quadrumane
asked on
Exchange 2010 is maybe an open relay according to mxtoolbox
We're running several Exchange servers for different organizations (different sites and not link between)
One Exchange 2010 is maybe an open relay according to mxtoolbox, but another one is not. The configuration for the send and receive connectors is the same for both.
We're running Exchange 2010 SP1 on the "maybe" open relay Exchange server.
Thank you
One Exchange 2010 is maybe an open relay according to mxtoolbox, but another one is not. The configuration for the send and receive connectors is the same for both.
We're running Exchange 2010 SP1 on the "maybe" open relay Exchange server.
Thank you
Could you paste in a copy of the MXToolbox results, at least the part that gives you the "maybe" message? There are some potential false positives that you can get, and I'd like to see the results. You can munge them if you need to.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok I will send you the resulat. The only thing i've done is setting up the send connector. I read a lot of articles about open relay. But I don't understand why so many articles are talking about closing open relay as it's not even opened by default in Exchange 2010 or 2010 SP1
ASKER
I must say there were a lot of "retrying" send from strange domains in the queue and it was spam. But I guess it was stopped before it can be sent out.
ASKER
May be an open relay.
0 seconds - Good on Connection time
5.382 seconds - Warning on Transaction time
OK - 207.xxx.xxx.xxx resolves to mail.mydomain.com
OK - Reverse DNS matches SMTP Banner
HELO please-read-policy.mxtoolb
250 S1-XHBCA-001.mydomain.com Hello [64.20.227.133] [62 ms]
MAIL FROM: <supertool@mxtoolbox.com>
250 2.1.0 Sender OK [62 ms]
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
@quadrumane - Have you seen my earlier comment yet?
agreed. with the log shown above, this just shows it is accepting a message, its only an attempt to relagy if the sender AND recipient are not in your domain....
The relay is not related to the send connector though, its the recieve one. When you set up your receive connectors using the wizard in EMC, you specify what kind of servers you are setting up the receive connector for. if you select internal/custom you are allowing relays by default.
http://technet.microsoft.com/en-us/library/bb125159.aspx
See 3b, "intended use for this connector"
This is where relay is set!
The relay is not related to the send connector though, its the recieve one. When you set up your receive connectors using the wizard in EMC, you specify what kind of servers you are setting up the receive connector for. if you select internal/custom you are allowing relays by default.
http://technet.microsoft.com/en-us/library/bb125159.aspx
See 3b, "intended use for this connector"
This is where relay is set!
ASKER
Yes I saw it. But if Exchange is already not used as an open relay by default, why would you add this ?
The test I've done on the other open relay testing site has not seen it as an open relay
The test I've done on the other open relay testing site has not seen it as an open relay
ASKER
Ok so the server is not incredibly slow all of a sudden because it's an open relay because it's not. Now I have to deal with the w3wp.exe
ASKER
Here is the Exchange queue, just to make sure you see it.
queue-exchange.jpg
queue-exchange.jpg
@quadrumane
>> But if Exchange is already not used as an open relay by default, why would you add this ? <<
You stated you could be an open relay and as this is a support site, I am offering you some support and a way to close down the Open Relay which you may or may not have.
If I am wasting my time trying to help you I have other things I can turn my attention to.
>> But if Exchange is already not used as an open relay by default, why would you add this ? <<
You stated you could be an open relay and as this is a support site, I am offering you some support and a way to close down the Open Relay which you may or may not have.
If I am wasting my time trying to help you I have other things I can turn my attention to.
ASKER
Alan I'm not trying to waste your time. I just want to understand why Microsoft seems to think we have nothing more to do in order to keep Exchange from being an open relay. Before to follow your advice I want to make sure I get all the information.
I want to understand on the contrary, I'm sorry if you got me wrong it was not my intention.
Thanks
I want to understand on the contrary, I'm sorry if you got me wrong it was not my intention.
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Alan, advice taken. I still don't understand why it is seen as an open relay on mxtoolbox but not on Checkor. Maybe mxtoolbox is looking at the number or attempts to hack out the system.
Thanks
Thanks
ASKER
Ok so as far as I understand, according to the picture I sent you, I could have some problem with backscatter but Exchange won't be seens as an open realy. Backscatter is the only one to ask for a payment to be unlisted.
As soon as I removed the send connector by the way both exchange got faster.
Thanks
As soon as I removed the send connector by the way both exchange got faster.
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Good. You are not an open relay. Thats progress.
You are sending ndrs to every spammer that sends you rubbish tho.
This is knows as an ndr attack or a backscatter attack as mentioned above.
Disable NDRs or reject email to unknown recipients and check if your queues calm down after a few days to confirm.
The send connector is slowing your system down by replying to EVERY junkmail received.
You are sending ndrs to every spammer that sends you rubbish tho.
This is knows as an ndr attack or a backscatter attack as mentioned above.
Disable NDRs or reject email to unknown recipients and check if your queues calm down after a few days to confirm.
The send connector is slowing your system down by replying to EVERY junkmail received.
ASKER
excellent !
ASKER
Thanks everyone, it helped me a lot.