Solved

open relay was closed, but spam still showing up in queue

Posted on 2009-07-15
8
596 Views
Last Modified: 2013-11-30
Hi All,
We had misconfigured receive connector in exchange 2007, which caused it to be an open relay for a couple of days. I've since disabled that receive connector, only leaving the default. When I run a open relay tester online, it says its closed. However, i'm still seeing relayed messages in the outbound queue that are sticking.

Does anyone know what else I should be checking to make sure i'm secure or perhaps how I relayed messages are still making it in? Please don't hesitate to ask clarification or current settings. Thanks!
0
Comment
Question by:-JT
  • 5
  • 2
8 Comments
 

Author Comment

by:-JT
ID: 24861319
Oh, by the way, we have the current service pack installed and this is a single exchange box environment, no edge server.
0
 
LVL 30

Accepted Solution

by:
renazonse earned 300 total points
ID: 24861450
You may have an authenticated relay going on or a user on your network with a bug. Check this article to help you lock it down.

http://renazonse.com/?p=1
0
 

Author Comment

by:-JT
ID: 24862138
renazonse, thank you. I'm currently going through the article you sent me. I'll post back as soon as I finish...
0
 

Author Comment

by:-JT
ID: 24862575
blacklist check: Well, luckily we hadn't gotten blacklisted in the last couple of days! So I was clear there.
Filtering service: We had just instituted Postini, which I believe was the origin of this problem. Not postini, but my misconfiguration of the exchange sever side of it. I had worked with Postini and exchange 2003 but not with exchange 2007. I've only been administering 2007 for a few months now.  :)
Close port 25: I denied SMTP  from INSIDE_ANY to OUTSIDE_ANY. But set another rule for SERVER_GROUP to OUTSIDE_ANY SMTP allow.  That seems like it should allow port 25 from our servers, while blocking it from anywhere else right?
enable transport logging: I did enable to transport logging and so far so good, I don't see anything much of anything showing up in the logs with the source being MSExchangeTransport. The last thing was a  "recipient group membership cache loaded" message with an address of a legit local user.
Clean the Queue:  Thats a handy deletion tip you had inthat article, I could have used that yesterday, lol. Anyhow, I cleaned out the handful that had trickled in this morning and it is clear right now.
-----------------------------------
I disabled the original send connector and only the Postini send connector is enabled, so everything should go to postini, right? I checked the headers from a test message to a personal acct of mine and it did show reception from postini. However, I did noticed that the header still contains the origin, which included my actual server name in it. That doesn't seem good. Is that normal? or something that should/can be changed?
Sorry this so long, but I wanted to be thourough so you know exactly what I did!
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 17

Assisted Solution

by:Suraj
Suraj earned 200 total points
ID: 24862941
guess you do not have the anti spam fiters installed or confugured properly :

Just do the following :

1)  installed the Agents :
           C:\Program Files\Microsoft\Exchange Server\Script\ Install-AntispamAgents,ps1
2) RESTART THE TRANSPORT SERVICE

3) +> Check if they are installed By : get-TransportAgent

4)  Then go to exchange management console.
Under org configuration..chlck on Hub transport
click on Anti spam tab
And you need to  configure the following:
+> on the IPBlock List provider added

1) Spam Haus
       zen.spamhaus
2) open relay test
       dnsbl.sorbs.net

3) abusive host
      dnsbl.ahbl.org

+> on the Recipient filtering -> Blocked Recipient->checked the option - Block
Message sent to recipient not listed in the Global Address List.
+> on the Sender filtering -> Blocked sender -> checked the option - Block message
from Blank sender.

5) Stop the Microsoft exchange transport service
6) Now open My computer... DRIVE\PROGRAM FILE\MICROSOFT\EXCHANGE SERVER\.... DATA
RENAME THE DATA FOLDER...TO DATAold
7) Restart the Transport service again.........

x-sam
0
 

Author Comment

by:-JT
ID: 24863856
Hi x-sam, thanks for the reply. Actually we setup Postini mail services to handle all that stuff, but I can definitely use your tips for when I have to setup exchange 07 for someone who doesn't have a spam service. So, i'm going to keep that info handy.
 
Thanks again.
 
0
 
LVL 17

Expert Comment

by:Suraj
ID: 24867374
though you have postini thats not enough.. exchange inbuilt spam filters are better.. try that out
0
 

Author Comment

by:-JT
ID: 24870643
OK, I'll setup the exchange filtering as well. I guess you really can never be too careful. thanks again.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video discusses moving either the default database or any database to a new volume.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now