We help IT Professionals succeed at work.

HELP!  Ex2007 sends unauthenticated mail

PeterZog
PeterZog asked
on
1,613 Views
Last Modified: 2012-05-05
Help!  I am confused as to how to properly setup the receive and send connectors in Exchange 2007.  Currently anyone can send email through our mail server.  We are a small company and we have Ex07 setup on a single server without an Edge server.  

I have the client and default receive connectors to accept anonymous and the send is set to * with all the defaults that MS says to set for edge.  Our web design guy was able to send a message through PHP via SMTP without authenticating!!
Comment
Watch Question

Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Here is what I get from your first suggestion:

220 SMTP service ready
ehlo yahoo.com
250-Requested mail action okay, completed
250-SIZE
250 8BITMIME
mail from:admin@yahoo.com
250 Requested mail action okay, completed
rcpt to:postmaster@yahoo.com
550 Requested action not taken: mailbox unavailable
quit
221 SMTP server closing transmission channel


Connection to host lost.

Commented:
This is OK you are not relaying.

Then check a full message to a valid mailbox on your server

telnet <external ip address of your server> 25

ehlo yahoo.com
mail from: admin@yahoo.com
rcpt to: valdiuser@yourdomain.com

Now if you get a 200 responce here

data
Subject: test

This is test
.
quit

And check if you receive the message as a valid user
If so then your setup is OK but the problem might be that you have not yet set up your
local domain correctly

Commented:
Ok, do a get-recieveconnector | fl from EMS and same for send connector

If you open EMC click server and select Hub look at your recieve connector properties, what are the permmsions set to (anyomous?)
At the org level do the same for the send connectors and get back to me

Author

Commented:
Here are my connectors:

SEND CONNECTORS:

AddressSpaces                : {smtp:*;1}
AuthenticationCredential     :
Comment                      :
ConnectedDomains             : {}
ConnectionInactivityTimeOut  : 00:10:00
DNSRoutingEnabled            : True
DomainSecureEnabled          : False
Enabled                      : True
ForceHELO                    : False
Fqdn                         : mail.mydomain.com
HomeMTA                      : Microsoft MTA
HomeMtaServerId              : MAIL
Identity                     : Default Send
IgnoreSTARTTLS               : False
IsScopedConnector            : False
IsSmtpConnector              : True
LinkedReceiveConnector       :
MaxMessageSize               : 10MB
Name                         : Default Send
Port                         : 25
ProtocolLoggingLevel         : None
RequireTLS                   : False
SmartHostAuthMechanism       : None
SmartHosts                   : {}
SmartHostsString             :
SourceIPAddress              : 0.0.0.0
SourceRoutingGroup           : Exchange Routing Group (DWBGZMFD01QNBJR)
SourceTransportServers       : {MAIL}
UseExternalDNSServersEnabled : True

 

AddressSpaces                : {smtp:*.mydomain.com;1}
AuthenticationCredential     :
Comment                      :
ConnectedDomains             : {}
ConnectionInactivityTimeOut  : 00:10:00
DNSRoutingEnabled            : False
DomainSecureEnabled          : False
Enabled                      : True
ForceHELO                    : False
Fqdn                         :
HomeMTA                      : Microsoft MTA
HomeMtaServerId              : MAIL
Identity                     : Client
IgnoreSTARTTLS               : False
IsScopedConnector            : False
IsSmtpConnector              : True
LinkedReceiveConnector       :
MaxMessageSize               : unlimited
Name                         : Client
Port                         : 25
ProtocolLoggingLevel         : None
RequireTLS                   : False
SmartHostAuthMechanism       : ExternalAuthoritative
SmartHosts                   : {mail.mydomain.com}
SmartHostsString             : mail.mydomain.com
SourceIPAddress              : 0.0.0.0
SourceRoutingGroup           : Exchange Routing Group (DWBGZMFD01QNBJR)
SourceTransportServers       : {MAIL}
UseExternalDNSServersEnabled : False

 

