Re: help understand relaying and authentication

.... correction: it would be relaying even if the remote host authenticates -
it's just not an open relay.
--
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
www.exchangepedia.com/blog
----------------------------------------------


"Bharat Suneja [MVP]" <bharatsuneja@xxxxxxxxxxx> wrote in message
news:ewahGWGyGHA.4972@xxxxxxxxxxxxxxxxxxxxxxx
To receive inbound internet mail, you will need to allow anonymous access.
This allows internet mail hosts to send you mail. If you remove anonymous
access on the SMTP virtual server that receives internet mail, you won't
receive any.

Current versions of Exchange are configured out of the box with relaying
disabled - as you've already noted in the configuration, no IP addresses
exist in that list of hosts allowed to relay. (Authenticated users are
allowed to relay.)

What is relaying?
Your Exchange Org accepts email for one or a few domains. These are listed
in Recipient Policies. Recipient Policy tells Exchange to receive email
for a particular domain (like yourcompany.com), and to generate email
addresses for that domain.

- When an internet host sends you an email for anyone@xxxxxxxxxxxxxxx,
that's not relaying.
- Your server is relaying if that host tries to send a mail for
someone@xxxxxxxxxxxxxxxxxxx to your server (without authentication), and
if your server accepts the message and forwards it to someotherdomain.com
(given that it's not configured to explicitly do so for that domain).

--
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
www.exchangepedia.com/blog
----------------------------------------------


"billd" <billd@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1C71D6D9-1CFA-402D-9C65-54115F63B001@xxxxxxxxxxxxxxxx
Ok... I am mucho confused. We have exchange 2003 frontend backend
servers.

I keep reading that you should not allow anonymous access to your email
server, or people will relay... but, If I do that, and this is our
incoming
mail server, then other mail servers fail to send email to me...

On my relay restrictions page, I have only the list below selected, and
no
one in the list. Allow all compuers which successfully auth to realy
reagardles of list above is checked.

The result of this, as far as I can tell, is that anyone can send email
to
my domain.

They also can not send to anyone that isn't in my domain.

If I telnet to port 25 on my mail server, do a ehlo mail from:
me@xxxxxxxxxxxx rcpt to: someone@xxxxxxxxxxxxx it allows me to send
data

if I telent to port 25 on my mail server, do an ehlo mail from:
me@xxxxxxxxxxxx
rcpt to: anyone@xxxxxxxxxxxxxxxxxx it says relaying denied.

Geeessh... this seems to me to be exactly what I want, but everthing I
read
says I should be turning off anon in the auth. ... but when I do that,
and

telnet to port 25 on my mail server, ehlo, mail from me@xxxxxxxxxxxx it
immediately throws me out... and that's all a fellow mail server is going
to
do as well... so it will never be able to send an email to mydomain.!!!!
Arrrg, can anyone help me out with this one, urgently as I'm going on
vacation tomorrow and we had a little spam incident, which I am
conivinced
had nothing to do with my mail server, I've been watching it for 48 hours
straight and nothing funny going on with the queues or anything else...
we
had a guest at our business the day it happend and am fairly convinced
that
he had a work on his pc and it was coming straight out form that as
everyone
else in our company has AV and we have never had a problem like this
before.. to be sure, I blocked all access to the internet on port 25 from
anyone but my mail server... and everything has been fine for the 48
hours I
have been watching.

If anywone could clear this up, point me right etc etc etc... I would
hugely
appreceiate it. I'm just wondering if what people are writing about
applies
to internal mail servers rather than perimeter servers, or back end vs
fronend? My front end server, needs to accept email for my domain,
that's
its job!!

Thanks






.

Relevant Pages

  • Re: Exchange Name
    ... When Exchange is responsible for an e-mail domain, ... If a local recipient with that e-mail address does not exist, ... Configure the SMTP virtual server in Exchange to send mail with unresolved ... recipients to the Internet service provider's mail server. ...
    (microsoft.public.windows.server.sbs)
  • RE: Email being sent to unknown users
    ... Transfer Protocol (SMTP) server that is used to send e-mail messages to ... domains that are external to your organization is an example of relaying. ... the Default SMTP Virtual Server in Exchange 2003 is configured ...
    (microsoft.public.exchange.clients)
  • Re: Cant change password for outbound mail!
    ... I have 1) reconfigured Exchange to use port 2525, ... forwarded 2525 to our server, and 3) our firewall on the server allows ... ISP will not allow us to relay mail through their mail server ...
    (microsoft.public.windows.server.sbs)
  • RE: Server is acting as relay
    ... You didn't mention what version of Exchange you are using. ... you can use these article to test and see if your server is setup for relay: ... Telnet to Port 25 to Test SMTP Communication ... Exchange 2003 disables relaying by default. ...
    (microsoft.public.exchange.admin)
  • Re: help understand relaying and authentication
    ... Bharat Suneja ... MVP - Exchange ... access on the SMTP virtual server that receives internet mail, ... mail server, then other mail servers fail to send email to me... ...
    (microsoft.public.exchange.admin)