Solved

Open Relay Exchange 2007

Posted on 2009-04-01
4
409 Views
Last Modified: 2013-11-30
I recently deployed Exchange 2007 in a test environment with some DNS domains I use for a lab.  Almost immediately after I opened port 25 for mail, the network started performing very badly.  I took a look at the Queue Viewer and there were about 6000 messages in the queue going outbound, indicating I had obviously created an open relay.  I quickly stopped the Exchange Transport service and normal operation resumed.  

I will gladly provide 2000 points to anyone who can provide ALL of the following:

-An easy to follow procedure to eliminate Open Relay on Exchange 2007
-A recommendation for a decent software based SPAM filtering solution
-A way to test for open relay / SMTP best practic config
-The best website for finding out if my IP addresses are black listed for open relay.

Thanks in advance.
0
Comment
Question by:ged125
  • 2
4 Comments
 
LVL 6

Accepted Solution

by:
AJermo earned 500 total points
ID: 24041125
short answers:
-An easy to follow procedure to eliminate Open Relay on Exchange 2007
1. Use edge transport role on seperate server. by default relay isn't permitted/configured even on the hub transport

-A recommendation for a decent software based SPAM filtering solution
2. the edge role has some spam filtering and anti-virus options built in, I'd strongly suggesting checking it out before doing something different. If you decide to go with a 3rd party solution then Baraccuda imho is one of the better solutions.

-A way to test for open relay / SMTP best practic config
3. use Telnet to send a spoof email to an address you don't host on your production server, you should get an error that relaying isn't permitted.
Here are the steps:

 cut and past from http://www.msexchange.org/pages/article.asp?id=54
1.       Open a Command Prompt window

2.       At the Command Prompt, type Telnet

3.       You will now be presented with the Telnet prompt, type OPEN 25

Notice the server responding with an error message:  Unable to relay for mark@4mcts.com.  This is telling me I have a Closed Relay.



-The best website for finding out if my IP addresses are black listed for open relay.
4. Read the recieve logs, the transaction will  usually indicate who's black list is reporting you and where to go for removal.  


0
 
LVL 6

Expert Comment

by:AJermo
ID: 24041138
forgot the link for teh anti-spam/anti-virus informaiton for edge role
http://www.microsoft.com/exchange/evaluation/features/default.mspx

0
 
LVL 65

Expert Comment

by:Mestha
ID: 24042653
Exchange 2007 is relay secure by default. Therefore you must have made a configuration error.
It is actually quite hard to turn the server in to an open relay. What did you change after deployment? You said that you entered some domains, what did you enter? Did you change the Receive connectors, send connectors?

You do NOT have to deploy an Edge server to secure the server or stop an open relay, and an antispam tool is not required either. This is basic configuration of the server.

Simon.
0
 
LVL 6

Author Closing Comment

by:ged125
ID: 31565391
Thank you!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now