• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 973
  • Last Modified:

Exchange 2003 - How can this scanner be relaying SMTP mail through Virtual Server ???

We have scanners installed that relay mail through exchange and have been adding in the IPs as relays before we commissioned but have missed a couple and strangely they still relay mail, without adding their IP addresses into allowed relay on our virtual server (VS). I've activated SMTP logging on the VS and can see the data below showing that the scanner (10.40.12.249) is relaying through this VS (SMTPSVC1) even though the IP is not in the specified relay list.

2009-02-19 15:05:32 10.40.12.249 RNPC94680 SMTPSVC1 UKEXBHMAN01 10.40.0.159 0 HELO - +RNPC94680 250 0 52 14 0 SMTP - - - -
2009-02-19 15:05:32 10.40.12.249 RNPC94680 SMTPSVC1 UKEXBHMAN01 10.40.0.159 0 MAIL - +FROM:<mfd.scanner@xxxxx.com> 250 0 51 38 0 SMTP - - - -
2009-02-19 15:05:32 10.40.12.249 RNPC94680 SMTPSVC1 UKEXBHMAN01 10.40.0.159 0 RCPT - +TO:<c@xxxxx.com> 250 0 29 26 0 SMTP - - - -
2009-02-19 15:05:32 10.40.12.249 RNPC94680 SMTPSVC1 UKEXBHMAN01 10.40.0.159 0 DATA - +<200902191502102N.DCSML-S001300000.000074C94680@10.40.12.249> 250 0 145 187451 94 SMTP - - - -
2009-02-19 15:05:32 10.40.12.249 RNPC94680 SMTPSVC1 UKEXBHMAN01 10.40.0.159 0 QUIT - RNPC94680 240 94 74 4 0 SMTP - - - -

I have since removed another existing relay for a similar scanner (stopped and started services) from Exchange and the scanner continues to relay - very strange.

The settings we have are the default (as below) with the addition of allowed relays.

---------------------------------------------------------------------------------------
Relay Restrictions
*Only the list below - selected and computers added
*Allow all computer which successfully authenticate to relay, regardless of the above list - Selected but if we remove this the scanners still relay.

Authentication
* Anonymous access - Selected
* resolve anonymous email - NOT Selected
* Basic authentication - Selected
* Requires TLS - NOT Selected
* Integrated Windows Authentication - Selected

Authenticated users have submit permission only
---------------------------------------------------------------------------------------

If anyone can spot why these are still relaying I would be very grateful. We would like to control what devices can send mail through exchange more than this if possible.

Cheers

C


0
cmuir
Asked:
cmuir
1 Solution
 
MesthaCommented:
Remove the entire list of relay machines and authenticated relaying. Then restart the SMTP Server service. If you do not restart the SMTP Server service then the server can continue to be abused.

-M
0
 
pghnCommented:
Your configurations seems to  be just fine. Have you restart the services (SMTP, Exchange POP, etc.) after the changes you've made?

In my case this resolved the problem...
0
 
cmuirAuthor Commented:
Just noticed that if I remove an IP from the relay list that the IP Scanner can continue to Relay to the internal domain but not externally - is this by design? We would like to have the ability to stop all devices relaying internally or externally if we want.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
cmuirAuthor Commented:
MESTHA - unfortunately removing all items from the relay list isn't an option as we have legitimate machines that do need to relay mail and if we remove just the scanners from the list and restart services they can still relay mail internally (though not externally as we have just found out)
0
 
cmuirAuthor Commented:
PGHN - yes stopped and started MTA and SMTP - would you suggest restarting more?
0
 
MNH1966Commented:
I think there's a slight misunderstanding here.
Relaying means sending mail to the outside world from an address that does not exist within your organization (simply put). It's perfectly normal that, unless you apply IP connection restrictions, any SMTP device is able to send mail to internal mailboxes.
0
 
cmuirAuthor Commented:
Thanks - we will look at IP restrictions to tighten down who can connect at all.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now