Re: SMTP getting hijacked

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Your confusion comes from a misconception about what it is you're trying to do.

"Recipient filtering" is something you turn on to filter messages based on who messages are being sent to, not who they're being sent from. In our previous communications this was to ensure that your server is processing messages during the SMTP communication from sending servers, and not just accepting messages wholesale and then determining after the fact that it cannot deliver them because the recipient does not exist. This only has to do with accepting mail that is destined for your organization.

The "Sender filtering" that you're referring to is limiting who can use your server to send email anywhere. When your server is used to deliver mail to an address that is not local to your organization, this is called a "relay." By default in Microsoft Exchange, relaying is disabled. You need to add your local IP range to the allowed relay list so your local users can send mail using the server via SMTP. If you have external users connected to other ISPs that need to use your server to send mail, then you'll need to enable SMTP authentication.

Since you're still having these problems I'm wondering if you fell prey to a common mistake when setting up Exchange for the first time. I've seen many people set up Exchange and realize that they can receive mail but cannot send mail anywhere, getting an "unable to relay" error message when they try to do so. They dig around in the SMTP virtual server properties and see the option "Only the list below" selected in the relaying settings, and the list is empty. They select "All except the list below" and then BAM they can send email, and rejoice.

Unfortunately, this means that everyone else on the internet can send mail from the server as well. Desired practice is to never have "All except the list below" selected unless the server is not open to connections from the internet. You should have "Only the list below" and add the IP address ranges of your internal network and any other static IP ranges that your users will be connecting from. As I mentioned before if they are connecting from an external ISP I would not recommend just adding the ISP's IP address ranges. In these situations you should enable SMTP authentication (in the relaying settings should be a box that says something like "Allow users who successfully authenticate to relay regardless of the list above"), and many admins will set the SMTP virtual server on a port other than 25 as well to try to cut down on directory harvesting attacks, which is a decent best-practice anyway if you're doing recipient filtering.

"njem" <njem@xxxxx> wrote in message news:964e0473-150e-4fed-b825-eb721db13dd4@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I'm getting thousands of msgs queued up from all sorts of random
senders. I got some advice here on filtering recipients who are not in
active directory. Have been following the KB article on how to empty
the queue of those msgs. But still getting tons.

The good news is this exchange was only being prepared for use, isn't
actually in use yet. We are still on POP3. So I am able to turn off
outbound delivery so none of this junk is actually getting out.

By the way, the "recipient filtering" described in MS docs seems
counter-intuitive. I would think I would want to block senders, only
allowing users listed in active directory to send. But there is no
selection for that under "sender filtering". Something I guess I just
don't understand.

A typical msg has these details:
msg ID <MSSHLHWIBFKDQOMKGLDELB...@xxxxxxxxxx>
Sender "¡¬µL½uÄá¼v¾÷²Õ " <dilbugrptetopua...@xxxxxxxxxxxx>
subject <Subject is hidden>
priority Normal
size 1,295
number of recipients N/A
recipients Envelope Recipients:
SMTP:li...@xxxxxxxxxxxxxxxx; SMTP:mcons...@xxxxxxxxxxxxxx;
SMTP:wen....@xxxxxxxxxxxxx; SMTP:x...@xxxxxxxxxxxxxx;
SMTP:miz...@xxxxxxxxxxxxxx; SMTP:love78875...@xxxxxxxxxxxxxxx;
SMTP:russells...@xxxxxxxxxxxx; SMTP:may...@xxxxxxxxxx;

thanks,
Tom

.

Relevant Pages

  • RE: unable to send email to someone
    ... If the error code is 5.7.1 or 5.7.3 i have the following solution. ... Mail Transfer Protocol (SMTP) virtual server. ... the matching recipient policy might not exist. ...
    (microsoft.public.exchange2000.general)
  • Re: server rejects messages
    ... i was able to use the SMTP logs to find a message that was rejected. ... Apparently the server does see the message and it is rejected "SMTP: ... Message rejected by Intelligent Message Filtering". ... That being said, if this is the smtp log from your Exchange server, I ...
    (microsoft.public.exchange.admin)
  • Re: You do not have permission to send to this recipient......
    ... NDRs that contain a 5.7.1 error code occur if the Allow computers ... Simple Mail Transfer Protocol (SMTP) virtual server. ... the matching recipient policy might not exist. ...
    (microsoft.public.exchange.admin)
  • Re: Send E-Mails to 2 SMTP Server
    ... You can configure the exchange server to host multiple SMTP mail domains on ... Click to expand the Recipients container and then click Recipient ...
    (microsoft.public.windows.server.sbs)
  • Re: share address space
    ... Tell ALL the SMTP servers in your organization, to which email domains, the ... you need to add 3 Recipient policies. ... Primary) in the corresponding Recipient Policy, ... Just a SMTP connector connecting to the SMTP server of the second ...
    (microsoft.public.exchange.admin)