I got a call from our ISP that someone is using our exchange server to relay spam. So most likely someone is using a username/password to authenticate on the exchange smtp. The weird thing is that when i look at the smtp logs it says that a user named "user" is being logged but there isn't a user named user.
Anyway, my question is:
I unchecked the box under the relay restrictions that says: "allow all computers which successfully authenticate to relay regardless of the list above". Which found by going the properties of the smtp , access tab, relay button.
When unchecked this box now it allows me to selectively specify which users can relay. It also appears that even if I don't add a user to the list but is using outlook via mapi, it lets you send out to anyone in the internet. Is this right? So MAPI connection doesn't require the to be added to the relay?
Also, that check box: "allow all computers which successfully authenticate to relay regardless of the list above "... when it refers to the authentication is this basically when someone from the outside have a username and password it will relay? And when I uncheck this then it will allow me to specify show has rights , more granular control?
Also the OWA users and ActiveSync users will also be able to send emails to anyone on the internet without the need to add these users to the relay users?
Thanks in advance.