mschwade
asked on
Limit Incoming Email Relay by IP on Exchange 2000?
We have an Exchange 2000 box and we have an off-site Spam Filter where our mail is delivered to, checked, then relayed to our exchange box. Spammers have found that our port 25 is open and are bypassing the spam filter and delivering straight to our port 25. Is there anyway I can limit the Mail Relay to only come from the IP of our Spam Filter box?
Thank you in advance!
MS
Thank you in advance!
MS
By using the relay control features of Exchange 2000, you can prevent third parties from relaying mail through your server. Relay control allows you to specify a list of incoming remote IP address and subnet mask pairs that have permission to relay mail through your server. Exchange checks an incoming SMTP client’s IP address against the list of IP networks allowed to relay mail. If the client is not allowed to relay mail, only mail addressed to local recipients is allowed. Relay control can also be implemented by domain—however, this requires implementation of reverse DNS resolution, which is controlled at the SMTP virtual server level.
By default, the SMTP virtual server allows relaying only from authenticated users. This configuration is designed to prevent unauthorized users from using your Exchange server to relay mail.the virtual server’s default configuration allows only authenticated computers to relay mail.
Unsolicited commercial e-mail generally comes from a spoofed or forged address and is often relayed using a server that is not secured for relay. For this reason, Exchange 2000 allows only authenticated users. Be very cautious when changing this setting—many Internet providers will block servers that allow open relaying.
1.Click Start, point to Programs, point to Microsoft Exchange, and then click System Manager.
2. Expand Servers, expand <Server Name>, expand Protocols, and then expand SMTP.
3. Right-click Default SMTP Virtual Server, and then click Properties.
4.In Default SMTP Virtual Server Properties, click the Access tab
5.Under Relay restrictions, click Relay to verify relay restrictions. The Relay Restrictions dialog box displays
6.In Relay Restrictions, verify the following settings:
- Verify that the Only the list below button is selected. To list only those hosts you want to allow to relay mail, click Add, and then follow the instructions. If you click All except the list below, your server may appear to be a server that is a source of unsolicited e-mail on the Internet.
- Verify that the Allow all computers which successfully authenticate to relay, regardless of list above check box is selected. This setting allows you to deny access to all users who do not authenticate. Any remote POP and IMAP users accessing this server will authenticate to send mail. If you do not have users who access this server through POP or IMAP, you can clear this check box to prevent relaying entirely, thereby increasing security.
By default, the SMTP virtual server allows relaying only from authenticated users. This configuration is designed to prevent unauthorized users from using your Exchange server to relay mail.the virtual server’s default configuration allows only authenticated computers to relay mail.
Unsolicited commercial e-mail generally comes from a spoofed or forged address and is often relayed using a server that is not secured for relay. For this reason, Exchange 2000 allows only authenticated users. Be very cautious when changing this setting—many Internet providers will block servers that allow open relaying.
1.Click Start, point to Programs, point to Microsoft Exchange, and then click System Manager.
2. Expand Servers, expand <Server Name>, expand Protocols, and then expand SMTP.
3. Right-click Default SMTP Virtual Server, and then click Properties.
4.In Default SMTP Virtual Server Properties, click the Access tab
5.Under Relay restrictions, click Relay to verify relay restrictions. The Relay Restrictions dialog box displays
6.In Relay Restrictions, verify the following settings:
- Verify that the Only the list below button is selected. To list only those hosts you want to allow to relay mail, click Add, and then follow the instructions. If you click All except the list below, your server may appear to be a server that is a source of unsolicited e-mail on the Internet.
- Verify that the Allow all computers which successfully authenticate to relay, regardless of list above check box is selected. This setting allows you to deny access to all users who do not authenticate. Any remote POP and IMAP users accessing this server will authenticate to send mail. If you do not have users who access this server through POP or IMAP, you can clear this check box to prevent relaying entirely, thereby increasing security.
ASKER
My server is the end-point of relay, not using my exchange box to relay out.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you ikm7176!
However... don't be tempted to put your own subnet in there. If your firewall is on the same subnet then this will turn you in to an open relay as Exchange sees this traffic as allowed because it is coming from that server.
Simon.