Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 630
  • Last Modified:

SBS 2003 Exchange w/Open Relay

We have a single site that appears to have an open relay.  We receive periodic monitoring alerts "SMTP Server Remote Queue Length Alert on xyzserver.  In looking at the outgoing queues there's a few messages in there that certainly look like they don't belong.

We use the ICW wizard to configure services and have standard DSL and dual nic's in the server.  Looking for a definitive approach to shutting down the relay.
0
BBrayton
Asked:
BBrayton
2 Solutions
 
patrickfromscCommented:
There is an approach that I use that has a number of benefits beyond just avoiding open relaying.  If you have the SMTP port (25) forwarding on your firewall to your mail server, you are going to have spammers attempt to send mail through your server.  However, you can use a service like DynDns's Mailhop Relay and limit where your firewall accepts SMTP traffic.

There are a few steps to implement this.
1. Sign up for Mailhop Relay.
2. Change your domain's MX records to deliver mail to their mail servers, which has the added advantage of mailbagging in case you are down.
3. Configure your firewall to only accept SMTP traffic from DynDns' netblocks.

Additionally, you can configure a non-conventional port for them to deliver mail to your server, allowing you to close port 25 all together.  You can also enable Spam and Virus filtering, further reducing the load on your mail server.

Regards,
PfSC
0
 
raptorjb007Commented:
To lock down the SMTP relay on an exchange installation. Open exchange system manager, browse down to Admistrative groups->admingroup->Servers->servername->protocols->SMTP

Right-click on the smtp virtual server and choose properties. Goto the access Tab and choose relay.

Ensure that the "only the list below" bullet is selected and only devices approved to relay are in the list. At your discretion select the "allow all computers which authenticate to relay" if you like to allow domain workstations to relay directly via smtp rather than using mapi with an exchange client, typically if you are using pop3 or imap internally this is the case.

You can also review this MS Article for more detailed information.
http://support.microsoft.com/kb/324958
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now