Solved

Exchange 2010 is maybe an open relay according to mxtoolbox

Posted on 2010-08-14
22
1,616 Views
Last Modified: 2012-05-10
We're running several Exchange servers for different organizations (different sites and not link between)

One Exchange 2010 is maybe an open relay according to mxtoolbox, but another one is not.  The configuration for the send and receive connectors is the same for both.

We're running Exchange 2010 SP1 on the "maybe" open relay Exchange server.  

Thank you
0
Comment
Question by:quadrumane
  • 11
  • 5
  • 4
  • +1
22 Comments
 
LVL 6

Expert Comment

by:Shack-Daddy
Comment Utility
Could you paste in a copy of the MXToolbox results, at least the part that gives you the "maybe" message? There are some potential false positives that you can get, and I'd like to see the results. You can munge them if you need to.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 250 total points
Comment Utility
Please have a read of my blog article for the command to close down your open relay, if indeed you are.
http://alanhardisty.wordpress.com/2010/07/12/how-to-close-an-open-relay-in-exchange-2007-2010/
You can test if you are actually an open relay on the following web site:
http://www.checkor.com/
0
 
LVL 6

Assisted Solution

by:Shack-Daddy
Shack-Daddy earned 250 total points
Comment Utility
BTW, it would be difficult for you to set up the server to be an open relay without resorting to PowerShell with the intent to specifically create that situation, so I doubt your server is really an open relay.
0
 

Author Comment

by:quadrumane
Comment Utility
Ok I will send you the resulat.  The only thing i've done is setting up the send connector.  I read a lot of articles about open relay.  But I don't understand why so many articles are talking about closing open relay as it's not even opened by default in Exchange 2010 or 2010 SP1
0
 

Author Comment

by:quadrumane
Comment Utility
I must say there were a lot of "retrying" send  from strange domains  in the queue and it was spam.  But I guess it was stopped before it can be sent out.
0
 

Author Comment

by:quadrumane
Comment Utility

 May be an open relay.
 0 seconds - Good on Connection time
 5.382 seconds - Warning on Transaction time
 OK - 207.xxx.xxx.xxx resolves to mail.mydomain.com
 OK - Reverse DNS matches SMTP Banner

HELO please-read-policy.mxtoolbox.com
250 S1-XHBCA-001.mydomain.com Hello [64.20.227.133] [62 ms]
MAIL FROM: <supertool@mxtoolbox.com>
250 2.1.0 Sender OK [62 ms]
0
 
LVL 6

Assisted Solution

by:Shack-Daddy
Shack-Daddy earned 250 total points
Comment Utility
As long as this doesn't say RCPT TO: <some address outside of your domain> followed by Recipient OK, then it's not an open relay. This just means that it's willing to have a conversation with outside mail senders.

What you were seeing in the queue were probably emails sent from the local "postmaster" account trying to tell remote servers that it couldn't deliver mail for them. Probably because some fake email addresses in your domain were used as sender addresses for some spam that went out in some other part of the internet, and your server had to deal with those bounces to non-existing addresses. Common to see.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
@quadrumane - Have you seen my earlier comment yet?
0
 
LVL 27

Expert Comment

by:Steve
Comment Utility
agreed. with the log shown above, this just shows it is accepting a message, its only an attempt to relagy if the sender AND recipient are not in your domain....

The relay is not related to the send connector though, its the recieve one. When you set up your receive connectors using the wizard in EMC, you specify what kind of servers you are setting up the receive connector for. if you select internal/custom you are allowing relays by default.

http://technet.microsoft.com/en-us/library/bb125159.aspx
See 3b, "intended use for this connector"

This is where relay is set!
0
 

Author Comment

by:quadrumane
Comment Utility
Yes I saw it.  But if Exchange is already not used as an open relay by default, why would you add this ?

