Link to home
Start Free TrialLog in
Avatar of Jenny Coulthard
Jenny CoulthardFlag for Australia

asked on

exchange server 2003 relay issue, potential security risk

Hi, we have an Exchange 2003 server.  Our Finance staff have started to email payslips from within software from MYOB.
They found they can email all staff who gave an email address which is on the domain but cannot email to any staff who provided an external email address.

On contacting the support the advice they gave was to change the settings on the Default virtual SMTP server, Relay tab.  To select "All except the list below" for computers which may relay through this virtual server.

This fixes the problem but I am not comfortable leaving the setting like this as I'm not sure if this is creating an open relay.

Also 'Allow all computers which successfully authenticate to relay, regardless of the list above' is selected and always has been.
Relay-restrictions.jpg
Avatar of Imtiaz Hasham
Imtiaz Hasham
Flag of United Kingdom of Great Britain and Northern Ireland image

Ok, I understand your concern and you are right because if there a virus, it will start sending malicious emails from your IP address.

What I would do is ask MYOB to allow authentication and authenticate the MYOB server with a separate username / password to allow for them to get a passthrough!
Avatar of Jenny Coulthard

ASKER

Thanks - at least I know I'm correct about the security.
With the MYOB software, there is no server, it is running on an Windows 7 client by a user who has been authenticated to the domain.
Are you able to make some suggestions for this scenario?
Also is this what is called an 'open relay server'?
ASKER CERTIFIED SOLUTION
Avatar of Shreedhar Ette
Shreedhar Ette
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
OK thanks.  I've changed the setting back.  I'll go through all the steps and see what I find.