cepolly
asked on
Exchange Open Relay - Suspect Client
Hi all,
We have a remote server is using Exchange 2003. From what I can see the server is NOT an open relay. I have checked the settings and have run the telnet test to try to relay and no go.
I am suspecting that a client on the domain may be relaying mail through the server thereby getting around the open relay settings on the server. Not sure at this point whether it's from the outside or insdie.
I reviewed the following article to setup diagnostic logging to try and help me determine if and who the culprit is. I am not getting anything definitive.
http://support.microsoft.com/kb/895853
The server is flooded with NDR events as well as Event ID 7004.
Also the queue is filling up.
Any thoughts on this would be great. Any tools or other tests I can use to determine the happenings here?
Thanks
We have a remote server is using Exchange 2003. From what I can see the server is NOT an open relay. I have checked the settings and have run the telnet test to try to relay and no go.
I am suspecting that a client on the domain may be relaying mail through the server thereby getting around the open relay settings on the server. Not sure at this point whether it's from the outside or insdie.
I reviewed the following article to setup diagnostic logging to try and help me determine if and who the culprit is. I am not getting anything definitive.
http://support.microsoft.com/kb/895853
The server is flooded with NDR events as well as Event ID 7004.
Also the queue is filling up.
Any thoughts on this would be great. Any tools or other tests I can use to determine the happenings here?
Thanks
If it is a publicly accessible server I use DNSstuff.com to check for open relays (simple check) or you can use http://www.abuse.net/relay.html for a more detailed check.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
https://www.dnsexit.com/Direct.sv?cmd=testMailServer