Solved

I want to deny external users from using relaying to my Exchnage Server telnet to port 25

Posted on 2009-05-05
8
319 Views
Last Modified: 2012-06-27
Hi. We have Exchnage 2007. I noticed that when i connect to the internet from outside my network and i telnet "exchnage servname" 25 , i can then send an email from anyone from my organisation which is a huge security risk. Please advise how i can deny this
0
Comment
Question by:BSTIT
  • 4
  • 3
8 Comments
 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 24303140
That is how it works. exchange 2007 is secure by default. You have to go and change the setting to make it an open relay.

When you do a telnet test, can you send an email by choosing, say user@google.com as the sender and user@microsoft.com as the recipient? Then, your server is an open relay.

But, if your sender in telnet is a user in your exchange and the recipient is anyone in the world, telnet will work! All exchange is trying is to send an email from your internal user to someone outside.

Rajith.
0
 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 24303152
If you are so worried, just disable telnet protocol on your external firewall.

Rajith.
0
 

Author Comment

by:BSTIT
ID: 24303189
Does this mean an external user that knows my email address can telnet into my exchange server and send helo and a message using my email address to anyone in the world. If so then thats a secuirty risk
0
 

Author Comment

by:BSTIT
ID: 24303215
I cannot disable telnet because my Firewall guys use this to get in and assist us. What else can i do?
0
The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

 
LVL 24

Accepted Solution

by:
Rajith Enchiparambil earned 500 total points
ID: 24303317
No, you can only send emails to users within your own domain.

If the server were operating as an open relay you would be able to send email to any other domain. By default Exchange server does not allow this to happen and you would get an error message after entering the RCPT TO line. If you are able to send to an outside domain, it is a good idea to check your configuration and ensure that the server is not operating as an open relay.

http://www.msexchange.org/articles/Sending-Email-without-Client.html
0
 

Author Comment

by:BSTIT
ID: 24303918
What if an attacker gets my email address and sends a mail via telnet to another user on my domain instructing him to transfer money. That will work, how can i deny this?
0
 
LVL 6

Expert Comment

by:danf0x
ID: 24304804
You can always change the port from 25 to 587.  I have done this for some of my users as that gets rid of a ton of spambots but any decent antispam software that does sender verification will stop those type messages coming through.
0
 

Author Comment

by:BSTIT
ID: 24304832
I heard there is a way we can specify only internal ip addresses under the send connector, is this correct as this will eliminate the problem and if so how do i do this
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now