Re: Relay Question

Hi,

Thank you for posting here.

An open relay (sometimes called an insecure relay or a third-party relay)
is an SMTP e-mail server that allows third-party relay of e-mail messages.
By processing mail that is neither for nor from a local user, an open relay
makes it possible for an unscrupulous sender to route large volumes of
spam. In effect, the owner of the server -- who is typically unaware of the
problem -- donates network and computer resources to the sender's purpose.

Actually, Exchange 2003 is by default configured to prevent open relay.
a. Open Exchange System Manage.
b. Expand to Administrative Groups->first administrative
group->servers->[backend server]->Protocols->SMTP->Default SMTP server.
c. Right-click Default SMTP server and then click Properties.
d. On the Access tab, click the Relay button.
e. Make sure that "Allow all computers which sucessfully authenticate to
relay, regardless of the list above" has been selected.
f. Restart SMTP service on this server.


Please determine if your exchange server is open relay through telnet to
port 25, we do not recommend user using third-party website and tools to
check the stat of exchange server. Microsoft does not control these sites
and has not tested any software or information found on these sites;
therefore, Microsoft cannot make any representations regarding the quality,
safety, or suitability of any software or information found there. There
are inherent dangers in the use of any software found on the Internet, and
Microsoft cautions you to make sure that you completely understand the risk
before retrieving any software from the Internet.

More info please refer to following Microsoft Knowledge Base Article:


SMTP relay behavior in Windows 2000, Windows XP, and Exchange Server
http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq304897



XFOR: Telnet to Port 25 to Test SMTP Communication
http://support.microsoft.com/?id=153119

On Small Business Server ICW wizard will restore Internet, ISA and Exchange
settings to default. ICW itself does provide a way to block open relay for
Exchange but you may find your Exchange server is still for relay after
running ICW. Please check if 127.0.0.1 is in the list of IP addresses that
are allowed to relay in the properties of the default SMTP Virtual Server
because it will be added back after you run CEICW. You should do more
things. This is by design in ICW. We recommend our customers stop Exchange
from open-relay manually after each time they finish ICW. You can refer to
the following articles for the detailed information:


How to block open SMTP relaying and clean up Exchange Server SMTP queues in
Windows Small Business Server
http://support.microsoft.com/default.aspx?scid=KB;EN-US;324958


310380 HOW TO: Prevent Exchange 2000 from Being Used as a Mail Relay in
Windows
http://support.microsoft.com/?id=310380



Hope this helps, if you have any other concerns on this issue, please feel
free to let me know.

Have a nice day!


Best Regards,

Chace Zhang (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| From: Jim Behning <jimbehning@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| Subject: Re: Relay Question
| Message-ID: <tfsjg2pcb324kbubvinlgiaipiqu70ndk6@xxxxxxx>
| References: <uQJBpjA2GHA.1300@xxxxxxxxxxxxxxxxxxxx>
| X-Newsreader: Forte Free Agent 3.3/32.846
| MIME-Version: 1.0
| Content-Type: text/plain; charset=us-ascii
| Content-Transfer-Encoding: 7bit
| X-Antivirus: avast! (VPS 0637-1, 09/13/2006), Outbound message
| X-Antivirus-Status: Clean
| Lines: 42
| Date: Fri, 15 Sep 2006 00:22:22 GMT
| NNTP-Posting-Host: 66.245.119.104
| X-Complaints-To: abuse@xxxxxxxxxxxxx
| X-Trace: newsread2.news.pas.earthlink.net 1158279742 66.245.119.104 (Thu,
14 Sep 2006 17:22:22 PDT)
| NNTP-Posting-Date: Thu, 14 Sep 2006 17:22:22 PDT
| Organization: EarthLink Inc. -- http://www.EarthLink.net
| Path:
TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS02.phx.gbl!msrtrans!m
srn-in!newshub.sdsu.edu!elnk-nf2-pas!newsfeed.earthlink.net!stamper.news.pas
earthlink.net!newsread2.news.pas.earthlink.net.POSTED!f526e822!not-for-mail
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:297681
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| It is not relaying. It is just sending your server an email the same
| way that any of the millions of email servers send mail to your
| server. I think.
|
| http://support.microsoft.com/?kbid=153119
|
| On Thu, 14 Sep 2006 10:20:17 -0400, "Joel"
| <Batista@(removethis).lmaengr.com> wrote:
|
| >Hello, we have an SBS 2003 SP1 Premium server which I have repeatedly
tested
| >for relay. Every test I have run suggests that the server is closed to
| >relaying, however something happened the other day that concerns me.
| > This is our current network topology:
| > Internet
| > Switch
| > SBS WAN - Netgear WGR614
| > SBS LAN
| >
| > There is a switch in front of the SBS because we wanted a wireless
| >access point outside of our LAN for guests in the conference room to
use.
| >We have 24 static IP addresses available and assigned one to the SBS and
one
| >to the netgear.
| > The netgear has an option to e-mail it's usage logs on a regular
| >interval, which I enabled. But the only thing it asks for (in order to
| >enable e-mailing) is outgoing mail server and address to send e-mail to.
| >There is no password or other kind of authentication required.
| > Now the spooky part. It works! The e-mail I receive says it's from
Me
| >to Me. The header info says it's from mail.mydomain.com received by
| >mydomain.com
| > Can anyone explain to me how this $30 netgear is managing to send
e-mail
| >through our server without authenticating? Especially considering that
it
| >has no connection to our LAN.
| > I have re-checked my relay settings in Exchange System Manager and
under
| >"Relay Restrictions" it says:
| >
| >Select which computer may relay through this virtual server. "Only the
list
| >below" is checked. In that list I have LAN IP of SBS, Loopback, WAN IP
of
| >SBS. Is this a correct configuration?
| >
| >Thanks
| >~Joel~
| >
|

.