Article ID: 935635
Article Last Modified on 10/25/2007
APPLIES TO
- Microsoft Exchange Server 2003 Standard Edition
- Microsoft Exchange Server 2003 Enterprise Edition
INTRODUCTION
This article describes how to use the IPsec.vbs program to export a Simple Mail Transfer Protocol (SMTP) relay list from a computer that is running Microsoft Exchange Server 2003. Additionally, this article describes how to import the SMTP relay list to another computer that is running Exchange 2003.
Note The IPsec.vbs program file is included with the Microsoft Exchange Server SMTP Internet Protocol Restriction and Accept/Deny List Configuration tool (ExIpSecurity.exe).
MORE INFORMATION
To obtain IPsec.vbs
Exchange 2003 and Microsoft Exchange 2000 Server provide connection controls for the SMTP virtual servers. They also provide relay controls for the SMTP virtual servers. You can use these controls to help limit the number of computers that can connect to a virtual server. Additionally, you can use these controls to help limit the number of computers that can relay e-mail messages outside the Exchange 2003 organization. To view these controls, use Exchange System Manager.
The IPsec.vbs program lets you programmatically view the connection settings and the relay control settings on an Exchange 2003 server or on an Exchange 2000 server. The IPsec.vbs program also lets you programmatically modify these settings.
For more information about how to obtain the IPsec.vbs program and about how to use the program, click the following article number to view the article in the Microsoft Knowledge Base:
810913 Programmatic modification of SMTP virtual server access and relay control
To export an SMTP relay list and to then import an SMTP relay list
To export an SMTP relay list from one computer that is running Exchange 2003 and to then import that list to another computer that is running Exchange 2003, follow these steps.
Step 1: Install the IPsec.vbs tool on the source Exchange server and on the destination Exchange server
- Download the ExIpSecurity.exe program. To obtain the Exchange 2003 version of this program, visit the following Microsoft Web site:
- Run the ExIpSecurity.exe program to extract the program files to a folder on the hard disk. By default, this program creates a folder that is named ExIpSecurity. This folder contains the following files:
- Eula.txt
- ExIpsec.dll
- IPsec.vbs
- SMTP Internet Protocol Restriction and Accept Deny List Configuration.doc
- Register the ExIpsec.dll file. To do this, click Start, click Run, type regsvr 32 c:\ExIpSecurity\exipsec.dll, and then click OK.
- On the following message that appears, click OK:
Step 2: Export the SMTP relay list from the source server
- Start a command prompt, and then use the cd command to change to the ExIpSecurity directory.
- Type the following command, and then press ENTER to export the IP addresses from the SMTP relay list from the source server:
cscript IPsec.vbs –s
SourceServer
–o e –r relay –dDomainController
>C:\exipsecurity\exportrelaylist.txtSourceServer
with the name of the Exchange 2003 server from which you want to export the relay list. Also, replaceDomainController
with the name of a domain controller. - After this command is completed successfully, start Windows Explorer, and then locate the C:\ExIpSecurity\Exportrelaylist.txt file.
Step 3: Create a batch file that contains the IP addresses to import
- Copy the Exportrelaylist.txt file to a computer that is running a spreadsheet program, such as Microsoft Office Excel.
- Use any text editor, such as Notepad, to open the Exportrelaylist.txt file.
- Copy all the IP addresses from the Exportrelaylist.txt file. These IP addresses appear in the IP section of this file.
- Start a spreadsheet program, such as Excel.
- Paste each IP address from the Exportrelaylist.txt file into a separate cell in column B of a blank worksheet. For example, paste the first IP address into cell B1. Paste the second IP address into cell B2, and so on.
- Type the following text in cell A1 of the worksheet:
cscript IPsec.vbs –s
DestinationServer
–o a –r relay –dDomainController
–vDestinationServer
with the name of the Exchange 2003 server to which you want to import the relay list. - Copy cell A1, and then paste the contents into the column A cells that correspond to the IP address entries in column B.
Note An example table that illustrates how these worksheet entries appear is displayed at the end of this section. - Select the populated contents of column A and of column B. For example, select cells A1 through B5.
- Press CTRL+C to copy the contents of these cells.
- Open a new blank text file in Notepad or in another text editor, and then press CTRL+V to paste the contents from the worksheet into the text file.
Note An example file that illustrates how this text appears is displayed at the end of this section. - Save the text file as AddIPrelay.bat.
- Copy the AddIPrelay.bat file to the ExIpSecurity folder on the destination Exchange 2003 server.
Example worksheet entries
The following table illustrates example values for the worksheet that contains the IP address entries to import into the relay list:
A | B |
---|---|
cscript IPsec.vbs –s ServerB –o a –r relay –d DC-1 –v | 192.168.0.100 |
cscript IPsec.vbs –s ServerB –o a –r relay –d DC-1 –v | 192.168.0.101 |
cscript IPsec.vbs –s ServerB –o a –r relay –d DC-1 –v | 192.168.0.102 |
cscript IPsec.vbs –s ServerB –o a –r relay –d DC-1 –v | 192.168.0.103 |
cscript IPsec.vbs –s ServerB –o a –r relay –d DC-1 –v | 192.168.0.104 |
In this table, ServerB is the name of the destination Exchange 2003 server. Additionally, DC-1 is the name of the domain controller:
Example text editor entries
cscript IPsec.vbs –s ServerB –o a –r relay –d DC-1 –v 192.168.0.100 cscript IPsec.vbs –s ServerB –o a –r relay –d DC-1 –v 192.168.0.101 cscript IPsec.vbs –s ServerB –o a –r relay –d DC-1 –v 192.168.0.102 cscript IPsec.vbs –s ServerB –o a –r relay –d DC-1 –v 192.168.0.103 cscript IPsec.vbs –s ServerB –o a –r relay –d DC-1 –v 192.168.0.104
Step 4: Import the SMTP relay list into the destination server
- On the destination server, start a command prompt, and then use the cd command to change to the ExIpSecurity directory.
- At the command prompt, type the following command, and then press ENTER:
addiprelay.bat > addiprelayresults.txt
Note This command runs the AddIPrelay.bat file. Then, the command directs the output to a text file that is named Addiprelayresults.txt. You can examine this text file to verify that the .bat file ran successfully. In this text file, results that resemble the following will be displayed:
Microsoft (R) Windows Script Host Version 5.6 Copyright (C) Microsoft Corporation 1996-2001. All rights reserved. Default: Deny permission Adding to IpGrant WriteList completed: (192.168.0.100) is added. Completed Microsoft (R) Windows Script Host Version 5.6 Copyright (C) Microsoft Corporation 1996-2001. All rights reserved. Default: Deny permission Adding to IpGrant WriteList completed: (192.168.0.101) is added. Completed
- After the .bat file runs successfully, use Exchange System Manager to verify that the IP addresses have been added successfully. To do this, follow these steps:
- Start Exchange System Manager.
- Expand Administrative Groups, expand the destination Exchange server, expand Protocols, and then expand SMTP.
- Right-click the particular SMTP virtual server against which you ran the script, and then click Properties. For example, right-click Default SMTP Virtual Server.
- Click the Access tab, and then click Relay.
- In the Computers list, examine the entries to verify that all the IP addresses were added successfully.
Keywords: kbinfo kbhowto KB935635