Solved

Open Relay Exchange 2007

Posted on 2009-04-01
4
415 Views
Last Modified: 2013-11-30
I recently deployed Exchange 2007 in a test environment with some DNS domains I use for a lab.  Almost immediately after I opened port 25 for mail, the network started performing very badly.  I took a look at the Queue Viewer and there were about 6000 messages in the queue going outbound, indicating I had obviously created an open relay.  I quickly stopped the Exchange Transport service and normal operation resumed.  

I will gladly provide 2000 points to anyone who can provide ALL of the following:

-An easy to follow procedure to eliminate Open Relay on Exchange 2007
-A recommendation for a decent software based SPAM filtering solution
-A way to test for open relay / SMTP best practic config
-The best website for finding out if my IP addresses are black listed for open relay.

Thanks in advance.
0
Comment
Question by:ged125
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 6

Accepted Solution

by:
AJermo earned 500 total points
ID: 24041125
short answers:
-An easy to follow procedure to eliminate Open Relay on Exchange 2007
1. Use edge transport role on seperate server. by default relay isn't permitted/configured even on the hub transport

-A recommendation for a decent software based SPAM filtering solution
2. the edge role has some spam filtering and anti-virus options built in, I'd strongly suggesting checking it out before doing something different. If you decide to go with a 3rd party solution then Baraccuda imho is one of the better solutions.

-A way to test for open relay / SMTP best practic config
3. use Telnet to send a spoof email to an address you don't host on your production server, you should get an error that relaying isn't permitted.
Here are the steps:

 cut and past from http://www.msexchange.org/pages/article.asp?id=54
1.       Open a Command Prompt window

2.       At the Command Prompt, type Telnet

3.       You will now be presented with the Telnet prompt, type OPEN 25

Notice the server responding with an error message:  Unable to relay for mark@4mcts.com.  This is telling me I have a Closed Relay.



-The best website for finding out if my IP addresses are black listed for open relay.
4. Read the recieve logs, the transaction will  usually indicate who's black list is reporting you and where to go for removal.  


0
 
LVL 6

Expert Comment

by:AJermo
ID: 24041138
forgot the link for teh anti-spam/anti-virus informaiton for edge role
http://www.microsoft.com/exchange/evaluation/features/default.mspx

0
 
LVL 65

Expert Comment

by:Mestha
ID: 24042653
Exchange 2007 is relay secure by default. Therefore you must have made a configuration error.
It is actually quite hard to turn the server in to an open relay. What did you change after deployment? You said that you entered some domains, what did you enter? Did you change the Receive connectors, send connectors?

You do NOT have to deploy an Edge server to secure the server or stop an open relay, and an antispam tool is not required either. This is basic configuration of the server.

Simon.
0
 
LVL 6

Author Closing Comment

by:ged125
ID: 31565391
Thank you!
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
Invest in your employees with these five simple steps to improve employee engagement and retention.
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question