We need to let a few of our users send Internet mail but want to prevent most users from doing so. What's the easiest way to do this?
The simplest method is a little nonintuitive but is nevertheless a neat application of Exchange 2000 Server's native features. Here's what you need to do:
- Assign a default recipient policy that assigns an SMTP proxy address that would be invalid on the Internet—for example, @company.123. (For more information about recipient policies, see "The Exchange Recipient Update Service," InstantDoc ID 45972.)
- Assign a secondary recipient policy that assigns the correct SMTP proxy address (e.g., @company.com).
- Apply the secondary recipient policy to those users or groups who need to be able to send mail to the Internet.
- Configure your Exchange server systems to use one bridgehead to send SMTP mail to the Internet.
- On that bridgehead machine, use sender filtering on the SMTP virtual server to drop any email from senders whose addresses match the default recipient policy.