Exchange 2003 Current Sessions

Posted on 2005-04-11
Last Modified: 2006-11-18
On an Exchange server under Protocols-> SMTP -> Default SMTP Virtual Server -> Current Sessions ; I occasionaly see users with external IP addresses that have been connected for quite a long time,  does this mean that they are using our SMTP server for spam? How can I test if somene is using an SMTP  server to relay?

comments would be appreciated'


Question by:An_toni_o
    LVL 104

    Expert Comment

    It could be spam.
    It may also be legitimate email where the session hasn't closed down properly.

    Exchange is relay secure by default. If you server is being used as a relay for spam there are usual signs - the biggest being that there are a large number of undeliverable messages in the queues.

    There are various open relay test web sites on the Internet - you could run your server through one of those to see if you are an open relay.

    Exchange MVP.

    Author Comment


    Hi Simon,

    We currently have that server to only allow email relay from a range of Ip addresses, so should I still be able to see external email addresses not within that range in the sessions? Are the IP addresses shown the address it is going to or the address it is being sent from?

    thanks for your help,

    LVL 104

    Accepted Solution

    If you are using Exchange in the way that it was designed to be used (all email is sent via SMTP) then you will have three types of SMTP Sessions that could be shown.

    Inbound (email coming in to your server from other people)
    Outbound (Your server sending email out to other people)
    Relay (which you don't want).

    Therefore the sessions that you are seeing could be legitimate messages that fall in to one of the two categories that you want to accept.

    With regards to the relay allowed by IP address range - you should be very careful with that feature. It is very easy to make yourself an open relay.
    Ensure that the firewall or gateway device is not included in the range. A common mistake is for people to put the entire subnet in - and as the firewall/gateway is on the same subnet, Exchange allows external traffic to relay because it is coming from an internal IP address.
    If you must allow relaying, then my preference is to use authenticated relaying. This makes the sending device ask for permission rather than Exchange just presuming permission. If you do go down that route, don't use the administrator account as this is attacked heavily for authenticated relaying.


    Author Comment


    Thanks for your help that is what I wanted to know.



    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Don't lose your head updating email signatures!

    Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users should you!

    Set OWA language and time zone in Exchange for individuals, all users or per database.
    In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now