Solved

Open Relay on Exchange Server 2003

Posted on 2009-05-05
8
700 Views
Last Modified: 2012-05-06
Windows SBS 2003 running Exchange Server 2003. I have unsuccessfully tried to stop email relaying.  I have ensures that ESM DEFAULT SMTP SERVER\PROPERTIES\ACCESS\RELAY is set to ONLY THE LIST BELOW and the list is empty, I have unselected the ALLOW COMPUTERS WHICH SUCCESSFULLY AUTHENTICATE TO RELAY..., I have even gone as far as to add an AD USER GROUP (MAIL RELAY USERS) and added only the email users - no admin accounts - to the USERS list in the RELAY RESTRICTIONS...  I still see different domains trying to relay on my server.  I have restarted the SMTP service after any change I have made.  I can telnet to the server and I am not able to relay.  Here are the results:

220 server.domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3
959 ready at  Tue, 5 May 2009 18:43:34 -0500
ehlo
250-server.domain.com Hello [192.168.0.225]
250-TURN
250-SIZE
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250-X-EXPS GSSAPI NTLM LOGIN
250-X-EXPS=LOGIN
250-AUTH GSSAPI NTLM LOGIN
250-AUTH=LOGIN
250-X-LINK2STATE
250-XEXCH50
250 OK
mail from:sean@saladart.com
250 2.1.0 sean@saladart.com....Sender OK
rcpt to:saladart@yahoo.com
550 5.7.1 Unable to relay for saladart@yahoo.com

I feel I have covered all the basics - BUT I still keep receiving email through the SMTP CONNECTOR that is (from what I can tell) being relayed through my server.  How do I stop it????
0
Comment
Question by:saladart
  • 4
  • 3
8 Comments
 

Author Comment

by:saladart
Comment Utility
Didn't mention - there is only one exchange server, it is the PDC for the domain as well. All Microsoft updates have been applied...

Is there any more information you need?

Thanks for the assist!
0
 
LVL 17

Expert Comment

by:OriNetworks
Comment Utility
check mxtoolbox.org

Then have some good email server tests

Also you can try using message tracking tool in exchange system manager to track where the messages are coming from
0
 
LVL 8

Expert Comment

by:Pete_Zed
Comment Utility
Under Admin Groups/First Admin Group/Connectors/Internet Mail SMTP Connector/Address Space, uncheck "Allow message to be relayed to these domains".
0
 

Author Comment

by:saladart
Comment Utility
Had that already unchecked...sorry, I missed putting that in the question...
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:saladart
Comment Utility
I do have message tracking turned on - in the Application Log, there are numerous Events with an ID of 7004, and 7002.

7004 -
This is an SMTP protocol error log for virtual server ID 1, connection #279. The remote host "64.202.166.12", responded to the SMTP command "rcpt" with "550 sorry, mail to that recipient is not accepted (#5.7.1)  ". The full command sent was "RCPT TO:<moodilyli1@momscookie.com>  ".  This will probably cause the connection to fail.

7002 -
This is an SMTP protocol warning log for virtual server ID 1, connection #269. The remote host "206.65.163.32", responded to the SMTP command "rcpt" with "450 4.7.1 <grisliestn16@bingisser.com>: Recipient address rejected: Greylisting in action, please try again in 5 minutes.  ". The full command sent was "RCPT TO:<grisliestn16@bingisser.com>  ".  This may cause the connection to fail.
0
 
LVL 8

Expert Comment

by:Pete_Zed
Comment Utility
What settings do you have under Authentication under the Access tab? When you click on users in the authentication section, deselect relay permission for authenticated users.
0
 
LVL 8

Expert Comment

by:Pete_Zed
Comment Utility
The Microsoft web site has a good article about open relay:

http://support.microsoft.com/kb/895853
0
 

Accepted Solution

by:
saladart earned 0 total points
Comment Utility
Under Authentication, I have ANONYMOUS, BASIC and INTEGRATED selected...

Relay Permission is not selected for Authenticated Users...
0

Featured Post

How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

Join & Write a Comment

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now