[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Mail relay open on exchange 2000

Posted on 2004-10-12
10
Medium Priority
?
492 Views
Last Modified: 2008-01-09
Greetings Experts,
We have Windows 2000 Server with exchange server 2000 sp 3
   - MX records forwarded from our isp to our server.
   - firewall forwarding port 25 to out exchange server.

http://www.abuse.net - is reporting an open relay

We have in Exchange server systems manager the following options checked/not checked.
   - Connectors - address space "allow messages to be relayed to these domains" <not checked>
   - Default SMTP Virtual server properties access - relay
       - only the list below < checked>
       - our subnet 192.168.5.0 , 255.255.255.0 in the access granted box
       - Allow all computers which successfully authenticate to relay <not checked>
   - Authentication
       - Anon access <checked>
       - Basic Authentication <checked>
       - Integrated windows Authentication <checked>

I have done extensive searching on google and EE, have implemented the recommended changes (as above).
Still reporting an open relay and I can see that I am relaying a great deal of email not from my server.
I do not want to help spammers, and I know I am now! At them moment I keep on adding the IPs of people using the server for spam to my blocked list.  This takes allot of work and is not the answer...

I am sure it is something simple that I have missed.
Thanks,
Ynaught.
0
Comment
Question by:ynaught
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
10 Comments
 
LVL 10

Accepted Solution

by:
munichpostman earned 2000 total points
ID: 12290317
Here is the cause of the problem.

Default SMTP Virtual server properties access - relay
       - only the list below < checked>
       - our subnet 192.168.5.0 , 255.255.255.0 in the access granted box

Remove your subnet from this list and instead add only the ipaddresses of hosts within your organisation that will use the smtp virtual server to relay mail, and the ipaddress of the ISP system.

0
 
LVL 3

Author Comment

by:ynaught
ID: 12291278
I should put all 120 or so workstations and servers in to the list individualy that use the exchange server, and the isp of both our send mail and the one that forwards the email?  I am moer than willing to give it a tryI Will then restart smtp.
Thanks for your quick response.
I will try this now.

Regards,
0
 
LVL 3

Author Comment

by:ynaught
ID: 12291519
Hi Munichpostman,
   I removed my subnet from the list and added the individual hosts in my organization that need the relay and restarted the SMTP service.  When I tested the relay I am sorry to say that it was still open.  I agree with you that it should work.  
Regards, Ynaught
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 10

Expert Comment

by:munichpostman
ID: 12291673
Hi sorry,

just missed your posts. Can you please clarify the following?

A. Your MX record does it point to a mail relay at your isp?

B.  does it point directly to your Exchange 2000 Server?

If the answer is A, then it is the relay at your ISP that is open to relaying.
0
 
LVL 10

Expert Comment

by:munichpostman
ID: 12291750
Please review the following article.
http://support.microsoft.com/kb/304897/EN-US/

By the way I did not intend you to remove all ip addresses of all workstations from the list.

Please try all of the relay tests shown in the above link.
0
 
LVL 3

Author Comment

by:ynaught
ID: 12292506
Hi Munichpostman
  I am reviewing your last article that you posted and will get back to you with the results.  To Clarify, our mx records (in the DNS of our ISP) point to the IP that our exchange server that is behind our firewall (we use NAT, not DMZ). I have the firewall forward port 25 to the NAT address of our exchange server.  From what I understand the mail never hits our ISP they only serve to respond to DNS requests.  
Thanks again for all your help.
0
 
LVL 3

Author Comment

by:ynaught
ID: 12292954
from http://www.abuse.net/relay.html

(same tests you gave me)
 -  I have changed the ip and our domain
<<< 220 exchangeserver.yourwindowsdomain.com Microsoft ESMTP MAIL Service, Version: 5.0.2195.6713 ready at  Tue, 12 Oct 2004 15:49:45 -0700
>>> HELO www.abuse.net
<<< 250 server.servername.com Hello [208.31.42.77]


Relay test 1
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest@abuse.net>
<<< 250 2.1.0 spamtest@abuse.net....Sender OK
>>> RCPT TO:<securitytest@abuse.net>
<<< 550 5.7.1 Unable to relay for securitytest@abuse.net