RECEIVE CONNECTORS:
AuthMechanism                           : Tls, Integrated, BasicAuth, BasicAuth
                                          RequireTLS, ExchangeServer
Banner                                  :
BinaryMimeEnabled                       : True
Bindings                                : {0.0.0.0:25}
ChunkingEnabled                         : True
DefaultDomain                           :
DeliveryStatusNotificationEnabled       : True
EightBitMimeEnabled                     : True
DomainSecureEnabled                     : False
EnhancedStatusCodesEnabled              : True
Fqdn                                    : mail.mydomain.com
Comment                                 :
Enabled                                 : True
ConnectionTimeout                       : 00:10:00
ConnectionInactivityTimeout             : 00:05:00
MessageRateLimit                        : unlimited
MaxInboundConnection                    : 5000
MaxInboundConnectionPerSource           : unlimited
MaxInboundConnectionPercentagePerSource : 100
MaxHeaderSize                           : 64KB
MaxHopCount                             : 30
MaxLocalHopCount                        : 3
MaxLogonFailures                        : 3
MaxMessageSize                          : 10MB
MaxProtocolErrors                       : 5
MaxRecipientsPerMessage                 : 5000
PermissionGroups                        : AnonymousUsers, ExchangeUsers, Exchan
                                          geServers, ExchangeLegacyServers
PipeliningEnabled                       : True
ProtocolLoggingLevel                    : None
RemoteIPRanges                          : {0.0.0.0-255.255.255.255}
RequireEHLODomain                       : False
RequireTLS                              : False
Server                                  : MAIL
SizeEnabled                             : EnabledWithoutValue
TarpitInterval                          : 00:00:05
AdminDisplayName                        :
ExchangeVersion                         : 0.1 (8.0.535.0)
Name                                    : Default MAIL
DistinguishedName                       : CN=Default MAIL,CN=SMTP Receive Conne
                                          ctors,CN=Protocols,CN=MAIL,CN=Servers
                                          ,CN=Exchange Administrative Group (FY
                                          DIBOHF23SPDLT),CN=Administrative Grou
                                          ps,CN=mydomain,CN=Microsoft Exchange,CN
                                          =Services,CN=Configuration,DC=mydomain,
                                          DC=com
Identity                                : MAIL\Default MAIL
Guid                                    : a0ea664c-db9e-4d69-860f-0748f982afc6
ObjectCategory                          : mydomain.com/Configuration/Schema/ms-Ex
                                          ch-Smtp-Receive-Connector
ObjectClass                             : {top, msExchSmtpReceiveConnector}
WhenChanged                             : 6/11/2007 10:12:12 AM
WhenCreated                             : 2/20/2007 4:53:49 PM
OriginatingServer                       : mail.mydomain.com
IsValid                                 : True

AuthMechanism                           : Tls, Integrated, BasicAuth, BasicAuth
                                          RequireTLS, ExchangeServer
Banner                                  :
BinaryMimeEnabled                       : True
Bindings                                : {0.0.0.0:587}
ChunkingEnabled                         : True
DefaultDomain                           :
DeliveryStatusNotificationEnabled       : True
EightBitMimeEnabled                     : True
DomainSecureEnabled                     : False
EnhancedStatusCodesEnabled              : True
Fqdn                                    : mail.mydomain.com
Comment                                 :
Enabled                                 : True
ConnectionTimeout                       : 00:10:00
ConnectionInactivityTimeout             : 00:05:00
MessageRateLimit                        : 600
MaxInboundConnection                    : 5000
MaxInboundConnectionPerSource           : 100
MaxInboundConnectionPercentagePerSource : 2
MaxHeaderSize                           : 64KB
MaxHopCount                             : 30
MaxLocalHopCount                        : 3
MaxLogonFailures                        : 3
MaxMessageSize                          : 10MB
MaxProtocolErrors                       : 5
MaxRecipientsPerMessage                 : 200
PermissionGroups                        : AnonymousUsers, ExchangeUsers, Exchan
                                          geLegacyServers
PipeliningEnabled                       : True
ProtocolLoggingLevel                    : None
RemoteIPRanges                          : {0.0.0.0-255.255.255.255}
RequireEHLODomain                       : False
RequireTLS                              : False
Server                                  : MAIL
SizeEnabled                             : Enabled
TarpitInterval                          : 00:00:05
AdminDisplayName                        :
ExchangeVersion                         : 0.1 (8.0.535.0)
Name                                    : Client MAIL
DistinguishedName                       : CN=Client MAIL,CN=SMTP Receive Connec
                                          tors,CN=Protocols,CN=MAIL,CN=Servers,
                                          CN=Exchange Administrative Group (FYD
                                          IBOHF23SPDLT),CN=Administrative Group
                                          s,CN=mydomain,CN=Microsoft Exchange,CN=
                                          Services,CN=Configuration,DC=mydomain,D
                                          C=com
Identity                                : MAIL\Client MAIL
Guid                                    : 39d92c5e-c332-43cc-bade-9ce2165a7d2a
ObjectCategory                          : mydomain.com/Configuration/Schema/ms-Ex
                                          ch-Smtp-Receive-Connector
ObjectClass                             : {top, msExchSmtpReceiveConnector}
WhenChanged                             : 6/11/2007 10:08:25 AM
WhenCreated                             : 2/20/2007 4:53:50 PM
OriginatingServer                       : mail.mydomain.com
IsValid                                 : True

Author

Commented:
I ran this internally.

