?
Solved

close open relay Exchange 2003 server

Posted on 2009-02-20
5
Medium Priority
?
302 Views
Last Modified: 2012-08-13
Hello,
I have the following situation: we have a Exchange 2003 server which we want to relay internally for all unix, linux servers, but we don't want that the users to send forged emails to the internet using this server.
Is there a posibility to achieve this?

Thank you,
Dan
0
Comment
Question by:4nd7
  • 2
  • 2
5 Comments
 
LVL 65

Expert Comment

by:Mestha
ID: 23694185
Do you mean internal users or external users?

Exchange allows relaying by either authentication or IP address. Authentication is the best option as it allows you to restrict who can use your server.
If you must use IP addresses then set it to specific ones rather than a subnet.

-M
0
 

Author Comment

by:4nd7
ID: 23694236
I mean internal users, who may try to forge their addresses and send emails to the internet. Can I use the same server with 2 smtp virtual servers? One that requires authentication and the other open for relay?
0
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 750 total points
ID: 23694424
If the users have mailboxes with user names and passwords that authenticate to the Exchange server, they will be able to send emails using those credentials.  There's no way you can prevent this, since it is part of the basic operation of Exchange. If you're concerned about internal users sending spam, one strategy to help with this would be to limit the number of recipients per message, and/or to limit the number of messages per connection to a single domain. Both of these are on the Messages tab of the properties of the default SMTP virtual server.
If you have other servers within your organization and you want to allow them to use your Exchange server to relay SMTP email, then you need to set the properties of your Exchange default SMTP virtual server to allow those IP addresses to relay through it.  In the properties of the SMTP virtual server, go to the Access tab, click the Relay button, select "Only the list below" and then add the internal IP addresses of those other servers.  Add the individual IP addresses, not a range, as Mestha said.
On this same tab is the checkmark for "Allow all computers with successfully authenticate to relay."  You can turn this off, but it is not recommended by Microsoft since your users may start to experience problems sending valid emails if you turn this option off.
0
 

Author Comment

by:4nd7
ID: 23694818
So in my case(I have alot of devices which cannot authenticate UPS,unix,linux) the best solution woluld be to only allow relay from specific IP addresses, right?
Wouldn't be possible to have 2 SMTP Virtual servers on the same Exchange server, each with a different IP address, and to allow unauthenticated users and all IP addresses to relay through one of the virtual smtp server, and to configure the IP of another in the address of the local bridgehead of the outbound connector?

Thank you,
Dan
0
 
LVL 65

Assisted Solution

by:Mestha
Mestha earned 750 total points
ID: 23696660
Two SMTP virtual servers isn't really going to help here. The users could use either one to bounce email off. Two SMTP VS are really only useful for inbound email only, not relaying.

If you have devices that need to relay then configure their specific IP addresses.
Of course this is all a mute point if the users can access external SMTP servers, so you need to ensure that you are blocking them there as well.

-M
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
Steps to fix “Unable to mount database. (hr=0x80004005, ec=1108)”.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Suggested Courses

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question