Relay test 2
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest>
<<< 250 2.1.0 spamtest@ourdomain.com....Sender OK
>>> RCPT TO:<securitytest@abuse.net>
<<< 550 5.7.1 Unable to relay for securitytest@abuse.net

Relay test 3
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<>
<<< 250 2.1.0 <>....Sender OK
>>> RCPT TO:<securitytest@abuse.net>
<<< 550 5.7.1 Unable to relay for securitytest@abuse.net

Relay test 4
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest@[ourip]
<<< 250 2.1.0 spamtest@[ourip]....Sender OK
>>> RCPT TO:<securitytest@abuse.net>
<<< 550 5.7.1 Unable to relay for securitytest@abuse.net

Relay test 5
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest@ourdomai.com>
<<< 250 2.1.0 spamtest@ourdomain.com....Sender OK
>>> RCPT TO:<securitytest@abuse.net>
<<< 550 5.7.1 Unable to relay for securitytest@abuse.net

Relay test 6
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest@[ourip]>
<<< 250 2.1.0 spamtest@[ourip]....Sender OK
>>> RCPT TO:<securitytest%abuse.net@[ourip]>
<<< 550 5.7.1 Unable to relay for securitytest%abuse.net@[ourip]

Relay test 7
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest@[ourip]>
<<< 250 2.1.0 spamtest@[ourip]....Sender OK
>>> RCPT TO:<securitytest%abuse.net@ourdomain.com>
<<< 250 2.1.5 securitytest%abuse.net@ourdomain.com

Relay test result
Hmmn, at first glance, host appeared to accept a message for relay.
THIS MAY OR MAY NOT MEAN THAT IT'S AN OPEN RELAY.

Some systems appear to accept relay mail, but then reject messages internally rather than delivering them, but you cannot tell at this point whether the message will be relayed or not.

You cannot tell if it is really an open relay without sending a test message; this anonymous user test DID NOT send a test message.

0
 
LVL 3

Author Comment

by:ynaught
ID: 12292982
<<< 220 servername.windowsdomainname.com Microsoft ESMTP MAIL Service, Version: 5.0.2195.6713 ready at  Tue, 12 Oct 2004 15:59:11 -0700
>>> HELO www.abuse.net
<<< 250 servername.windowsdomainname.com Hello [208.31.42.77]


Relay test 1
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest@abuse.net>
<<< 250 2.1.0 spamtest@abuse.net....Sender OK
>>> RCPT TO:<username@ourdomain.com>
<<< 250 2.1.5 username@ourdomain.com
>>> DATA
<<< 354 Start mail input; end with <CRLF>.<CRLF>
>>> (message body)
<<< 250 2.6.0  <rlytest-1097621951-14818@abuse.net> Queued mail for delivery

Relay test result
Hmmn, at first glance, host appeared to accept a message for relay.
THIS MAY OR MAY NOT MEAN THAT IT'S AN OPEN RELAY.

---------------------------------------
a few moments later I received:
---------------------------------------

This is a test of third-party mail relay, generated via the
Network Abuse Clearinghouse at http://www.abuse.net.

    Target host = mail.ourdomain [ourip]
    Test performed by <username@ourdomain.com> from ourip

A well-configured mail server should NOT relay third-party email.
Otherwise, the server is subject to abuse by vandals and spammers,
and probable blacklisting by recipients of the unwanted third-party
e-mail.

For information on how to secure a mail server against third-party
relay, visit <URL: http://www.mail-abuse.org/tsi/>.

0
 
LVL 10

Expert Comment

by:munichpostman
ID: 12294788
It is still not clear from the above that your system is open to relay.

One question I forgot to ask you. If you open Exchange System Manager, go to Recipients, Recipient Policies, you should have a recipient policy for your domain.

I suggest that you do the following:

Use Telnet to connect to your exchange system.
try and send a testmail from test@disney.com
to youraccount@hotmail.com (your isp email address)
if the mail arrives at your isp account your system is open to relay,
if not then the mails will ndr from your exchange system and will not be relayed.

Please let me know the outcome of the test.
0
 
LVL 3

Author Comment

by:ynaught
ID: 12307701
I think the relay is now closed... although it is still reporting to be open through the web tool that I used.
Thanks for your help.
Regards,
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question