Solved

Exchange Server Problem with SMTP

Posted on 2003-11-04
8
271 Views
Last Modified: 2010-05-18
I have a exchange server 2000 with sp 3, there is a "BIG" problem that many other server send emails to my server and use my server to send those rubbish email others. My server is stuck with thousands of message queueing and My own message can't be send out easily!!!!!

Is there any solution to stop receiving the rubbish emails???
0
Comment
Question by:chpchai
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 20

Expert Comment

by:ikm7176
ID: 9685180

Make sure that you are not infected with any virus

Go to ESM-SMTP virtual server properties->Access-> Relay
Make sure that "allows all computers that successfully authenticate to relay " is checked.

Relaying is the ability to forward mail to domains other than your own. More specifically, relaying occurs when an inbound connection to your SMTP server is used to send e-mail to external domains. By default, your Exchange server accepts mail from users and sends it to an external domain. If your server is open for relaying, or if relaying is unsecured on your server, unauthorized users can use your server to send unsolicited commercial e-mail. Therefore, to secure your SMTP virtual server, it is crucial that you set relay restrictions.

 It is important to understand the difference between authenticated relaying and anonymous or open relaying.
 
Authenticated relaying allows your internal users to send mail to domains outside of your Exchange organization, but requires authentication before the mail is sent. By default, Exchange only allows authenticated relaying.

Anonymous relaying allows any user to connect to your Exchange server and use it send mail outside your Exchange organization.

The following examples demonstrate how Exchange 2000 accepts and relays mail using authenticated relaying:

Example 1 An anonymous user connects to the SMTP virtual server and attempts to deliver mail to an internal user in the Exchange organization. In this situation, the SMTP virtual server accepts the message because it is destined for an internal domain and because the user exists in Active Directory.

Example 2 An anonymous user connects to the SMTP virtual server and attempts to deliver mail to an external user in an external domain. In this situation, the SMTP virtual server rejects the mail because it is destined for an external domain for which the Exchange server is not responsible. Because the user is not authenticated, the SMTP virtual server does not relay this mail outside of the Exchange organization.

Example 3 A user connects to the SMTP virtual server using a POP or IMAP client (for example Microsoft Outlook® Express), authenticates, and then attempts to send a message to a user in an external domain.In this situation, Outlook Express connects directly to the SMTP virtual server and authenticates the user. Although the message is destined for a remote domain, the SMTP virtual server accepts and relays this mail because the user is authenticated. By using the relay control features of Exchange 2000, you can prevent third parties from relaying mail through your server. Relay control allows you to specify a list of incoming remote IP address and subnet mask pairs that have permission to relay mail through your server. Exchange checks an incoming SMTP client’s IP address against the list of IP networks allowed to relay mail. If the client is not allowed to relay mail, only mail addressed to local recipients is allowed. Relay control can also be implemented by domain—however, this requires implementation of reverse DNS resolution, which is controlled at the SMTP virtual server level. Default Relay Restrictions.
 By default, the SMTP virtual server allows relaying only from authenticated users. This configuration is designed to prevent unauthorized users from using your Exchange server to relay mail. the virtual server’s default configuration allows only authenticated computers to relay mail.Unsolicited commercial e-mail generally comes from a spoofed or forged address and is often relayed using a server that is not secured for relay. For this reason, Exchange 2000 allows only authenticated users. Be very cautious when changing this setting—many Internet providers will block servers that allow open relaying.

Hope this clears your doubts
0
 
LVL 35

Expert Comment

by:Bembi
ID: 9690697
> Go to ESM-SMTP virtual server properties->Access-> Relay
> Make sure that "allows all computers that successfully authenticate to relay " is checked.

and check also "Only computers on the list" and keep the list empty. These two settings will deny anonymous realy.
0
 

Author Comment

by:chpchai
ID: 9713101
I have tried the setting mentioned above, but still that there are message from other servers queueing in my server... mainly from AOL, MSN, Netscape... !!!!!

any further setting available to improve the situation???
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 35

Expert Comment

by:Bembi
ID: 9717213
Open a DOS box and type:
telnet relay-test.mail-abuse.org

This will check your server for relay issues. More can be found at the mail-abuse.org web page. If there is any test, which fails, please post.

After the changes, you should restart your exchange server (or at least the SMTP service).

First at all you have to close your server. Second, you have to remove your server from the blacklists. As long your server is blacklisted, you will get mails, which will not been relayed, but which produces NDRs, which can not delivered.

Try http://openrbl.org to see, if you are blacklisted and where.

Please note also, that it may take some time, until all mails are out of the queue and are run dead. Whenever a mail can not be delivered, the mail produces a NDR to the senders address (which is usually faked) and therefore you get an additional set of mails within your queue. Have a look at the queue itself (don't forget to refresh --> menu item, not F5), and the number of mails within the queue (the queue itself is deleted, when the connection is closed, this takes also some minutes).

For the moment, you should lower the time, the mails will try to connect to the remote system (see tranmission tab within your virtual SMTP server). This reduces the time until they run dead. Also try to delete as much as possible from your queues. Also have a look at the file based queues on your server in the mailroot\vsi xx directory.
0
 
LVL 35

Accepted Solution

by:
Bembi earned 25 total points
ID: 9717232
Oh, have a look at the senders addresses. If you see, that these are allways the same addresses, you can block or filter them. But I assume, as some of the spam-email programs are intelligent, they will cahnge the senders address often.
0
 
LVL 2

Assisted Solution

by:mwareman
mwareman earned 25 total points
ID: 9792478
Seen this alot recently - and in most cases I've been involved it one of the following has been true:-

1)  The local Guest account was enabled - allowing any credentials to successfully authenticate (therefore allowing them to relay)

or

2)  A compromized local account on the box (in one case a domain account, but this machine was a member of the domain).

Check the local accounts on the box - reset passwords and ensure guest is disabled.

Generally, I've been able to pin the issue down to a previous infection by Code Red (the IIS worm) - one of it payloads (in some versions) is enabling the guest account..

Michael.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange 2016 4 64
Exchange server take over 4 54
Could not access to OWA/ECP from external in Exchange 2016 8 44
Migrate EDB to PST 5 47
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question