Solved

Open Relay on Exchange Server 2003

Posted on 2009-05-05
8
709 Views
Last Modified: 2012-05-06
Windows SBS 2003 running Exchange Server 2003. I have unsuccessfully tried to stop email relaying.  I have ensures that ESM DEFAULT SMTP SERVER\PROPERTIES\ACCESS\RELAY is set to ONLY THE LIST BELOW and the list is empty, I have unselected the ALLOW COMPUTERS WHICH SUCCESSFULLY AUTHENTICATE TO RELAY..., I have even gone as far as to add an AD USER GROUP (MAIL RELAY USERS) and added only the email users - no admin accounts - to the USERS list in the RELAY RESTRICTIONS...  I still see different domains trying to relay on my server.  I have restarted the SMTP service after any change I have made.  I can telnet to the server and I am not able to relay.  Here are the results:

220 server.domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3
959 ready at  Tue, 5 May 2009 18:43:34 -0500
ehlo
250-server.domain.com Hello [192.168.0.225]
250-TURN
250-SIZE
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250-X-EXPS GSSAPI NTLM LOGIN
250-X-EXPS=LOGIN
250-AUTH GSSAPI NTLM LOGIN
250-AUTH=LOGIN
250-X-LINK2STATE
250-XEXCH50
250 OK
mail from:sean@saladart.com
250 2.1.0 sean@saladart.com....Sender OK
rcpt to:saladart@yahoo.com
550 5.7.1 Unable to relay for saladart@yahoo.com

I feel I have covered all the basics - BUT I still keep receiving email through the SMTP CONNECTOR that is (from what I can tell) being relayed through my server.  How do I stop it????
0
Comment
Question by:saladart
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 

Author Comment

by:saladart
ID: 24310259
Didn't mention - there is only one exchange server, it is the PDC for the domain as well. All Microsoft updates have been applied...

Is there any more information you need?

Thanks for the assist!
0
 
LVL 17

Expert Comment

by:OriNetworks
ID: 24310270
check mxtoolbox.org

Then have some good email server tests

Also you can try using message tracking tool in exchange system manager to track where the messages are coming from
0
 
LVL 8

Expert Comment

by:Pete_Zed
ID: 24310274
Under Admin Groups/First Admin Group/Connectors/Internet Mail SMTP Connector/Address Space, uncheck "Allow message to be relayed to these domains".
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:saladart
ID: 24310280
Had that already unchecked...sorry, I missed putting that in the question...
0
 

Author Comment

by:saladart
ID: 24310299
I do have message tracking turned on - in the Application Log, there are numerous Events with an ID of 7004, and 7002.

7004 -
This is an SMTP protocol error log for virtual server ID 1, connection #279. The remote host "64.202.166.12", responded to the SMTP command "rcpt" with "550 sorry, mail to that recipient is not accepted (#5.7.1)  ". The full command sent was "RCPT TO:<moodilyli1@momscookie.com>  ".  This will probably cause the connection to fail.

7002 -
This is an SMTP protocol warning log for virtual server ID 1, connection #269. The remote host "206.65.163.32", responded to the SMTP command "rcpt" with "450 4.7.1 <grisliestn16@bingisser.com>: Recipient address rejected: Greylisting in action, please try again in 5 minutes.  ". The full command sent was "RCPT TO:<grisliestn16@bingisser.com>  ".  This may cause the connection to fail.
0
 
LVL 8

Expert Comment

by:Pete_Zed
ID: 24310313
What settings do you have under Authentication under the Access tab? When you click on users in the authentication section, deselect relay permission for authenticated users.
0
 
LVL 8

Expert Comment

by:Pete_Zed
ID: 24310344
The Microsoft web site has a good article about open relay:

http://support.microsoft.com/kb/895853
0
 

Accepted Solution

by:
saladart earned 0 total points
ID: 24310417
Under Authentication, I have ANONYMOUS, BASIC and INTEGRATED selected...

Relay Permission is not selected for Authenticated Users...
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question