[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1632
  • Last Modified:

Exchange 2010 how to turn off open smtp relay

I'm a little confused here.  I have a test exchange environment and I want to turn OFF open smtp relay.  I thought this was easily accomplished when I deleted the relay connector I created in Exchange Management Console - Server config - Hub Transport - Receive Connector.  The only two connectors I have left are Client & Default connector which I thought as being the default connectors when you build the exchange server.  

Where else can this open SMTP relay be in Exchange 2010?
0
jo80ge121
Asked:
jo80ge121
  • 3
2 Solutions
 
jo80ge121Author Commented:
I forgot to mention that I tested the open smtp relay from the same network/domain pc, a camera image device (internal but different subnet) and my network scanner and all kept working after I deleted the custom open smtp relay I created thinking it would stop this from working.  I want to find the reason why this is still working and modify / filter the connections that are allowed.  

As always, I went to go do something else only to find a separate issue- an open smtp relay when I thought I had a filter.
0
 
Simon Butler (Sembee)ConsultantCommented:
Exchange isn't an open relay by default.
The most common way that people turn it in to an open relay is having the option "Externally Secured" enabled on the Default Receive connector.

Don't forget that if your devices are sending to an internal recipient that is NOT an open relay. Exchange will accept the email as it is just like email from the outside world.
0
 
jo80ge121Author Commented:
Thank you.  I understand now.  Internet recipients are not open relay.  

thanks for the information.  Is there a way to block anonymous relay to internal recipients from devices?
0
 
Adam BrownSr Solutions ArchitectCommented:
It's blocked by default. You have to explicitly allow anonymous relaying by setting the "Externally Secured" flag on the receive connector or granting the correct permissions for the Anonymous user object.

I wrote an article on how to enable an Anonymous relay in exchange 2010 a while back. Go through your receive connectors to make sure they aren't set that way. https://acbrownit.com/2012/05/02/exchange-2010-relaying-how-to-use-it-how-to-turn-it-off/

However, there is another way to enable/disable anonymous relay. That involves setting the permissions on the connector to allow relaying directly. This method is not visible in the Exchange Management UI, so I don't recommend using it. However, http://alanhardisty.wordpress.com/2010/07/12/how-to-close-an-open-relay-in-exchange-2007-2010/ explains how to turn it off if someone enabled it. You'll want to run that against all receive connectors to ensure the permissions are not there.

That said, the other devices may be using Authenticated Relay, which is where they are configured with a username and password to connect to your mail server and send messages. You don't want to disable that on the Exchange server, since it's necessary for things to be able to send messages after authenticating. The way you stop that from working is to go to the devices and modify them so they aren't connecting to your mail server anymore.
0
 
jo80ge121Author Commented:
@Adam Brown - the problem was that when I delete a relay I created a while ago (when I built the environment) and only left the default and client relay, I assumed the it would block all internal devices to internal accounts and external.  I'm starting to see that by default it only blocks external addresses from internal devices unless I allow it such as clicking off "anonymous"

Thank you all.  I think I got it.  I'll close this out in a few days.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now