[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

SBS 2003 Exchange w/Open Relay

Posted on 2008-06-10
2
Medium Priority
?
629 Views
Last Modified: 2012-06-27
We have a single site that appears to have an open relay.  We receive periodic monitoring alerts "SMTP Server Remote Queue Length Alert on xyzserver.  In looking at the outgoing queues there's a few messages in there that certainly look like they don't belong.

We use the ICW wizard to configure services and have standard DSL and dual nic's in the server.  Looking for a definitive approach to shutting down the relay.
0
Comment
Question by:BBrayton
2 Comments
 
LVL 3

Assisted Solution

by:patrickfromsc
patrickfromsc earned 225 total points
ID: 21752906
There is an approach that I use that has a number of benefits beyond just avoiding open relaying.  If you have the SMTP port (25) forwarding on your firewall to your mail server, you are going to have spammers attempt to send mail through your server.  However, you can use a service like DynDns's Mailhop Relay and limit where your firewall accepts SMTP traffic.

There are a few steps to implement this.
1. Sign up for Mailhop Relay.
2. Change your domain's MX records to deliver mail to their mail servers, which has the added advantage of mailbagging in case you are down.
3. Configure your firewall to only accept SMTP traffic from DynDns' netblocks.

Additionally, you can configure a non-conventional port for them to deliver mail to your server, allowing you to close port 25 all together.  You can also enable Spam and Virus filtering, further reducing the load on your mail server.

Regards,
PfSC
0
 
LVL 6

Accepted Solution

by:
raptorjb007 earned 525 total points
ID: 21752911
To lock down the SMTP relay on an exchange installation. Open exchange system manager, browse down to Admistrative groups->admingroup->Servers->servername->protocols->SMTP

Right-click on the smtp virtual server and choose properties. Goto the access Tab and choose relay.

Ensure that the "only the list below" bullet is selected and only devices approved to relay are in the list. At your discretion select the "allow all computers which authenticate to relay" if you like to allow domain workstations to relay directly via smtp rather than using mapi with an exchange client, typically if you are using pop3 or imap internally this is the case.

You can also review this MS Article for more detailed information.
http://support.microsoft.com/kb/324958
0

Featured Post

Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In my humble opinion (IMHO), TouchDown from Symantec is the best in class for this type of application, but Symantec has end-of-lifed it and although one can keep using it, it will no longer be supported or upgraded.  Time to look for alternatives t…
What is the biggest problem in managing an exchange environment today? It is the lack of backups, disaster recovery (DR) plan, testing of the DR plan or believing that it won’t happen to us.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Planning to migrate your EDB file(s) to a new or an existing Outlook PST file? This video will guide you how to convert EDB file(s) to PST. Besides this, it also describes, how one can easily search any item(s) from multiple folders or mailboxes…
Suggested Courses

590 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question