• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 534
  • Last Modified:

Exchange 2007 block open relay

We have an Exchange 2007 server running on our 2008SBS server. External security scans indicate we have an open relay. I have verified this with several resources. I need to setup the server to only allow authenticated users to send mail. We only have one Exchange server. I have read so many posts and articles and I still don't know what I need to do. I have found some posts that recommend using the Exchange Management Shell. I don't have any experience with it. I need to make sure if I make a change that causes other problems that I know how to undo the change.

On my default receive connector I have TLS enabled. Basic authentication with offcer basic authentication only after starting TLS disabled. I also have integrated windows authentication enabled. In the permission group I have to following selected. Anoymous users, exchange users,exchange servers and legacy exchange servers.

I know that by default Exchange 2007 isn't setup to be an open relay, but something went wrong.
0
wcoil
Asked:
wcoil
  • 6
  • 4
  • 2
  • +1
1 Solution
 
PaulD77Commented:
Open the Exchange Management Console, under organization config, select Hub transport- Accepted Domains- check properties of your domain and make sure Authoritive Domain is check, not External relay.  Also, scan the machine with some AV software...chances it will switch back to an open Relay if some malware is on there.
0
 
wcoilAuthor Commented:
Paul,

I checked that. It is set to authoritative.Virus and Malware scans have come back clean.
0
 
PaulD77Commented:
hmmm did you check all your MX records?

http://www.mxtoolbox.com/
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
wcoilAuthor Commented:
Check them for what?
0
 
Madan SharmaConsultantCommented:
hi,

Open up your exchange management shell and paste the following command to it

Get-ReceiveConnector | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"

if it will ask for any confirmation press Y and go ahead.
0
 
wcoilAuthor Commented:
akicute,

If I do this and test it, I need to be able to change it back right after testing. We have mobile devices that will have to be notified about using SMTP auth. How would I go about doing that?
0
 
Madan SharmaConsultantCommented:
mobile can should also authenticated before connecting to exchange server. No need to change again this setting and make your server a open relay.
0
 
wcoilAuthor Commented:
After look at this in more detail, you command creates an open relay not blocks it.
0
 
Madan SharmaConsultantCommented:
Ah ! my apologies just use this one:-

Get-ReceiveConnector | Remove-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"
0
 
wcoilAuthor Commented:
I've done this. When I try and setup my iPad to use smtp auth, I get a message that the SMTP server doesn't support Password authentication.
0
 
Madan SharmaConsultantCommented:
open up your exchange 2007 EMC navigate to Server Configuration => Client Access => Exchange ActiveSync => Right click on Microsoft Server ActiveSync and go to property - Select Authentication Tab and make sure you have check basic authentication select if not selected then select it and click OK then try to configure your IPhone
0
 
wcoilAuthor Commented:
Doh!! I have found that the problem was ahead of the Exchange server with our Barracuda spam filter.
0
 
Vee_ModCommented:
Starting the auto-close procedure on behalf of the question asker.

Vee_Mod
Community Support Moderator
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

  • 6
  • 4
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now