Go Premium for a chance to win a PS4. Enter to Win


Exchange Server Problem with SMTP

Posted on 2003-11-04
Medium Priority
Last Modified: 2010-05-18
I have a exchange server 2000 with sp 3, there is a "BIG" problem that many other server send emails to my server and use my server to send those rubbish email others. My server is stuck with thousands of message queueing and My own message can't be send out easily!!!!!

Is there any solution to stop receiving the rubbish emails???
Question by:chpchai
LVL 20

Expert Comment

ID: 9685180

Make sure that you are not infected with any virus

Go to ESM-SMTP virtual server properties->Access-> Relay
Make sure that "allows all computers that successfully authenticate to relay " is checked.

Relaying is the ability to forward mail to domains other than your own. More specifically, relaying occurs when an inbound connection to your SMTP server is used to send e-mail to external domains. By default, your Exchange server accepts mail from users and sends it to an external domain. If your server is open for relaying, or if relaying is unsecured on your server, unauthorized users can use your server to send unsolicited commercial e-mail. Therefore, to secure your SMTP virtual server, it is crucial that you set relay restrictions.

 It is important to understand the difference between authenticated relaying and anonymous or open relaying.
Authenticated relaying allows your internal users to send mail to domains outside of your Exchange organization, but requires authentication before the mail is sent. By default, Exchange only allows authenticated relaying.

Anonymous relaying allows any user to connect to your Exchange server and use it send mail outside your Exchange organization.

The following examples demonstrate how Exchange 2000 accepts and relays mail using authenticated relaying:

Example 1 An anonymous user connects to the SMTP virtual server and attempts to deliver mail to an internal user in the Exchange organization. In this situation, the SMTP virtual server accepts the message because it is destined for an internal domain and because the user exists in Active Directory.

Example 2 An anonymous user connects to the SMTP virtual server and attempts to deliver mail to an external user in an external domain. In this situation, the SMTP virtual server rejects the mail because it is destined for an external domain for which the Exchange server is not responsible. Because the user is not authenticated, the SMTP virtual server does not relay this mail outside of the Exchange organization.

Example 3 A user connects to the SMTP virtual server using a POP or IMAP client (for example Microsoft Outlook® Express), authenticates, and then attempts to send a message to a user in an external domain.In this situation, Outlook Express connects directly to the SMTP virtual server and authenticates the user. Although the message is destined for a remote domain, the SMTP virtual server accepts and relays this mail because the user is authenticated. By using the relay control features of Exchange 2000, you can prevent third parties from relaying mail through your server. Relay control allows you to specify a list of incoming remote IP address and subnet mask pairs that have permission to relay mail through your server. Exchange checks an incoming SMTP client’s IP address against the list of IP networks allowed to relay mail. If the client is not allowed to relay mail, only mail addressed to local recipients is allowed. Relay control can also be implemented by domain—however, this requires implementation of reverse DNS resolution, which is controlled at the SMTP virtual server level. Default Relay Restrictions.
 By default, the SMTP virtual server allows relaying only from authenticated users. This configuration is designed to prevent unauthorized users from using your Exchange server to relay mail. the virtual server’s default configuration allows only authenticated computers to relay mail.Unsolicited commercial e-mail generally comes from a spoofed or forged address and is often relayed using a server that is not secured for relay. For this reason, Exchange 2000 allows only authenticated users. Be very cautious when changing this setting—many Internet providers will block servers that allow open relaying.

Hope this clears your doubts
LVL 35

Expert Comment

ID: 9690697
> Go to ESM-SMTP virtual server properties->Access-> Relay
> Make sure that "allows all computers that successfully authenticate to relay " is checked.

and check also "Only computers on the list" and keep the list empty. These two settings will deny anonymous realy.

Author Comment

ID: 9713101
I have tried the setting mentioned above, but still that there are message from other servers queueing in my server... mainly from AOL, MSN, Netscape... !!!!!

any further setting available to improve the situation???
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 35

Expert Comment

ID: 9717213
Open a DOS box and type:
telnet relay-test.mail-abuse.org

This will check your server for relay issues. More can be found at the mail-abuse.org web page. If there is any test, which fails, please post.

After the changes, you should restart your exchange server (or at least the SMTP service).

First at all you have to close your server. Second, you have to remove your server from the blacklists. As long your server is blacklisted, you will get mails, which will not been relayed, but which produces NDRs, which can not delivered.

Try http://openrbl.org to see, if you are blacklisted and where.

Please note also, that it may take some time, until all mails are out of the queue and are run dead. Whenever a mail can not be delivered, the mail produces a NDR to the senders address (which is usually faked) and therefore you get an additional set of mails within your queue. Have a look at the queue itself (don't forget to refresh --> menu item, not F5), and the number of mails within the queue (the queue itself is deleted, when the connection is closed, this takes also some minutes).

For the moment, you should lower the time, the mails will try to connect to the remote system (see tranmission tab within your virtual SMTP server). This reduces the time until they run dead. Also try to delete as much as possible from your queues. Also have a look at the file based queues on your server in the mailroot\vsi xx directory.
LVL 35

Accepted Solution

Bembi earned 100 total points
ID: 9717232
Oh, have a look at the senders addresses. If you see, that these are allways the same addresses, you can block or filter them. But I assume, as some of the spam-email programs are intelligent, they will cahnge the senders address often.

Assisted Solution

mwareman earned 100 total points
ID: 9792478
Seen this alot recently - and in most cases I've been involved it one of the following has been true:-

1)  The local Guest account was enabled - allowing any credentials to successfully authenticate (therefore allowing them to relay)


2)  A compromized local account on the box (in one case a domain account, but this machine was a member of the domain).

Check the local accounts on the box - reset passwords and ensure guest is disabled.

Generally, I've been able to pin the issue down to a previous infection by Code Red (the IIS worm) - one of it payloads (in some versions) is enabling the guest account..


Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video discusses moving either the default database or any database to a new volume.
Suggested Courses

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question