MORE INFORMATION

To obtain IPsec.vbs

Exchange 2003 and Microsoft Exchange 2000 Server provide connection controls for the SMTP virtual servers. They also provide relay controls for the SMTP virtual servers. You can use these controls to help limit the number of computers that can connect to a virtual server. Additionally, you can use these controls to help limit the number of computers that can relay e-mail messages outside the Exchange 2003 organization. To view these controls, use Exchange System Manager.

The IPsec.vbs program lets you programmatically view the connection settings and the relay control settings on an Exchange 2003 server or on an Exchange 2000 server. The IPsec.vbs program also lets you programmatically modify these settings.
For more information about how to obtain the IPsec.vbs program and about how to use the program, click the following article number to view the article in the Microsoft Knowledge Base:

To export an SMTP relay list and to then import an SMTP relay list

To export an SMTP relay list from one computer that is running Exchange 2003 and to then import that list to another computer that is running Exchange 2003, follow these steps.

Step 1: Install the IPsec.vbs tool on the source Exchange server and on the destination Exchange server

1. Download the ExIpSecurity.exe program. To obtain the Exchange 2003 version of this program, visit the following Microsoft Web site:

   http://www.microsoft.com/downloads/details.aspx?familyid=dcce0536-7edc-40b4-9950-8b6906abda2d&displaylang=en

2. Run the ExIpSecurity.exe program to extract the program files to a folder on the hard disk. By default, this program creates a folder that is named ExIpSecurity. This folder contains the following files:
   • Eula.txt
   • ExIpsec.dll
   • IPsec.vbs
   • SMTP Internet Protocol Restriction and Accept Deny List Configuration.doc
   Note The steps in this article assume that you use the default location for these files, C:\ExIpSecurity. If you use a different path, modify the steps as appropriate for your installation.
3. Register the ExIpsec.dll file. To do this, click Start, click Run, type regsvr 32 c:\ExIpSecurity\exipsec.dll, and then click OK.
4. On the following message that appears, click OK:

   DllRegisterServer in c:\exipsecurity\exipsec.dll succeeded.

Step 2: Export the SMTP relay list from the source server

1. Start a command prompt, and then use the cd command to change to the ExIpSecurity directory.
2. Type the following command, and then press ENTER to export the IP addresses from the SMTP relay list from the source server:

   cscript IPsec.vbs –s SourceServer –o e –r relay –d DomainController >C:\exipsecurity\exportrelaylist.txt

   Note In this command, replace SourceServer with the name of the Exchange 2003 server from which you want to export the relay list. Also, replace DomainController with the name of a domain controller.
3. After this command is completed successfully, start Windows Explorer, and then locate the C:\ExIpSecurity\Exportrelaylist.txt file.

Step 3: Create a batch file that contains the IP addresses to import

1. Copy the Exportrelaylist.txt file to a computer that is running a spreadsheet program, such as Microsoft Office Excel.
2. Use any text editor, such as Notepad, to open the Exportrelaylist.txt file.
3. Copy all the IP addresses from the Exportrelaylist.txt file. These IP addresses appear in the IP section of this file.
4. Start a spreadsheet program, such as Excel.
5. Paste each IP address from the Exportrelaylist.txt file into a separate cell in column B of a blank worksheet. For example, paste the first IP address into cell B1. Paste the second IP address into cell B2, and so on.
6. Type the following text in cell A1 of the worksheet:

   cscript IPsec.vbs –s DestinationServer –o a –r relay –d DomainController –v

   Note In this command, replace DestinationServer with the name of the Exchange 2003 server to which you want to import the relay list.
7. Copy cell A1, and then paste the contents into the column A cells that correspond to the IP address entries in column B.
   
   Note An example table that illustrates how these worksheet entries appear is displayed at the end of this section.
8. Select the populated contents of column A and of column B. For example, select cells A1 through B5.
9. Press CTRL+C to copy the contents of these cells.
10. Open a new blank text file in Notepad or in another text editor, and then press CTRL+V to paste the contents from the worksheet into the text file.
    
    Note An example file that illustrates how this text appears is displayed at the end of this section.
11. Save the text file as AddIPrelay.bat.
12. Copy the AddIPrelay.bat file to the ExIpSecurity folder on the destination Exchange 2003 server.

Example worksheet entries

The following table illustrates example values for the worksheet that contains the IP address entries to import into the relay list:

In this table, ServerB is the name of the destination Exchange 2003 server. Additionally, DC-1 is the name of the domain controller:

Example text editor entries

cscript IPsec.vbs –s ServerB –o a –r relay –d DC-1 –v 192.168.0.100 
cscript IPsec.vbs –s ServerB –o a –r relay –d DC-1 –v 192.168.0.101 
cscript IPsec.vbs –s ServerB –o a –r relay –d DC-1 –v 192.168.0.102 
cscript IPsec.vbs –s ServerB –o a –r relay –d DC-1 –v 192.168.0.103 
cscript IPsec.vbs –s ServerB –o a –r relay –d DC-1 –v 192.168.0.104 

Step 4: Import the SMTP relay list into the destination server

1. On the destination server, start a command prompt, and then use the cd command to change to the ExIpSecurity directory.
2. At the command prompt, type the following command, and then press ENTER:

   addiprelay.bat > addiprelayresults.txt

   Note This command runs the AddIPrelay.bat file. Then, the command directs the output to a text file that is named Addiprelayresults.txt. You can examine this text file to verify that the .bat file ran successfully. In this text file, results that resemble the following will be displayed:

   Microsoft (R) Windows Script Host Version 5.6
   Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
   
   Default: Deny permission
   Adding to IpGrant
   WriteList completed: (192.168.0.100) is added.
   Completed
   
   Microsoft (R) Windows Script Host Version 5.6
   Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
   
   Default: Deny permission
   Adding to IpGrant
   WriteList completed: (192.168.0.101) is added.
   Completed

3. After the .bat file runs successfully, use Exchange System Manager to verify that the IP addresses have been added successfully. To do this, follow these steps:
   1. Start Exchange System Manager.
   2. Expand Administrative Groups, expand the destination Exchange server, expand Protocols, and then expand SMTP.
   3. Right-click the particular SMTP virtual server against which you ran the script, and then click Properties. For example, right-click Default SMTP Virtual Server.
   4. Click the Access tab, and then click Relay.
   5. In the Computers list, examine the entries to verify that all the IP addresses were added successfully.