Solved

Mail relay open on exchange 2000

Posted on 2004-10-12
10
465 Views
Last Modified: 2008-01-09
Greetings Experts,
We have Windows 2000 Server with exchange server 2000 sp 3
   - MX records forwarded from our isp to our server.
   - firewall forwarding port 25 to out exchange server.

http://www.abuse.net - is reporting an open relay

We have in Exchange server systems manager the following options checked/not checked.
   - Connectors - address space "allow messages to be relayed to these domains" <not checked>
   - Default SMTP Virtual server properties access - relay
       - only the list below < checked>
       - our subnet 192.168.5.0 , 255.255.255.0 in the access granted box
       - Allow all computers which successfully authenticate to relay <not checked>
   - Authentication
       - Anon access <checked>
       - Basic Authentication <checked>
       - Integrated windows Authentication <checked>

I have done extensive searching on google and EE, have implemented the recommended changes (as above).
Still reporting an open relay and I can see that I am relaying a great deal of email not from my server.
I do not want to help spammers, and I know I am now! At them moment I keep on adding the IPs of people using the server for spam to my blocked list.  This takes allot of work and is not the answer...

I am sure it is something simple that I have missed.
Thanks,
Ynaught.
0
Comment
Question by:ynaught
  • 6
  • 4
10 Comments
 
LVL 10

Accepted Solution

by:
munichpostman earned 500 total points
Comment Utility
Here is the cause of the problem.

Default SMTP Virtual server properties access - relay
       - only the list below < checked>
       - our subnet 192.168.5.0 , 255.255.255.0 in the access granted box

Remove your subnet from this list and instead add only the ipaddresses of hosts within your organisation that will use the smtp virtual server to relay mail, and the ipaddress of the ISP system.

0
 
LVL 3

Author Comment

by:ynaught
Comment Utility
I should put all 120 or so workstations and servers in to the list individualy that use the exchange server, and the isp of both our send mail and the one that forwards the email?  I am moer than willing to give it a tryI Will then restart smtp.
Thanks for your quick response.
I will try this now.

Regards,
0
 
LVL 3

Author Comment

by:ynaught
Comment Utility
Hi Munichpostman,
   I removed my subnet from the list and added the individual hosts in my organization that need the relay and restarted the SMTP service.  When I tested the relay I am sorry to say that it was still open.  I agree with you that it should work.  
Regards, Ynaught
0
 
LVL 10

Expert Comment

by:munichpostman
Comment Utility
Hi sorry,

just missed your posts. Can you please clarify the following?

A. Your MX record does it point to a mail relay at your isp?

B.  does it point directly to your Exchange 2000 Server?

If the answer is A, then it is the relay at your ISP that is open to relaying.
0
 
LVL 10

Expert Comment

by:munichpostman
Comment Utility
Please review the following article.
http://support.microsoft.com/kb/304897/EN-US/

By the way I did not intend you to remove all ip addresses of all workstations from the list.

Please try all of the relay tests shown in the above link.
0
Want to promote your upcoming event?

Is your company attending an event or exhibiting at a trade show soon? Are you speaking at a conference? Spread the word by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

 
LVL 3

Author Comment

by:ynaught
Comment Utility
Hi Munichpostman
  I am reviewing your last article that you posted and will get back to you with the results.  To Clarify, our mx records (in the DNS of our ISP) point to the IP that our exchange server that is behind our firewall (we use NAT, not DMZ). I have the firewall forward port 25 to the NAT address of our exchange server.  From what I understand the mail never hits our ISP they only serve to respond to DNS requests.  
Thanks again for all your help.
0
 
LVL 3

Author Comment

by:ynaught
Comment Utility
from http://www.abuse.net/relay.html

(same tests you gave me)
 -  I have changed the ip and our domain
<<< 220 exchangeserver.yourwindowsdomain.com Microsoft ESMTP MAIL Service, Version: 5.0.2195.6713 ready at  Tue, 12 Oct 2004 15:49:45 -0700
>>> HELO www.abuse.net
<<< 250 server.servername.com Hello [208.31.42.77]


Relay test 1
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest@abuse.net>
<<< 250 2.1.0 spamtest@abuse.net....Sender OK
>>> RCPT TO:<securitytest@abuse.net>
<<< 550 5.7.1 Unable to relay for securitytest@abuse.net

