Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


basic relay lockdown for windows 2000/exchange 2000 server

Posted on 2009-06-30
Medium Priority
Last Modified: 2012-05-07
hi, i just had to reinstall my win 2000 sbs [exchange 2000 server, sp3]
i use a smart host for outbound mail.

i just want to make sure my setting are correct for properly sending mail outbound, as well as properly receiving mail to the server.
on my exchange 2000 server, smtp virtual server there are 2 tabs for security ive seen

1. is under the 'access' tab, there is an 'access control' [with authentication button] and a 'relay restrictions'.  under the access control /authentication, all 3 check boxes are checked [anonymous access, basic authentication, and  integrated windows authentication'.
all 3 are checked.

2. under the 'delivery' tab. there are several button options, 'outbound security', 'outbound connections', and 'advanced'.
'outbound security - has 'anononmyous' checked off and 'TLS enctyption'  checked off
'outbound connections' ive changed the outbound port to 2525 for my smart host'
'advanced' ive added the smart host name'

what are the defaults when installed, what needs to be changed when securing against outside relay spammers.
also, under the default smtp virtual server there is a 'queues' folder' with alot of a list of various domains thats it seems to have mail for or from, how do i delete these?


Question by:MarcHelfand
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5

Author Comment

ID: 24773414
hi, thanks.
ive seen the telnet tests, and read the articles.... however, im somewhat more interested in somneone telling me  exactly which dialog boxes from my original post have to be checked off/not checked off.
what is the default exchange 2000 settings, and what exactly do i need to check/uncheck for my situation [single sbs 2000 server, 1 workstation connected, 2 user mailboxes, and i do use the owa.
LVL 40

Expert Comment

ID: 24773698

Your settings are OK. You can verify in access tab > relay > only listed below should be selected > and select "Allow all computers which successfully authenticate to relay regardless of the list above".
For more info :

 Let us know if you need any further information  
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.


Author Comment

ID: 24781148
ya, its still not sending out email, ill need to troubleshoot more when i return to towen mid week. im away in midwest currently.

but i have those setting set, and still not going outbound.
LVL 40

Expert Comment

ID: 24782862
Is there any mail queue in your exchange server?
Are you sure that the smart host port is configured as 2525? Are you able to telnet smarthost on that port 2525 from exchange server and send mail?
Use the following commands to send mail using telnet :

telnet Smarthostname 2525
SUBEJECT : testmail
Hi This is a test mail

Author Comment

ID: 24785585
hi i did indeed try this, and i rec'd the mail from my gmail account. thus the smarthost is working.
however, i did need to turn off my smtp services to do this as the smarthost only allows 1 connection at a time.
they told me my server was trying to make connections to the mail smarthost server every millisecond, and was slowing their servers a little!
i double checked all the connections tabs you mentioned, and still no outbound connection.
LVL 40

Expert Comment

ID: 24785675
Do you have any mail queue?
Use SMTP logging and diagnostic logging to troubleshoot this issue. also do a message tracking and see what is happening.
Do you have any error in event logs?
Refer the msexchange article for details :

Author Comment

ID: 24786226
yes under 'default smtp virtual server' there is 'current sessions' and 'queues'.
under queues, theres about a hundred or so misc domain names there all stating 'remote delivery', and on the right pane they say under the column 'connection state' either 'active or retry'.

i just enabled the logging of messages for the virtual server.

also i looked at that great article you sent , however it is for exchange 2003, i have exchange 2000 [although i know they are similiar, just some things in different areas.
i think i turned on the message logging, is that the same as the smtp logging you mentioned above

LVL 40

Expert Comment

ID: 24786363
Did you try message tracking?

SMTP logging enabled in server's SMTP VS and you can find the log files in C:\WINDOWS\System32\LogFiles (default path)
Diagnostic logging is enabled in server and you can find the error details in application log of the server.
Here is on MS webcast link will help you to get some info on ex 2000
LVL 40

Accepted Solution

Subsun earned 225 total points
ID: 24786400
I suspect the smart host is causing the issue. did you receive any error in event log after enabling the logging?

Note : You can add more zones or increase the question points so that the other experts will have a look at your question and have their opinion.

Author Closing Comment

ID: 31598285
hi, i ended up just migrating the site and email to a host.
no more hassling with an exchange server.
thanks for the help

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to:…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit If you want to manage em…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question