Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Lock down Relay and Authentication

Posted on 2007-03-27
5
Medium Priority
?
231 Views
Last Modified: 2011-09-20
I had a domain that was hosted for me by another company with these addresses
<user>@Domain.com
I implemented my Exchange 2003 on a child domain and they have these addresses
of <user>@Child.Domain.com
I changed the public mx record to point to my Exchange IP and I created
<user>@Domain.com addresses for all users in AD. Everything is delivered
perfectly when Exchange is an Open Relay and I allow Anonymous Access but as
soon as I try and restrict my Relay or Disable Anonymous Access only my child
domain email addresses work. From an outsider they receive "550 5.7.1 Unable
to relay for " when sending to <user>@Domain.com but sent from the same
outsider and sending to <user>@Child.Domain.com the email is quick as a deer!
I know spammers will find me, if they haven't already, and use my Exchange to
spam people, so how do I go abouts locking down my Exchange environment?
0
Comment
Question by:Yago007
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 3

Expert Comment

by:itsireland
ID: 18802634
allowing anonymous access for the SMTP Protocol does not make your server an open relay server as long as you don't allow anyone outside of your domain to send OUT emails.

So on the SMTP protocol you can allow anonymous access in the "Access Control" --> "Authentication" button. This allows incoming emails from any server.

To prevent open relays do NOT allow unauthenticated users to Relay using the relay restrictions "RELAY" button. Users in your network with Outlook will autenticate so they will have access as long as you have no connector restrictions.

Not sure? Try one of the free "check for open relay" websites (one you trust) and they'll tell you whether you messed up your configuration or not.

Hope this helps.
0
 

Author Comment

by:Yago007
ID: 18803154
I have allowed anonymous access in the "Access Control" --> "Authentication" thank you for the clarification, but still when I change the Relay Restrictions to "Only the list below" and I have the "Allow all computers which successfully authenicate to relay regardles of the list above" checked, I get a "550 5.7.1 Unable to relay for <user>" from my gmail account. This is when I am emailing address <user>@Domain.com My other address <user>@Child.Domain.com works fine. I need both email addresses to work.
0
 
LVL 3

Accepted Solution

by:
itsireland earned 2000 total points
ID: 18806760
You definately have to lock it down anyway. Otherwise you'll end up on block lists and the fun really starts.

It seems your domain configurtion is not set up properly. Did you set up a recipient policy for the domain? You will need domain settings for both the domain.com and the child.domain.com. Also, are there no delivery restrictions in the users mailbox settings?

0
 

Author Comment

by:Yago007
ID: 18810081
No i did not have a recipient policy for Domain.com. After i did that a couple of hours later I was able to lock down relaying. Thanks.
0
 
LVL 3

Expert Comment

by:itsireland
ID: 18810228
Good stuff!
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question