• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 494
  • Last Modified:

Mail relay open on exchange 2000

Greetings Experts,
We have Windows 2000 Server with exchange server 2000 sp 3
   - MX records forwarded from our isp to our server.
   - firewall forwarding port 25 to out exchange server.

http://www.abuse.net - is reporting an open relay

We have in Exchange server systems manager the following options checked/not checked.
   - Connectors - address space "allow messages to be relayed to these domains" <not checked>
   - Default SMTP Virtual server properties access - relay
       - only the list below < checked>
       - our subnet 192.168.5.0 , 255.255.255.0 in the access granted box
       - Allow all computers which successfully authenticate to relay <not checked>
   - Authentication
       - Anon access <checked>
       - Basic Authentication <checked>
       - Integrated windows Authentication <checked>

I have done extensive searching on google and EE, have implemented the recommended changes (as above).
Still reporting an open relay and I can see that I am relaying a great deal of email not from my server.
I do not want to help spammers, and I know I am now! At them moment I keep on adding the IPs of people using the server for spam to my blocked list.  This takes allot of work and is not the answer...

I am sure it is something simple that I have missed.
Thanks,
Ynaught.
0
ynaught
Asked:
ynaught
  • 6
  • 4
1 Solution
 
munichpostmanCommented:
Here is the cause of the problem.

Default SMTP Virtual server properties access - relay
       - only the list below < checked>
       - our subnet 192.168.5.0 , 255.255.255.0 in the access granted box

Remove your subnet from this list and instead add only the ipaddresses of hosts within your organisation that will use the smtp virtual server to relay mail, and the ipaddress of the ISP system.

0
 
ynaughtAuthor Commented:
I should put all 120 or so workstations and servers in to the list individualy that use the exchange server, and the isp of both our send mail and the one that forwards the email?  I am moer than willing to give it a tryI Will then restart smtp.
Thanks for your quick response.
I will try this now.

Regards,
0
 
ynaughtAuthor Commented:
Hi Munichpostman,
   I removed my subnet from the list and added the individual hosts in my organization that need the relay and restarted the SMTP service.  When I tested the relay I am sorry to say that it was still open.  I agree with you that it should work.  
Regards, Ynaught
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
munichpostmanCommented:
Hi sorry,

just missed your posts. Can you please clarify the following?

A. Your MX record does it point to a mail relay at your isp?

B.  does it point directly to your Exchange 2000 Server?

If the answer is A, then it is the relay at your ISP that is open to relaying.
0
 
munichpostmanCommented:
Please review the following article.
http://support.microsoft.com/kb/304897/EN-US/

By the way I did not intend you to remove all ip addresses of all workstations from the list.

Please try all of the relay tests shown in the above link.
0
 
ynaughtAuthor Commented:
Hi Munichpostman
  I am reviewing your last article that you posted and will get back to you with the results.  To Clarify, our mx records (in the DNS of our ISP) point to the IP that our exchange server that is behind our firewall (we use NAT, not DMZ). I have the firewall forward port 25 to the NAT address of our exchange server.  From what I understand the mail never hits our ISP they only serve to respond to DNS requests.  
Thanks again for all your help.
0
 
ynaughtAuthor Commented:
from http://www.abuse.net/relay.html

(same tests you gave me)
 -  I have changed the ip and our domain
<<< 220 exchangeserver.yourwindowsdomain.com Microsoft ESMTP MAIL Service, Version: 5.0.2195.6713 ready at  Tue, 12 Oct 2004 15:49:45 -0700
>>> HELO www.abuse.net
<<< 250 server.servername.com Hello [208.31.42.77]


Relay test 1
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest@abuse.net>
<<< 250 2.1.0 spamtest@abuse.net....Sender OK
>>> RCPT TO:<securitytest@abuse.net>
<<< 550 5.7.1 Unable to relay for securitytest@abuse.net

Relay test 2
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest>
<<< 250 2.1.0 spamtest@ourdomain.com....Sender OK
>>> RCPT TO:<securitytest@abuse.net>
<<< 550 5.7.1 Unable to relay for securitytest@abuse.net

