Solved

Mail relay open on exchange 2000

Posted on 2004-10-12
10
478 Views
Last Modified: 2008-01-09
Greetings Experts,
We have Windows 2000 Server with exchange server 2000 sp 3
   - MX records forwarded from our isp to our server.
   - firewall forwarding port 25 to out exchange server.

http://www.abuse.net - is reporting an open relay

We have in Exchange server systems manager the following options checked/not checked.
   - Connectors - address space "allow messages to be relayed to these domains" <not checked>
   - Default SMTP Virtual server properties access - relay
       - only the list below < checked>
       - our subnet 192.168.5.0 , 255.255.255.0 in the access granted box
       - Allow all computers which successfully authenticate to relay <not checked>
   - Authentication
       - Anon access <checked>
       - Basic Authentication <checked>
       - Integrated windows Authentication <checked>

I have done extensive searching on google and EE, have implemented the recommended changes (as above).
Still reporting an open relay and I can see that I am relaying a great deal of email not from my server.
I do not want to help spammers, and I know I am now! At them moment I keep on adding the IPs of people using the server for spam to my blocked list.  This takes allot of work and is not the answer...

I am sure it is something simple that I have missed.
Thanks,
Ynaught.
0
Comment
Question by:ynaught
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
10 Comments
 
LVL 10

Accepted Solution

by:
munichpostman earned 500 total points
ID: 12290317
Here is the cause of the problem.

Default SMTP Virtual server properties access - relay
       - only the list below < checked>
       - our subnet 192.168.5.0 , 255.255.255.0 in the access granted box

Remove your subnet from this list and instead add only the ipaddresses of hosts within your organisation that will use the smtp virtual server to relay mail, and the ipaddress of the ISP system.

0
 
LVL 3

Author Comment

by:ynaught
ID: 12291278
I should put all 120 or so workstations and servers in to the list individualy that use the exchange server, and the isp of both our send mail and the one that forwards the email?  I am moer than willing to give it a tryI Will then restart smtp.
Thanks for your quick response.
I will try this now.

Regards,
0
 
LVL 3

Author Comment

by:ynaught
ID: 12291519
Hi Munichpostman,
   I removed my subnet from the list and added the individual hosts in my organization that need the relay and restarted the SMTP service.  When I tested the relay I am sorry to say that it was still open.  I agree with you that it should work.  
Regards, Ynaught
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 10

Expert Comment

by:munichpostman
ID: 12291673
Hi sorry,

just missed your posts. Can you please clarify the following?

A. Your MX record does it point to a mail relay at your isp?

B.  does it point directly to your Exchange 2000 Server?

If the answer is A, then it is the relay at your ISP that is open to relaying.
0
 
LVL 10

Expert Comment

by:munichpostman
ID: 12291750
Please review the following article.
http://support.microsoft.com/kb/304897/EN-US/

By the way I did not intend you to remove all ip addresses of all workstations from the list.

Please try all of the relay tests shown in the above link.
0
 
LVL 3

Author Comment

by:ynaught
ID: 12292506
Hi Munichpostman
  I am reviewing your last article that you posted and will get back to you with the results.  To Clarify, our mx records (in the DNS of our ISP) point to the IP that our exchange server that is behind our firewall (we use NAT, not DMZ). I have the firewall forward port 25 to the NAT address of our exchange server.  From what I understand the mail never hits our ISP they only serve to respond to DNS requests.  
Thanks again for all your help.
0
 
LVL 3

Author Comment

by:ynaught
ID: 12292954
from http://www.abuse.net/relay.html

(same tests you gave me)
 -  I have changed the ip and our domain
<<< 220 exchangeserver.yourwindowsdomain.com Microsoft ESMTP MAIL Service, Version: 5.0.2195.6713 ready at  Tue, 12 Oct 2004 15:49:45 -0700
>>> HELO www.abuse.net
<<< 250 server.servername.com Hello [208.31.42.77]


Relay test 1
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest@abuse.net>
<<< 250 2.1.0 spamtest@abuse.net....Sender OK
>>> RCPT TO:<securitytest@abuse.net>
<<< 550 5.7.1 Unable to relay for securitytest@abuse.net

