basic relay lockdown for windows 2000/exchange 2000 server

Posted on 2009-06-30
Last Modified: 2012-05-07
hi, i just had to reinstall my win 2000 sbs [exchange 2000 server, sp3]
i use a smart host for outbound mail.

i just want to make sure my setting are correct for properly sending mail outbound, as well as properly receiving mail to the server.
on my exchange 2000 server, smtp virtual server there are 2 tabs for security ive seen

1. is under the 'access' tab, there is an 'access control' [with authentication button] and a 'relay restrictions'.  under the access control /authentication, all 3 check boxes are checked [anonymous access, basic authentication, and  integrated windows authentication'.
all 3 are checked.

2. under the 'delivery' tab. there are several button options, 'outbound security', 'outbound connections', and 'advanced'.
'outbound security - has 'anononmyous' checked off and 'TLS enctyption'  checked off
'outbound connections' ive changed the outbound port to 2525 for my smart host'
'advanced' ive added the smart host name'

what are the defaults when installed, what needs to be changed when securing against outside relay spammers.
also, under the default smtp virtual server there is a 'queues' folder' with alot of a list of various domains thats it seems to have mail for or from, how do i delete these?


Question by:MarcHelfand
  • 6
  • 5
LVL 40

Expert Comment

ID: 24744047

Author Comment

ID: 24773414
hi, thanks.
ive seen the telnet tests, and read the articles.... however, im somewhat more interested in somneone telling me  exactly which dialog boxes from my original post have to be checked off/not checked off.
what is the default exchange 2000 settings, and what exactly do i need to check/uncheck for my situation [single sbs 2000 server, 1 workstation connected, 2 user mailboxes, and i do use the owa.
LVL 40

Expert Comment

ID: 24773698

Your settings are OK. You can verify in access tab > relay > only listed below should be selected > and select "Allow all computers which successfully authenticate to relay regardless of the list above".
For more info :

 Let us know if you need any further information  

Author Comment

ID: 24781148
ya, its still not sending out email, ill need to troubleshoot more when i return to towen mid week. im away in midwest currently.

but i have those setting set, and still not going outbound.
LVL 40

Expert Comment

ID: 24782862
Is there any mail queue in your exchange server?
Are you sure that the smart host port is configured as 2525? Are you able to telnet smarthost on that port 2525 from exchange server and send mail?
Use the following commands to send mail using telnet :

telnet Smarthostname 2525
SUBEJECT : testmail
Hi This is a test mail
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.


Author Comment

ID: 24785585
hi i did indeed try this, and i rec'd the mail from my gmail account. thus the smarthost is working.
however, i did need to turn off my smtp services to do this as the smarthost only allows 1 connection at a time.
they told me my server was trying to make connections to the mail smarthost server every millisecond, and was slowing their servers a little!
i double checked all the connections tabs you mentioned, and still no outbound connection.
LVL 40

Expert Comment

ID: 24785675
Do you have any mail queue?
Use SMTP logging and diagnostic logging to troubleshoot this issue. also do a message tracking and see what is happening.
Do you have any error in event logs?
Refer the msexchange article for details :

Author Comment

ID: 24786226
yes under 'default smtp virtual server' there is 'current sessions' and 'queues'.
under queues, theres about a hundred or so misc domain names there all stating 'remote delivery', and on the right pane they say under the column 'connection state' either 'active or retry'.

i just enabled the logging of messages for the virtual server.

also i looked at that great article you sent , however it is for exchange 2003, i have exchange 2000 [although i know they are similiar, just some things in different areas.
i think i turned on the message logging, is that the same as the smtp logging you mentioned above

LVL 40

Expert Comment

ID: 24786363
Did you try message tracking?

SMTP logging enabled in server's SMTP VS and you can find the log files in C:\WINDOWS\System32\LogFiles (default path)
Diagnostic logging is enabled in server and you can find the error details in application log of the server.
Here is on MS webcast link will help you to get some info on ex 2000
LVL 40

Accepted Solution

Subsun earned 75 total points
ID: 24786400
I suspect the smart host is causing the issue. did you receive any error in event log after enabling the logging?

Note : You can add more zones or increase the question points so that the other experts will have a look at your question and have their opinion.

Author Closing Comment

ID: 31598285
hi, i ended up just migrating the site and email to a host.
no more hassling with an exchange server.
thanks for the help

Featured Post

Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now