Re: Followed the KBs but still an Open Relay?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Jim Behning SBS MVP (jimbehingmvp_at_mindspring.com)
Date: 01/19/05 

Date: Wed, 19 Jan 2005 04:44:37 GMT

I clear the checkmark for authenticated users.

Make sure the guest account is disabled. Make sure everyone has real
passwords.

The article you cited is what the tech support people will follow if
you call in for support. At least for Exchange 2000.

I found a few articles when I search support.microsoft.com key words
open relay exchange

http://www.microsoft.com/technet/prodtechnol/exchange/ExBPA/6d2c9c82-bcc2-4261-a30d-90536577c873.mspx
http://support.microsoft.com/default.aspx?scid=kb;en-us;304897
http://www.petri.co.il/preventing_exchange_2000_2003_from_relaying.htm

"TOP" <speaker910@hotmail.com> wrote:

>I followed the instructions to test whether my SBS server was an open relay.
>The test indicated that it was. (opened telnet port 25... mail from:
>spammer@spam.com... rcpt to: addy@anydomain.com... Result was 250 2.1.5
>addy@anydomain.com)
>
>I followed the instructions in KB 324958 to reset Exchange to default
>settings, which supposedly do not allow open relaying. I made the following
>two changes:
>
>1) SMTP Virtual Directory, Access Tab, Relaying button: I checked the box to
>allow authenticated users to relay regardless of their IP. (I'm not sure I
>wanted to do this, as one way to be used as a relay is to have an account
>hijacked by spammers and email was working fine with this box cleared)
>
>2) Same window: I deleted 127.0.0.1 from the list of IPs that were allowed
>access. (SBS Server's internal IP address was also there, and KB said to
>leave it)
>
>So the server is supposedly returned to its default state, which does not
>allow relaying. But I tried the telnet test again and got the same result.
>(250 addy@anydomain.com) It did not say "unable to relay for
>addy@anydomain.com."
>
>I turned on logging for the smtp transport. I'm receiving a number of SMTP
>errors in the logs, including "unable to relay for..." (along with "need to
>authenticate first" and "temporary lookup failure") but the 'telnet test'
>says I'm still open, and I keep seeing open connections in the Virtual
>Server that don't appear to be coming from any of my remote users.
>
>The KB was for Exchange 2000. Would I need different settings for 2003?
>

Jim B. SBS Community Member
remove the mvp to send email

Relevant Pages

  • Re: RELAYING EMAIL
    ... By default in Exchange 2000, Authenticated users can relay. ... email i will put his IP address on the relaying. ...
    (microsoft.public.exchange2000.general)
  • RE: Inside user spamming
    ... Unfortunately you are confusing relaying with UN-AUTHENTICATED relaying. ... majority of the world states RELAY, ... By turning off "allow authenticated users to relay" you ... My smtp queue is filling fast. ...
    (microsoft.public.exchange2000.transport)
  • IIS SMTP Relay authentication
    ... I've set up my IIS SMTP server to allow relaying to authenticated users. ... but I'd like a finer control of which users are allowed to ... to relay, e.g. using a Windows or AD group? ...
    (microsoft.public.inetserver.iis.smtp_nntp)
  • Re: Directory Permissions - What gives?
    ... OK I can agree with that and "I stand corrected" on the guest account. ... Authenticated Users groups. ... If you had the parent folder shared at Everyone=FULL or even better ... permissions from the parent folder and add Group B and have inheritance ...
    (microsoft.public.windows.server.general)
  • Re: Directory Permissions - What gives?
    ... guest account isn't member of authenticated users ... However, if you've enabled the Guest account, ... you'll find that users who have logged on as Guest are members of Everyone ... again no matter what type of access you need to grant in the folder or sub ...
    (microsoft.public.windows.server.general)