Solved

SBS 2003 Exchange w/Open Relay

Posted on 2008-06-10
2
550 Views
Last Modified: 2012-06-27
We have a single site that appears to have an open relay.  We receive periodic monitoring alerts "SMTP Server Remote Queue Length Alert on xyzserver.  In looking at the outgoing queues there's a few messages in there that certainly look like they don't belong.

We use the ICW wizard to configure services and have standard DSL and dual nic's in the server.  Looking for a definitive approach to shutting down the relay.
0
Comment
Question by:BBrayton
2 Comments
 
LVL 3

Assisted Solution

by:patrickfromsc
patrickfromsc earned 75 total points
ID: 21752906
There is an approach that I use that has a number of benefits beyond just avoiding open relaying.  If you have the SMTP port (25) forwarding on your firewall to your mail server, you are going to have spammers attempt to send mail through your server.  However, you can use a service like DynDns's Mailhop Relay and limit where your firewall accepts SMTP traffic.

There are a few steps to implement this.
1. Sign up for Mailhop Relay.
2. Change your domain's MX records to deliver mail to their mail servers, which has the added advantage of mailbagging in case you are down.
3. Configure your firewall to only accept SMTP traffic from DynDns' netblocks.

Additionally, you can configure a non-conventional port for them to deliver mail to your server, allowing you to close port 25 all together.  You can also enable Spam and Virus filtering, further reducing the load on your mail server.

Regards,
PfSC
0
 
LVL 6

Accepted Solution

by:
raptorjb007 earned 175 total points
ID: 21752911
To lock down the SMTP relay on an exchange installation. Open exchange system manager, browse down to Admistrative groups->admingroup->Servers->servername->protocols->SMTP

Right-click on the smtp virtual server and choose properties. Goto the access Tab and choose relay.

Ensure that the "only the list below" bullet is selected and only devices approved to relay are in the list. At your discretion select the "allow all computers which authenticate to relay" if you like to allow domain workstations to relay directly via smtp rather than using mapi with an exchange client, typically if you are using pop3 or imap internally this is the case.

You can also review this MS Article for more detailed information.
http://support.microsoft.com/kb/324958
0

Featured Post

Shouldn't all users have the same email signature?

You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

Join & Write a Comment

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
Familiarize people with the process of utilizing SQL Server views from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Access…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now