Exchange Server Problem with SMTP

I have a exchange server 2000 with sp 3, there is a "BIG" problem that many other server send emails to my server and use my server to send those rubbish email others. My server is stuck with thousands of message queueing and My own message can't be send out easily!!!!!

Is there any solution to stop receiving the rubbish emails???
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ikm7176Sr. IT ManagerCommented:

Make sure that you are not infected with any virus

Go to ESM-SMTP virtual server properties->Access-> Relay
Make sure that "allows all computers that successfully authenticate to relay " is checked.

Relaying is the ability to forward mail to domains other than your own. More specifically, relaying occurs when an inbound connection to your SMTP server is used to send e-mail to external domains. By default, your Exchange server accepts mail from users and sends it to an external domain. If your server is open for relaying, or if relaying is unsecured on your server, unauthorized users can use your server to send unsolicited commercial e-mail. Therefore, to secure your SMTP virtual server, it is crucial that you set relay restrictions.

 It is important to understand the difference between authenticated relaying and anonymous or open relaying.
Authenticated relaying allows your internal users to send mail to domains outside of your Exchange organization, but requires authentication before the mail is sent. By default, Exchange only allows authenticated relaying.

Anonymous relaying allows any user to connect to your Exchange server and use it send mail outside your Exchange organization.

The following examples demonstrate how Exchange 2000 accepts and relays mail using authenticated relaying:

Example 1 An anonymous user connects to the SMTP virtual server and attempts to deliver mail to an internal user in the Exchange organization. In this situation, the SMTP virtual server accepts the message because it is destined for an internal domain and because the user exists in Active Directory.

Example 2 An anonymous user connects to the SMTP virtual server and attempts to deliver mail to an external user in an external domain. In this situation, the SMTP virtual server rejects the mail because it is destined for an external domain for which the Exchange server is not responsible. Because the user is not authenticated, the SMTP virtual server does not relay this mail outside of the Exchange organization.

Example 3 A user connects to the SMTP virtual server using a POP or IMAP client (for example Microsoft Outlook® Express), authenticates, and then attempts to send a message to a user in an external domain.In this situation, Outlook Express connects directly to the SMTP virtual server and authenticates the user. Although the message is destined for a remote domain, the SMTP virtual server accepts and relays this mail because the user is authenticated. By using the relay control features of Exchange 2000, you can prevent third parties from relaying mail through your server. Relay control allows you to specify a list of incoming remote IP address and subnet mask pairs that have permission to relay mail through your server. Exchange checks an incoming SMTP client’s IP address against the list of IP networks allowed to relay mail. If the client is not allowed to relay mail, only mail addressed to local recipients is allowed. Relay control can also be implemented by domain—however, this requires implementation of reverse DNS resolution, which is controlled at the SMTP virtual server level. Default Relay Restrictions.
 By default, the SMTP virtual server allows relaying only from authenticated users. This configuration is designed to prevent unauthorized users from using your Exchange server to relay mail. the virtual server’s default configuration allows only authenticated computers to relay mail.Unsolicited commercial e-mail generally comes from a spoofed or forged address and is often relayed using a server that is not secured for relay. For this reason, Exchange 2000 allows only authenticated users. Be very cautious when changing this setting—many Internet providers will block servers that allow open relaying.

Hope this clears your doubts
> Go to ESM-SMTP virtual server properties->Access-> Relay
> Make sure that "allows all computers that successfully authenticate to relay " is checked.

and check also "Only computers on the list" and keep the list empty. These two settings will deny anonymous realy.
chpchaiAuthor Commented:
I have tried the setting mentioned above, but still that there are message from other servers queueing in my server... mainly from AOL, MSN, Netscape... !!!!!

any further setting available to improve the situation???
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Open a DOS box and type:

This will check your server for relay issues. More can be found at the web page. If there is any test, which fails, please post.

After the changes, you should restart your exchange server (or at least the SMTP service).

First at all you have to close your server. Second, you have to remove your server from the blacklists. As long your server is blacklisted, you will get mails, which will not been relayed, but which produces NDRs, which can not delivered.

Try to see, if you are blacklisted and where.

Please note also, that it may take some time, until all mails are out of the queue and are run dead. Whenever a mail can not be delivered, the mail produces a NDR to the senders address (which is usually faked) and therefore you get an additional set of mails within your queue. Have a look at the queue itself (don't forget to refresh --> menu item, not F5), and the number of mails within the queue (the queue itself is deleted, when the connection is closed, this takes also some minutes).

For the moment, you should lower the time, the mails will try to connect to the remote system (see tranmission tab within your virtual SMTP server). This reduces the time until they run dead. Also try to delete as much as possible from your queues. Also have a look at the file based queues on your server in the mailroot\vsi xx directory.
Oh, have a look at the senders addresses. If you see, that these are allways the same addresses, you can block or filter them. But I assume, as some of the spam-email programs are intelligent, they will cahnge the senders address often.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Seen this alot recently - and in most cases I've been involved it one of the following has been true:-

1)  The local Guest account was enabled - allowing any credentials to successfully authenticate (therefore allowing them to relay)


2)  A compromized local account on the box (in one case a domain account, but this machine was a member of the domain).

Check the local accounts on the box - reset passwords and ensure guest is disabled.

Generally, I've been able to pin the issue down to a previous infection by Code Red (the IIS worm) - one of it payloads (in some versions) is enabling the guest account..

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.