Solved

Lock down Relay and Authentication

Posted on 2007-03-27
5
222 Views
Last Modified: 2011-09-20
I had a domain that was hosted for me by another company with these addresses
<user>@Domain.com
I implemented my Exchange 2003 on a child domain and they have these addresses
of <user>@Child.Domain.com
I changed the public mx record to point to my Exchange IP and I created
<user>@Domain.com addresses for all users in AD. Everything is delivered
perfectly when Exchange is an Open Relay and I allow Anonymous Access but as
soon as I try and restrict my Relay or Disable Anonymous Access only my child
domain email addresses work. From an outsider they receive "550 5.7.1 Unable
to relay for " when sending to <user>@Domain.com but sent from the same
outsider and sending to <user>@Child.Domain.com the email is quick as a deer!
I know spammers will find me, if they haven't already, and use my Exchange to
spam people, so how do I go abouts locking down my Exchange environment?
0
Comment
Question by:Yago007
  • 3
  • 2
5 Comments
 
LVL 3

Expert Comment

by:itsireland
ID: 18802634
allowing anonymous access for the SMTP Protocol does not make your server an open relay server as long as you don't allow anyone outside of your domain to send OUT emails.

So on the SMTP protocol you can allow anonymous access in the "Access Control" --> "Authentication" button. This allows incoming emails from any server.

To prevent open relays do NOT allow unauthenticated users to Relay using the relay restrictions "RELAY" button. Users in your network with Outlook will autenticate so they will have access as long as you have no connector restrictions.

Not sure? Try one of the free "check for open relay" websites (one you trust) and they'll tell you whether you messed up your configuration or not.

Hope this helps.
0
 

Author Comment

by:Yago007
ID: 18803154
I have allowed anonymous access in the "Access Control" --> "Authentication" thank you for the clarification, but still when I change the Relay Restrictions to "Only the list below" and I have the "Allow all computers which successfully authenicate to relay regardles of the list above" checked, I get a "550 5.7.1 Unable to relay for <user>" from my gmail account. This is when I am emailing address <user>@Domain.com My other address <user>@Child.Domain.com works fine. I need both email addresses to work.
0
 
LVL 3

Accepted Solution

by:
itsireland earned 500 total points
ID: 18806760
You definately have to lock it down anyway. Otherwise you'll end up on block lists and the fun really starts.

It seems your domain configurtion is not set up properly. Did you set up a recipient policy for the domain? You will need domain settings for both the domain.com and the child.domain.com. Also, are there no delivery restrictions in the users mailbox settings?

0
 

Author Comment

by:Yago007
ID: 18810081
No i did not have a recipient policy for Domain.com. After i did that a couple of hours later I was able to lock down relaying. Thanks.
0
 
LVL 3

Expert Comment

by:itsireland
ID: 18810228
Good stuff!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Read this checklist to learn more about the 15 things you should never include in an email signature.
This video discusses moving either the default database or any database to a new volume.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question