Relay test 2
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest>
<<< 250 2.1.0 spamtest@ourdomain.com....Sender OK
>>> RCPT TO:<securitytest@abuse.net>
<<< 550 5.7.1 Unable to relay for securitytest@abuse.net

Relay test 3
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<>
<<< 250 2.1.0 <>....Sender OK
>>> RCPT TO:<securitytest@abuse.net>
<<< 550 5.7.1 Unable to relay for securitytest@abuse.net

Relay test 4
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest@[ourip]
<<< 250 2.1.0 spamtest@[ourip]....Sender OK
>>> RCPT TO:<securitytest@abuse.net>
<<< 550 5.7.1 Unable to relay for securitytest@abuse.net

Relay test 5
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest@ourdomai.com>
<<< 250 2.1.0 spamtest@ourdomain.com....Sender OK
>>> RCPT TO:<securitytest@abuse.net>
<<< 550 5.7.1 Unable to relay for securitytest@abuse.net

Relay test 6
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest@[ourip]>
<<< 250 2.1.0 spamtest@[ourip]....Sender OK
>>> RCPT TO:<securitytest%abuse.net@[ourip]>
<<< 550 5.7.1 Unable to relay for securitytest%abuse.net@[ourip]

Relay test 7
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest@[ourip]>
<<< 250 2.1.0 spamtest@[ourip]....Sender OK
>>> RCPT TO:<securitytest%abuse.net@ourdomain.com>
<<< 250 2.1.5 securitytest%abuse.net@ourdomain.com

Relay test result
Hmmn, at first glance, host appeared to accept a message for relay.
THIS MAY OR MAY NOT MEAN THAT IT'S AN OPEN RELAY.

Some systems appear to accept relay mail, but then reject messages internally rather than delivering them, but you cannot tell at this point whether the message will be relayed or not.

You cannot tell if it is really an open relay without sending a test message; this anonymous user test DID NOT send a test message.

0
 
LVL 3

Author Comment

by:ynaught
Comment Utility
<<< 220 servername.windowsdomainname.com Microsoft ESMTP MAIL Service, Version: 5.0.2195.6713 ready at  Tue, 12 Oct 2004 15:59:11 -0700
>>> HELO www.abuse.net
<<< 250 servername.windowsdomainname.com Hello [208.31.42.77]


Relay test 1
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest@abuse.net>
<<< 250 2.1.0 spamtest@abuse.net....Sender OK
>>> RCPT TO:<username@ourdomain.com>
<<< 250 2.1.5 username@ourdomain.com
>>> DATA
<<< 354 Start mail input; end with <CRLF>.<CRLF>
>>> (message body)
<<< 250 2.6.0  <rlytest-1097621951-14818@abuse.net> Queued mail for delivery

Relay test result
Hmmn, at first glance, host appeared to accept a message for relay.
THIS MAY OR MAY NOT MEAN THAT IT'S AN OPEN RELAY.

---------------------------------------
a few moments later I received:
---------------------------------------

This is a test of third-party mail relay, generated via the
Network Abuse Clearinghouse at http://www.abuse.net.

    Target host = mail.ourdomain [ourip]
    Test performed by <username@ourdomain.com> from ourip

A well-configured mail server should NOT relay third-party email.
Otherwise, the server is subject to abuse by vandals and spammers,
and probable blacklisting by recipients of the unwanted third-party
e-mail.

For information on how to secure a mail server against third-party
relay, visit <URL: http://www.mail-abuse.org/tsi/>.

0
 
LVL 10

Expert Comment

by:munichpostman
Comment Utility
It is still not clear from the above that your system is open to relay.

One question I forgot to ask you. If you open Exchange System Manager, go to Recipients, Recipient Policies, you should have a recipient policy for your domain.

I suggest that you do the following:

Use Telnet to connect to your exchange system.
try and send a testmail from test@disney.com
to youraccount@hotmail.com (your isp email address)
if the mail arrives at your isp account your system is open to relay,
if not then the mails will ndr from your exchange system and will not be relayed.

Please let me know the outcome of the test.
0
 
LVL 3

Author Comment

by:ynaught
Comment Utility
I think the relay is now closed... although it is still reporting to be open through the web tool that I used.
Thanks for your help.
Regards,
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Suggested Solutions

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now