Re: Incoming mail for recipients not in my domain

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Lanwench [MVP - Exchange] (lanwench_at_heybuddy.donotsendme.unsolicitedmail.atyahoo.com)
Date: 02/05/04 

Date: Wed, 4 Feb 2004 22:17:15 -0500

Do you need authenticated users to relay? Even if you have external POP
users, you can always have them use their own ISP's SMTP server to send
mail. If you turn off authenticated relay, does the problem continue?

PaulB wrote:
> Thanks for the advice, Ben.
> Regarding point 1:
> Guest account is disabled
> The setting on my SMTP virtual server is indeed to allow
> authenticated users to relay. However, in the access control
> 'anonymous access' is allowed. Isn't this a paradox? Also 'basic
> authentication' and 'Integrated Windows authentication' are enabled.
> Is this what you would recommend or should I disable one or more of
> these?
>
> Point 2:
> Just taking one of these damned mail messages at random:
> Sent from: "Aniana Burns" binisatchelsadorable@hahale.net
> Subject: Free S@mp1e of We1ght Loss Pr0duct!
> Envelope recipients: lerickso@eudoramail.com;
>
> This message sits in my queue trying to get back to the sender
> address as it is presumably not deliverable to the eudora address. I
> have to say that right now I would consider a brief custodial
> sentence as worthwhile if only I could have the satisfaction of
> repeatedly smashing the perpetrator's face into my knee...
>
> Any ideas? (about the technical problem, not the idea of violent
> assault). PaulB
>
>
>
>
> "Ben Winzenz [Exchange MVP]" <benwinzenz@NOSPAM.gardnerwhite.com>
> wrote in message news:ee#3g6y6DHA.360@TK2MSFTNGP12.phx.gbl...
>> A couple of things might be happening here.
>>
>> 1. Although you are not an open relay, someone could be relaying
>> through your sever using authentication (i.e. a password has been
>> compromised, or your Guest account is Enabled). The default
>> settings on the SMTP Virtual Server are to allow all computers that
>> successfully authenticate to relay. There was another person on the
>> newsgroups recently that had this
> problem -
>> it ended up being Norton Ghost had created an account and the
>> password had been compromised. Checking your SMTP Logs
>> (c:\winnt\system32\logfiles\smtpsvc1 is the default location) may
>> help you in finding out which account is doing this.
>>
>> 2. You are not an open relay, but someone else could still be
>> attempting to relay off your server. There are certain formats of
>> messages that Exchange will initially accept (even though the
>> recipient is not local), only to later reject. If you look in the
>> queues for thes remote domains, and choose "Enumerate 100 messages",
>> are they actual e-mails, or is the sender <>, or
>> postmaster@yourdomain.com?
>>
>> --
>> Ben Winzenz
>> MVP - Exchange
>> Network Engineer
>> Gardner & White
>>
>> Exchange FAQ's: http://www.swinc.com/resource/exch_faq.htm
>> Exchange 2000 FAQ's: http://www.swinc.com/resource/e2kfaq.htm
>>
>>
>> "PaulB" <p.bassett@zeda.co.uk> wrote in message
>> news:%23BuP7ww6DHA.1636@TK2MSFTNGP12.phx.gbl...
>>> I expect this is a simple problem but my mail server is, for want
>>> of a better word, being attacked several times a day by incoming
>>> SMTP traffic that is destined for recipients for domains outside of
>>> my domain. To clarify: my domain is zeda.co.uk but frequently I see
>>> in the 'current connections' a connection from a spurious external
>>> host with a name like 'regal' or 'dolphin' or some other word that
>>> looks like it has been picked from a dictionary rather than
>>> host.domain.tld The mail that is being accepted by my server is
>>> destined for thousands of spurious users at other domains.
>>> Therefore my Exchange server starts creating queues to try to send
>>> these mails out but, in the majority of cases, the server or
>>> recipient cannot be reached so they just sit in the queue until the
>>> message expires. I can't help but think that if there were a way to
>>> configure my server only to accept incoming messages for users at
>>> zeda.co.uk rather than somone@hahale.net or someone@suite224.net
>>> this problem would not exist.
>>>
>>> My server is not an open relay - have checked this with numerous
>>> online OR testing services.
>>>
>>> Any help appreciated,
>>> PaulB

Relevant Pages

  • Re: Outlook could not logon to the outgoing mail server - Exchange server
    ... In the Exchange System Manager go to the SMTP Protocol --> Default ... Based on my experience,I think The root cause is your smtp server have been ... configured to require authentication,but your outlook 2003 and outlook ... express authentication are not being configured on the client. ...
    (microsoft.public.windows.server.sbs)
  • RE: "You do not have permission to send to this recipient"
    ... I have the "Allow all computers which successfully authenticate ... Authenticated computers not allowed to relay ... Expand the container that is for your Exchange server. ... Expand the "SMTP" container. ...
    (microsoft.public.windows.server.sbs)
  • RE: email, exchange server
    ... Thank you for posting in the SBS newsgroup. ... mail.alphaschool.org to relay email from yahoo? ... Right click Small Business SMTP Connector> Properties ... server with same settings. ...
    (microsoft.public.windows.server.sbs)
  • Re: 550 5.7.1 Unable to Relay issue
    ... I have set up an SMTP relay server in front of my Exchange 2003 server ... 550 5.7.1 Unable to Relay error message. ... set this external facing SMTP to allow authentication and then relay only ...
    (microsoft.public.windows.server.general)
  • Re: Exchange issues
    ... Are you up to date on all your Service Packs, both Windows and Exchange? ... > all traffic on port 25 to the SBS Exhange server. ... I suspected SMTP relaying becuase ... > You should verify that the server really isn't an open relay: ...
    (microsoft.public.exchange2000.admin)