Relay test 2
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest>
<<< 250 2.1.0 spamtest@ourdomain.com....Sender OK
>>> RCPT TO:<securitytest@abuse.net>
<<< 550 5.7.1 Unable to relay for securitytest@abuse.net

Relay test 3
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<>
<<< 250 2.1.0 <>....Sender OK
>>> RCPT TO:<securitytest@abuse.net>
<<< 550 5.7.1 Unable to relay for securitytest@abuse.net

Relay test 4
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest@[ourip]
<<< 250 2.1.0 spamtest@[ourip]....Sender OK
>>> RCPT TO:<securitytest@abuse.net>
<<< 550 5.7.1 Unable to relay for securitytest@abuse.net

Relay test 5
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest@ourdomai.com>
<<< 250 2.1.0 spamtest@ourdomain.com....Sender OK
>>> RCPT TO:<securitytest@abuse.net>
<<< 550 5.7.1 Unable to relay for securitytest@abuse.net

Relay test 6
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest@[ourip]>
<<< 250 2.1.0 spamtest@[ourip]....Sender OK
>>> RCPT TO:<securitytest%abuse.net@[ourip]>
<<< 550 5.7.1 Unable to relay for securitytest%abuse.net@[ourip]

Relay test 7
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest@[ourip]>
<<< 250 2.1.0 spamtest@[ourip]....Sender OK
>>> RCPT TO:<securitytest%abuse.net@ourdomain.com>
<<< 250 2.1.5 securitytest%abuse.net@ourdomain.com

Relay test result
Hmmn, at first glance, host appeared to accept a message for relay.
THIS MAY OR MAY NOT MEAN THAT IT'S AN OPEN RELAY.

Some systems appear to accept relay mail, but then reject messages internally rather than delivering them, but you cannot tell at this point whether the message will be relayed or not.

You cannot tell if it is really an open relay without sending a test message; this anonymous user test DID NOT send a test message.

0
 
LVL 3

Author Comment

by:ynaught
ID: 12292982
<<< 220 servername.windowsdomainname.com Microsoft ESMTP MAIL Service, Version: 5.0.2195.6713 ready at  Tue, 12 Oct 2004 15:59:11 -0700
>>> HELO www.abuse.net
<<< 250 servername.windowsdomainname.com Hello [208.31.42.77]


Relay test 1
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest@abuse.net>
<<< 250 2.1.0 spamtest@abuse.net....Sender OK
>>> RCPT TO:<username@ourdomain.com>
<<< 250 2.1.5 username@ourdomain.com
>>> DATA
<<< 354 Start mail input; end with <CRLF>.<CRLF>
>>> (message body)
<<< 250 2.6.0  <rlytest-1097621951-14818@abuse.net> Queued mail for delivery

Relay test result
Hmmn, at first glance, host appeared to accept a message for relay.
THIS MAY OR MAY NOT MEAN THAT IT'S AN OPEN RELAY.

---------------------------------------
a few moments later I received:
---------------------------------------

This is a test of third-party mail relay, generated via the
Network Abuse Clearinghouse at http://www.abuse.net.

    Target host = mail.ourdomain [ourip]
    Test performed by <username@ourdomain.com> from ourip

A well-configured mail server should NOT relay third-party email.
Otherwise, the server is subject to abuse by vandals and spammers,
and probable blacklisting by recipients of the unwanted third-party
e-mail.

For information on how to secure a mail server against third-party
relay, visit <URL: http://www.mail-abuse.org/tsi/>.

0
 
LVL 10

Expert Comment

by:munichpostman
ID: 12294788
It is still not clear from the above that your system is open to relay.

One question I forgot to ask you. If you open Exchange System Manager, go to Recipients, Recipient Policies, you should have a recipient policy for your domain.

I suggest that you do the following:

Use Telnet to connect to your exchange system.
try and send a testmail from test@disney.com
to youraccount@hotmail.com (your isp email address)
if the mail arrives at your isp account your system is open to relay,
if not then the mails will ndr from your exchange system and will not be relayed.

Please let me know the outcome of the test.
0
 
LVL 3

Author Comment

by:ynaught
ID: 12307701
I think the relay is now closed... although it is still reporting to be open through the web tool that I used.
Thanks for your help.
Regards,
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question