Exchange 2003 Relay Restrictions

gsswho6
gsswho6 used Ask the Experts™
on
Hello All,

Simple question... Ran into some issues getting flagged as SPAM and went thru all the steps to make sure OPEN relay was not on...  Only The list below for Ip is chosen and all i have is a couple servers i need... Also I unchecked Allow all computers etc.... However I notice that on the USERS tab in that section It has Submit and Relay allow to All Authenticated Users.... Can this be the problem? I expect this means that if someone internally gets infected with a domain account they can then relay as well? can I remove this completely and have the users emtpy or will this cause problems?  I notice sometimes when i look at the IMAP4 and SMTP current sessions i see a couple random connections that have nothing to do with us... Thanks for the help.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
If you remove authenticated users, it will not allow users to relay to external domains.

https://technet.microsoft.com/en-us/library/aa996446(v=exchg.65).aspx

I hope this helps,

DJ
That setting is normal.

How is your network locked down?  More specifically, is port 25 outbound on your network locked down so only your Exchange server can send out or can any client send out on this port?

Author

Commented:
Yes 25 outbound is only allowed for exchange. I notice its always the same damn CASA blacklists in china that we get added to that give us problems... Sometimes I even think they are doing it on purpose lol, but probably not... Anything specific I should be looking for? Is it most likely an infected user internally maybe?
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Well if it was an infected user they would only be able send email via the Exchange server, so you would likely see an impact on the mail queues as typically they produce mail on mass.

You need to upgrade from Exchange 2003, it is long out of support and is susceptible to attacks.

Scan your Exchange server for viruses in case it is infected.

Ideally you will be sending email via an SMTP server or via your hosted AS provider (if you have one), and your Exchange server will be locked down to those IP's for sending and receiving.
There are some web tools you can use to verify if you are an open relay, check if you are on several blacklists, etc. DNSStuff.com is one of them - some tools are free others you would have to subscribe. IIRC the relay tool at least is one of the free offerings. Solarwinds bought them a few years back.

http://www.dnsstuff.com

Might help you narrow down this issues.

Author

Commented:
Thanks these tools helped.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial