Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Exchange Relay Authentication

Posted on 2008-10-09
8
782 Views
Last Modified: 2013-12-04
I got an Exchange with the following situation.

Exchange 2003
ESM, under SMTP, under Access = Anonymous, basic, integrated
ESM, under SMTP, under Relay = only the list below and allow authenticated users/comps to relay
ESM, under SMTP, under Delivery, under Outbound Access = Anonymous
Smarthost SPAM Filter under SMTP, Delivery, Advanced
Telnetting to the outside, you get denied a relay
Anyone inside the network can telnet and send an email
I need emails to send both internally and externally
Users connect using Outlook cached mode, Outlook http, and webmail.

An example of my problem is UserA can telnet, and send an email from administrator@domain.com to anyone they want.  

I want to stop this, but don't want to stop mail flow or screw up the smart host?  To do this, would I just change the outbound authentication to basic/integrated?  Would that also entail setting it to authenticate with the smarthost?

Thanks,
0
Comment
Question by:deadite
  • 3
  • 3
  • 2
8 Comments
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 22685239
"An example of my problem is UserA can telnet, and send an email from administrator@domain.com to anyone they want."

This basically you are open to relay.

Since, if you are using telnet to connecting to your local Exchange server - and when you try to perform mail from: administrator@domain.com (this does not matter)
rcpt to: administrator@outsidedomain.com (when you hit enter - you should get a messages - unable to relay"

If you are trying to telnet to some one else Exchange server and you drop an email using your administrator account - you cannot help it.
0
 
LVL 13

Accepted Solution

by:
ach_patil earned 250 total points
ID: 22685463
To stop anyone internal telnetting and sending an email. Do the following
Go to the the Relay Tab under the SMTP Virtual Server.
There is little Tick Box which says "Allow all computers which successfully suthenticate to relay, regardless of the list above". Just untick it.
Once this is done internal users will not be able to relay using your Exchange Server.

I am not very clear about your external user Relay issue.
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 22685620
He only has

"ESM, under SMTP, under Relay = only the list below and allow authenticated users/comps to relay"

where did that check box come into the picture - he does not have that checked bro.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 8

Author Comment

by:deadite
ID: 22686346
Exchange_Geek:
Internal users cannot relay to outside networks, and outside networks cannot relay into me.  The relay is strictly internal.

ach_patil:
If I uncheck that box, wouldn't that interrupt my mail flow and pretty much eliminate any authentication?  

Exchange_Geek:
Sorry about the confusion, I wrote that in short hand.  There is a radio button select that says Only let the list below, then there is a check box that says Allow authenticated users and computers to relay regardless of the list
0
 
LVL 13

Expert Comment

by:ach_patil
ID: 22686487
No, it wont interrupt your mail flow. That box is just to prevent Authenticated users trying to relay using your Exchange Server.

If you have any applications that send out messages. Add their IP Addresses in the Allowed List of servers

I have used it my network to stop unnecessary internal relay and work fine.
0
 
LVL 8

Author Comment

by:deadite
ID: 22686658
What about the anonymous authentication under the virtual SMTP connector as well as the outbound one?  Do either of those need changed?  

I should be able to test this later tonight, but just want to get it done quickly and without interrupting mail flow.
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 22686762
http://www.comptechdoc.org/os/windows/exchange/exchsmtpvs.html

Check this link for basic settings for SMTP VS - there is a connection tab which has an IP address specified in the link - this isn't required.
0
 
LVL 8

Author Comment

by:deadite
ID: 22706474
The above default settings are on 2000 Exchange, they are slightly different in 2003....  None the less, I got my answer
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This article explains how to install and use the NTBackup utility that comes with Windows Server.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
how to add IIS SMTP to handle application/Scanner relays into office 365.

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question