RE: Relay problem in Exchange

Hi Partner,


Thank you for posting here.

Yes, you got the point, actually, Exchange 2003 is by default configured to
prevent open relay.
a. Open Exchange System Manage.
b. Expand to Administrative Groups->first administrative
group->servers->[backend server]->Protocols->SMTP->Default SMTP server.
c. Right-click Default SMTP server and then click Properties.
d. On the Access tab, click the Relay button.
e. Make sure that "Allow all computers which sucessfully authenticate to
relay, regardless of the list above" has been selected.
f. Restart SMTP service on this server.


Please determine if your exchange server is open relay through telnet to
port 25, we do not recommend user using third-party website to check the
stat of exchange server. Microsoft does not control these sites and has not
tested any software or information found on these sites; therefore,
Microsoft cannot make any representations regarding the quality, safety, or
suitability of any software or information found there. There are inherent
dangers in the use of any software found on the Internet, and Microsoft
cautions you to make sure that you completely understand the risk before
retrieving any software from the Internet.


XFOR: Telnet to Port 25 to Test SMTP Communication
http://support.microsoft.com/?id=153119

On Small Business Server ICW wizard will restore Internet, ISA and Exchange
settings to default. ICW itself does provide a way to block open relay for
Exchange but you may find your Exchange server is still for relay after
running ICW. Please check if 127.0.0.1 is in the list of IP addresses that
are allowed to relay in the properties of the default SMTP Virtual Server
because it will be added back after you run CEICW. You should do more
things. This is by design in ICW. We recommend our customers stop Exchange
from open-relay manually after each time they finish ICW. You can refer to
the following articles for the detailed information:


How to block open SMTP relaying and clean up Exchange Server SMTP queues in
Windows Small Business Server
http://support.microsoft.com/default.aspx?scid=KB;EN-US;324958


310380 HOW TO: Prevent Exchange 2000 from Being Used as a Mail Relay in
Windows
http://support.microsoft.com/?id=310380


Note: If you have an ISA server in front of exchange, the server may be an
open relay if the following conditions are true:

o ISA Server is configured with a server publishing rule for the SMTP
protocol.
o 127.0.0.1 is in the list of IP addresses that are allowed to relay in the
properties of the default SMTP Virtual Server.





In addition, On SBS box

External NIC:
IP: assigned by your ISP or your hardware router
Gateway: your ISP or your Hardware router IP
DNS: SBS INTERNAL NIC IP as the only entry

Internal NIC:
IP: Fixed IP
Gateway: None
DNS: SBS INTERNAL NIC IP as the only entry

You should remove the external IP address in the relay restriction list.

In addition, to determine if your exchange server is open relay through
telnet to port 25

XFOR: Telnet to Port 25 to Test SMTP Communication
http://support.microsoft.com/?id=153119


More information to secure your server.

Securing Your Windows Small Business Server 2003 Network
http://download.microsoft.com/download/1/f/1/1f15a874-f696-4992-b5ad-b1e7b25
8de1c/SecuringSBSnetwork.doc

To protect your server from spam email on Exchange, I would also like to
give you the following
information.

Antispam Capabilities in Exchange Server 2003
http://www.microsoft.com/exchange/techinfo/security/antispam.asp

Exchange Server 2003 Security Hardening Guide
http://www.microsoft.com/downloads/details.aspx?FamilyID=6A80711F-E5C9-4AEF-
9A44-504DB09B9065&displaylang=en

Hope this helps. Have a nice day!


Best Regards,

Chace Zhang (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

.