• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 592
  • Last Modified:

exchange server 2003 relay issue, potential security risk

Hi, we have an Exchange 2003 server.  Our Finance staff have started to email payslips from within software from MYOB.
They found they can email all staff who gave an email address which is on the domain but cannot email to any staff who provided an external email address.

On contacting the support the advice they gave was to change the settings on the Default virtual SMTP server, Relay tab.  To select "All except the list below" for computers which may relay through this virtual server.

This fixes the problem but I am not comfortable leaving the setting like this as I'm not sure if this is creating an open relay.

Also 'Allow all computers which successfully authenticate to relay, regardless of the list above' is selected and always has been.
Jenny Coulthard
Jenny Coulthard
  • 3
1 Solution
Imtiaz HashamTechnical Director / IT ConsultantCommented:
Ok, I understand your concern and you are right because if there a virus, it will start sending malicious emails from your IP address.

What I would do is ask MYOB to allow authentication and authenticate the MYOB server with a separate username / password to allow for them to get a passthrough!
Jenny CoulthardIT ManagerAuthor Commented:
Thanks - at least I know I'm correct about the security.
With the MYOB software, there is no server, it is running on an Windows 7 client by a user who has been authenticated to the domain.
Are you able to make some suggestions for this scenario?
Jenny CoulthardIT ManagerAuthor Commented:
Also is this what is called an 'open relay server'?
Shreedhar EtteCommented:

- First Run Exchange Best Practise Analyser tool on server and Check does it report server is in Open Relay or not.

- For "Allow all computers which successfully authenticate to relay"  Please check below article to fix Open Relay issue:
Jenny CoulthardIT ManagerAuthor Commented:
OK thanks.  I've changed the setting back.  I'll go through all the steps and see what I find.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now