Exchange 2003 Relay Restrictions

Hello All,

Simple question... Ran into some issues getting flagged as SPAM and went thru all the steps to make sure OPEN relay was not on...  Only The list below for Ip is chosen and all i have is a couple servers i need... Also I unchecked Allow all computers etc.... However I notice that on the USERS tab in that section It has Submit and Relay allow to All Authenticated Users.... Can this be the problem? I expect this means that if someone internally gets infected with a domain account they can then relay as well? can I remove this completely and have the users emtpy or will this cause problems?  I notice sometimes when i look at the IMAP4 and SMTP current sessions i see a couple random connections that have nothing to do with us... Thanks for the help.
gsswho6Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

recoveryxprtCommented:
If you remove authenticated users, it will not allow users to relay to external domains.

https://technet.microsoft.com/en-us/library/aa996446(v=exchg.65).aspx

I hope this helps,

DJ
DLeaverCommented:
That setting is normal.

How is your network locked down?  More specifically, is port 25 outbound on your network locked down so only your Exchange server can send out or can any client send out on this port?
gsswho6Author Commented:
Yes 25 outbound is only allowed for exchange. I notice its always the same damn CASA blacklists in china that we get added to that give us problems... Sometimes I even think they are doing it on purpose lol, but probably not... Anything specific I should be looking for? Is it most likely an infected user internally maybe?
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

DLeaverCommented:
Well if it was an infected user they would only be able send email via the Exchange server, so you would likely see an impact on the mail queues as typically they produce mail on mass.

You need to upgrade from Exchange 2003, it is long out of support and is susceptible to attacks.

Scan your Exchange server for viruses in case it is infected.

Ideally you will be sending email via an SMTP server or via your hosted AS provider (if you have one), and your Exchange server will be locked down to those IP's for sending and receiving.
randomsenseCommented:
There are some web tools you can use to verify if you are an open relay, check if you are on several blacklists, etc. DNSStuff.com is one of them - some tools are free others you would have to subscribe. IIRC the relay tool at least is one of the free offerings. Solarwinds bought them a few years back.

http://www.dnsstuff.com

Might help you narrow down this issues.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gsswho6Author Commented:
Thanks these tools helped.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Storage

From novice to tech pro — start learning today.