Relay test 3
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<>
<<< 250 2.1.0 <>....Sender OK
>>> RCPT TO:<securitytest@abuse.net>
<<< 550 5.7.1 Unable to relay for securitytest@abuse.net

Relay test 4
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest@[ourip]
<<< 250 2.1.0 spamtest@[ourip]....Sender OK
>>> RCPT TO:<securitytest@abuse.net>
<<< 550 5.7.1 Unable to relay for securitytest@abuse.net

Relay test 5
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest@ourdomai.com>
<<< 250 2.1.0 spamtest@ourdomain.com....Sender OK
>>> RCPT TO:<securitytest@abuse.net>
<<< 550 5.7.1 Unable to relay for securitytest@abuse.net

Relay test 6
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest@[ourip]>
<<< 250 2.1.0 spamtest@[ourip]....Sender OK
>>> RCPT TO:<securitytest%abuse.net@[ourip]>
<<< 550 5.7.1 Unable to relay for securitytest%abuse.net@[ourip]

Relay test 7
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest@[ourip]>
<<< 250 2.1.0 spamtest@[ourip]....Sender OK
>>> RCPT TO:<securitytest%abuse.net@ourdomain.com>
<<< 250 2.1.5 securitytest%abuse.net@ourdomain.com

Relay test result
Hmmn, at first glance, host appeared to accept a message for relay.
THIS MAY OR MAY NOT MEAN THAT IT'S AN OPEN RELAY.

Some systems appear to accept relay mail, but then reject messages internally rather than delivering them, but you cannot tell at this point whether the message will be relayed or not.

You cannot tell if it is really an open relay without sending a test message; this anonymous user test DID NOT send a test message.

0
 
ynaughtAuthor Commented:
<<< 220 servername.windowsdomainname.com Microsoft ESMTP MAIL Service, Version: 5.0.2195.6713 ready at  Tue, 12 Oct 2004 15:59:11 -0700
>>> HELO www.abuse.net
<<< 250 servername.windowsdomainname.com Hello [208.31.42.77]


Relay test 1
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest@abuse.net>
<<< 250 2.1.0 spamtest@abuse.net....Sender OK
>>> RCPT TO:<username@ourdomain.com>
<<< 250 2.1.5 username@ourdomain.com
>>> DATA
<<< 354 Start mail input; end with <CRLF>.<CRLF>
>>> (message body)
<<< 250 2.6.0  <rlytest-1097621951-14818@abuse.net> Queued mail for delivery

Relay test result
Hmmn, at first glance, host appeared to accept a message for relay.
THIS MAY OR MAY NOT MEAN THAT IT'S AN OPEN RELAY.

---------------------------------------
a few moments later I received:
---------------------------------------

This is a test of third-party mail relay, generated via the
Network Abuse Clearinghouse at http://www.abuse.net.

    Target host = mail.ourdomain [ourip]
    Test performed by <username@ourdomain.com> from ourip

A well-configured mail server should NOT relay third-party email.
Otherwise, the server is subject to abuse by vandals and spammers,
and probable blacklisting by recipients of the unwanted third-party
e-mail.

For information on how to secure a mail server against third-party
relay, visit <URL: http://www.mail-abuse.org/tsi/>.

0
 
munichpostmanCommented:
It is still not clear from the above that your system is open to relay.

One question I forgot to ask you. If you open Exchange System Manager, go to Recipients, Recipient Policies, you should have a recipient policy for your domain.

I suggest that you do the following:

Use Telnet to connect to your exchange system.
try and send a testmail from test@disney.com
to youraccount@hotmail.com (your isp email address)
if the mail arrives at your isp account your system is open to relay,
if not then the mails will ndr from your exchange system and will not be relayed.

Please let me know the outcome of the test.
0
 
ynaughtAuthor Commented:
I think the relay is now closed... although it is still reporting to be open through the web tool that I used.
Thanks for your help.
Regards,
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now