Exchange 2003 Relay Restrictions
Hello All,
Simple question... Ran into some issues getting flagged as SPAM and went thru all the steps to make sure OPEN relay was not on... Only The list below for Ip is chosen and all i have is a couple servers i need... Also I unchecked Allow all computers etc.... However I notice that on the USERS tab in that section It has Submit and Relay allow to All Authenticated Users.... Can this be the problem? I expect this means that if someone internally gets infected with a domain account they can then relay as well? can I remove this completely and have the users emtpy or will this cause problems? I notice sometimes when i look at the IMAP4 and SMTP current sessions i see a couple random connections that have nothing to do with us... Thanks for the help.
Simple question... Ran into some issues getting flagged as SPAM and went thru all the steps to make sure OPEN relay was not on... Only The list below for Ip is chosen and all i have is a couple servers i need... Also I unchecked Allow all computers etc.... However I notice that on the USERS tab in that section It has Submit and Relay allow to All Authenticated Users.... Can this be the problem? I expect this means that if someone internally gets infected with a domain account they can then relay as well? can I remove this completely and have the users emtpy or will this cause problems? I notice sometimes when i look at the IMAP4 and SMTP current sessions i see a couple random connections that have nothing to do with us... Thanks for the help.
That setting is normal.
How is your network locked down? More specifically, is port 25 outbound on your network locked down so only your Exchange server can send out or can any client send out on this port?
How is your network locked down? More specifically, is port 25 outbound on your network locked down so only your Exchange server can send out or can any client send out on this port?
ASKER
Yes 25 outbound is only allowed for exchange. I notice its always the same damn CASA blacklists in china that we get added to that give us problems... Sometimes I even think they are doing it on purpose lol, but probably not... Anything specific I should be looking for? Is it most likely an infected user internally maybe?
Well if it was an infected user they would only be able send email via the Exchange server, so you would likely see an impact on the mail queues as typically they produce mail on mass.
You need to upgrade from Exchange 2003, it is long out of support and is susceptible to attacks.
Scan your Exchange server for viruses in case it is infected.
Ideally you will be sending email via an SMTP server or via your hosted AS provider (if you have one), and your Exchange server will be locked down to those IP's for sending and receiving.
You need to upgrade from Exchange 2003, it is long out of support and is susceptible to attacks.
Scan your Exchange server for viruses in case it is infected.
Ideally you will be sending email via an SMTP server or via your hosted AS provider (if you have one), and your Exchange server will be locked down to those IP's for sending and receiving.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks these tools helped.
https://technet.microsoft.com/en-us/library/aa996446(v=exchg.65).aspx
I hope this helps,
DJ