basic relay lockdown for windows 2000/exchange 2000 server

Posted on 2009-06-30
Last Modified: 2012-05-07
hi, i just had to reinstall my win 2000 sbs [exchange 2000 server, sp3]
i use a smart host for outbound mail.

i just want to make sure my setting are correct for properly sending mail outbound, as well as properly receiving mail to the server.
on my exchange 2000 server, smtp virtual server there are 2 tabs for security ive seen

1. is under the 'access' tab, there is an 'access control' [with authentication button] and a 'relay restrictions'.  under the access control /authentication, all 3 check boxes are checked [anonymous access, basic authentication, and  integrated windows authentication'.
all 3 are checked.

2. under the 'delivery' tab. there are several button options, 'outbound security', 'outbound connections', and 'advanced'.
'outbound security - has 'anononmyous' checked off and 'TLS enctyption'  checked off
'outbound connections' ive changed the outbound port to 2525 for my smart host'
'advanced' ive added the smart host name'

what are the defaults when installed, what needs to be changed when securing against outside relay spammers.
also, under the default smtp virtual server there is a 'queues' folder' with alot of a list of various domains thats it seems to have mail for or from, how do i delete these?


Question by:MarcHelfand
  • 6
  • 5
LVL 40

Expert Comment

ID: 24744047

Author Comment

ID: 24773414
hi, thanks.
ive seen the telnet tests, and read the articles.... however, im somewhat more interested in somneone telling me  exactly which dialog boxes from my original post have to be checked off/not checked off.
what is the default exchange 2000 settings, and what exactly do i need to check/uncheck for my situation [single sbs 2000 server, 1 workstation connected, 2 user mailboxes, and i do use the owa.
LVL 40

Expert Comment

ID: 24773698

Your settings are OK. You can verify in access tab > relay > only listed below should be selected > and select "Allow all computers which successfully authenticate to relay regardless of the list above".
For more info :

 Let us know if you need any further information  

Author Comment

ID: 24781148
ya, its still not sending out email, ill need to troubleshoot more when i return to towen mid week. im away in midwest currently.

but i have those setting set, and still not going outbound.
LVL 40

Expert Comment

ID: 24782862
Is there any mail queue in your exchange server?
Are you sure that the smart host port is configured as 2525? Are you able to telnet smarthost on that port 2525 from exchange server and send mail?
Use the following commands to send mail using telnet :

telnet Smarthostname 2525
SUBEJECT : testmail
Hi This is a test mail
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.


Author Comment

ID: 24785585
hi i did indeed try this, and i rec'd the mail from my gmail account. thus the smarthost is working.
however, i did need to turn off my smtp services to do this as the smarthost only allows 1 connection at a time.
they told me my server was trying to make connections to the mail smarthost server every millisecond, and was slowing their servers a little!
i double checked all the connections tabs you mentioned, and still no outbound connection.
LVL 40

Expert Comment

ID: 24785675
Do you have any mail queue?
Use SMTP logging and diagnostic logging to troubleshoot this issue. also do a message tracking and see what is happening.
Do you have any error in event logs?
Refer the msexchange article for details :

Author Comment

ID: 24786226
yes under 'default smtp virtual server' there is 'current sessions' and 'queues'.
under queues, theres about a hundred or so misc domain names there all stating 'remote delivery', and on the right pane they say under the column 'connection state' either 'active or retry'.

i just enabled the logging of messages for the virtual server.

also i looked at that great article you sent , however it is for exchange 2003, i have exchange 2000 [although i know they are similiar, just some things in different areas.
i think i turned on the message logging, is that the same as the smtp logging you mentioned above

LVL 40

Expert Comment

ID: 24786363
Did you try message tracking?

SMTP logging enabled in server's SMTP VS and you can find the log files in C:\WINDOWS\System32\LogFiles (default path)
Diagnostic logging is enabled in server and you can find the error details in application log of the server.
Here is on MS webcast link will help you to get some info on ex 2000
LVL 40

Accepted Solution

Subsun earned 75 total points
ID: 24786400
I suspect the smart host is causing the issue. did you receive any error in event log after enabling the logging?

Note : You can add more zones or increase the question points so that the other experts will have a look at your question and have their opinion.

Author Closing Comment

ID: 31598285
hi, i ended up just migrating the site and email to a host.
no more hassling with an exchange server.
thanks for the help

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now