Re: Still A Open Relay

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Phillip Windell (_at_.)
Date: 12/09/04 

Date: Thu, 9 Dec 2004 10:31:24 -0600

It an't that big a deal. Just go in the Config of the SMTP Service (under
Exchange's Tree, not IIS) and check the relay setting. It is probably wide
open. It should only allow relaying from IP#s within your LAN and nothing
else.

In the Exchange MMC:

1. [Exch domain]-->Admin
Groups-->[Site]-->Servers-->[Servername]-->Protocols-->SMTP-->"Default SMTP
Virtual Server"

2. Right-click,..Properties-->Access "Tab"-->Relay "Button

3. Select "Only the list below",...Add only your own private LAN subnets to
the List

4. If traveling users need to use it from outside, then check the box at the
bottom that says "Allow computers that successfully authnticate to relay"

Question #1
Now, when you tested this before and decided that you were relying,...was
the machine you were sitting at using an IP# from your LAN either directly
or via VPN? If yes, then that is why it allowed relaying, it was because
your machine was using a "allowed" IP#. We have to think this stuff through
an not run off jumping to conclusions and trying to fix "percieved" problems
that don't exist.

Question #2
How is you Exchange exposed to the Internet?
    1. Directly by having two nics in the box?
    2. Published via a Proxy or NAT box (firewall)? 

-- 
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
"andrew" <aking@vistanetit.com.(donotspam)> wrote in message
news:61911DDC-3B91-4DCC-B008-E52AB708D112@microsoft.com...
> Susan,
>
> This is a clean install of SBS 2003, not yet 2 weeks old. So why is it
> relaying? The default from running the "Connect to the Internet" wizard
> should block relaying no?
>
> NDRs are turned off
> Guest account is disabled
>
> >>picking up from another port to port 25 is causing the relay<<
>
> Do you have any more information on this?
>
> Andrew
Quantcast