:44 AM  
Blogger TonyC said...

This article was semi-useful as it gave me the correct syntax to use to export to a text file, all the IPs which or ORG allows to relay/connect to our front-end SMTPVSs. The article had a hyperlink to an FTP area which no longer exists .... also, it would be great if the article also gave the full correct syntax of how to 'import' or otherwise update a large number of IPs into the 'allowed' list ... this would be great for a very quick and simple 'recovery' of such long lists as (i'm sure) many companies hold in their 'relay or connection granted' lists .... many thanks Tony C.

1:44 AM  
Blogger xinxin said...

The louis vuitton is one of the products in the Monogram canvas family of louis vuitton bags . Other quite similar bags in this family include the likes of Monogram Roses Canvas , the Deauville and the Sac Chasse Bag; among others. While I confess to being an old-time fan of Monogram Rubis , having used so many of the products from this label, it is the Carryall - which I have only gotten to use quite recently - that I have been most enchanted with.

6:18 PM  

Post a Comment

<< Home

xml:lang="en" lang="en"> MS Exchange Tips: Exchange: Export SMTP Relay List