220 mail.mydomain.com Microsoft ESMTP MAIL Service ready at Fri, 15 Jun 2007
:03 -0500
ehlo yahoo.com
250-mail.mydomain.com Hello [192.168.129.27]
250-SIZE
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-X-ANONYMOUSTLS
250-AUTH GSSAPI NTLM
250-X-EXPS GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 XEXCH50
mail from: admin@yahoo.com
250 2.1.0 Sender OK
rcpt to: me@mydomain.com
501 5.1.3 Invalid address

Commented:
What happens if the

rcpt to: <me@mydomain.com>

if it still failes there is something wrong with the set up of which domains the
server accepts mail for.

You might take a look at
http://www.petri.co.il/configure_exchange_2000_2003_to_receive_email_for_other_domains.htm

Commented:
Ok, by default you can spoof messages its the nature of the beast.....  to rest relay you have to do mail from external user and mail to exteranl user.
As long as you have anyoumous which you need to recieve email then anyone from outside can send to anyone on the insdie unless you configure who can send to that user on the mbx.
http://msexchangeteam.com/archive/2006/11/17/431555.aspx
If you have multiple names on your internal -- then you need to set up your accepted domain policies to any domains which you are authorative for.

But anyone should be able to send mail to your company that is how email works. To help proect again spam, etc..  you can install the antipspam agents on your hub server

http://technet.microsoft.com/en-us/library/bb201691.aspx



Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Ok, the test results from abuse.net looked good (great site by the way).  Except test 6 but the website states it may not be a problem:  (i never received a message)

>>> RSET
<<< 250 Requested mail action okay, completed
>>> MAIL FROM:<spamtest@mydomain.com>
<<< 250 Requested mail action okay, completed
>>> RCPT TO:<user-62633%uf.abuse.net@mydomain.com>
<<< 250 Requested mail action okay, completed
>>> DATA
<<< 354 Start mail input; end with <CRLF>.<CRLF>
>>> (message body)
<<< 250 Requested mail action okay, completed

I looked at my receive connectors and they look ok.  Do I need to have anonymous users checked for only the 'default' connector or do I need it checked for both?

Also I have one user who is getting multiple messages like this in this inbox,  Can you take a look at this?


From: MicrosoftExchange329e71ec88ae4615bbc36ab6ce41109e@mydomain.com [mailto:MicrosoftExchange329e71ec88ae4615bbc36ab6ce41109e@mydomain.com]
Sent: Monday, June 11, 2007 3:44 PM
To: oneofourusers@mydomain.com
Subject: Undeliverable: Last offer- Discount special for PE patch almost over

Delivery has failed to these recipients or distribution lists:

prad@anotherdomain.com <mailto:prad%40anotherdomain.com> Microsoft Exchange has been trying to deliver this message without success and has stopped trying. Please try sending this message again, or provide the following diagnostic text to your system administrator.

________________________________

Sent by Microsoft Exchange Server 2007







Diagnostic information for administrators:

Generating server: mail.mydomain.com

prad@anotherdomain.com
#550 4.4.7 QUEUE.Expired; message expired ##

Original message headers:

Resent-From: <oneofourusers@mydomain.com>
Received: from ker7j1z417jqpcl (212.26.xxx.xxx) by mail.mydomain.com
 (192.168.xxx.xxx) with Microsoft SMTP Server id 8.0.700.0; Sat, 9 Jun 2007
 15:41:27 -0500
Return-Path: <medmnpzsoc@mnpz.by>
Received: from 80.94.xxx.xxx (HELO gcmnpz.mnpz.by)     by mydomain.com with esmtp
 (+R5-F<-D*T3 *MV)@)     id *)1*63-095?F--J3     for oneofourusers@mydomain.com; Sat,
 9 Jun 2007 20:41:47 -0300
Date: Sat, 9 Jun 2007 20:41:47 -0300
From: Carroll Burr <medmnpzsoc@mnpz.by>
X-Mailer: The Bat! (v3.5.25) Educational
X-Priority: 3 (Normal)
Message-ID: <317725315.89769184839094@thhebat.net>
To: <oneofourusers@mydomain.com>
Subject: Last offer- Discount special for PE patch almost over
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------9B01F46739B01FB"
X-Spam: Not detected
Received-SPF: PermError (mail.mydomain.com: domain of medmnpzsoc@mnpz.by used  an invalid SPF mechanism)

Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.