The test I've done on the other open relay testing site has not seen it as an open relay
0
 

Author Comment

by:quadrumane
Comment Utility
Ok so the server is not incredibly slow all of a sudden because it's an open relay because it's not.  Now I have to deal with the w3wp.exe
0
Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 

Author Comment

by:quadrumane
Comment Utility
Here is the Exchange queue, just to make sure you see it.
queue-exchange.jpg
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
@quadrumane
>>  But if Exchange is already not used as an open relay by default, why would you add this ? <<
You stated you could be an open relay and as this is a support site, I am offering you some support and a way to close down the Open Relay which you may or may not have.
If I am wasting my time trying to help you I have other things I can turn my attention to.
0
 

Author Comment

by:quadrumane
Comment Utility
Alan I'm not trying to waste your time.  I just want to understand why Microsoft seems to think we have nothing more to do in order to keep Exchange from being an open relay.  Before to follow your advice I want to make sure I get all the information.

I want to understand on the contrary, I'm sorry if you got me wrong it was not my intention.  

Thanks
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 250 total points
Comment Utility
If you read my comment - I have given you the link to my blog site where the command to close an open relay can be found, I also linked you to a site where you can properly test to see if you are an open relay.
The suggestion is to test on the site I have linked you to and if that came back as an open relay, then you have the link to my blog and the command to close the open relay down.
Exchange is not an open relay by default, so if it is, it is because someone has been fiddling.
Also, if you are an open relay, it won't take spamers long to find you and you will pop up n various blacklsts sites, whcih you can check on www.mxtoolbox.com/blacklists.aspx.
If you are not listed - you are most likely not an open relay.
Tip for the future - if you have a question and more than one expert posts a comment / suggestion it would be nice to acknowledge all the experts / comments and not just focus on the first one that comes along to our aid, ignoring the others.
0
 
LVL 6

Assisted Solution

by:Shack-Daddy
Shack-Daddy earned 250 total points
Comment Utility
Thanks for the picture of the queues--they look about what you'd expect them to look like if you are having minor issues with backscatter like I outlined earlier. Nothing to worry about, and not a lot you can do without using some additional local\hosted spam filtering products.
0
 

Author Comment

by:quadrumane
Comment Utility
Alan, advice taken.   I still don't understand why it is seen as an open relay on mxtoolbox but not on Checkor.  Maybe mxtoolbox is looking at the number or attempts to hack out the system.

Thanks
0
 

Author Comment

by:quadrumane
Comment Utility
Ok so as far as I understand, according to the picture I sent you,  I could have some problem with backscatter but Exchange won't be seens as an open realy.  Backscatter is the only one to ask for a payment to be unlisted.  

As  soon as I removed the send connector by the way both exchange got faster.  

Thanks
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 250 total points
Comment Utility
If you are listed on backscatter.org, you are sending NDR messages to invalid recipients, so you need to filter recipients not on your server and then the onus is on the sender to produce the NDR message not you.
If you enable the Exchange Anti-Spam features you can enable recipient filtering.
http://technet.microsoft.com/en-us/library/bb123891.aspx
Failing that, I can recommend an alternative Anti-Spam product called Vamsoft ORF which costs $239 per server and is a one-off payment, not an annual renewal.  You can pay the $99 renewal fee if you want and keep the software up-to-date but you don't have to.
I use it on 95% of the servers I manage and support and it is brilliant software.  It will single-handedly take care of your spam / NDR issue.
0
 
LVL 27

Expert Comment

by:Steve
Comment Utility
Good. You are not an open relay. Thats progress.
You are sending ndrs to every spammer that sends you rubbish tho.
This is knows as an ndr attack or a backscatter attack as mentioned above.
Disable NDRs or reject email to unknown recipients and check if your queues calm down after a few days to confirm.
The send connector is slowing your system down by replying to EVERY junkmail received.  
0
 

Author Closing Comment

by:quadrumane
Comment Utility
excellent !
0
 

Author Comment

by:quadrumane
Comment Utility
Thanks everyone, it helped me a lot.
0

Featured Post

Want to promote your upcoming event?

Attending an event? Speaking at a conference? Or exhibiting at a tradeshow? Easily inform your contacts by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Exchange Powershell help 6 29
outlook, calendar 21 39
exchange 2 30
SMTP to host name when only have IP field 3 31
We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now