?
Solved

Exchange 2010 how to turn off open smtp relay

Posted on 2016-07-30
5
Medium Priority
?
1,105 Views
Last Modified: 2016-08-02
I'm a little confused here.  I have a test exchange environment and I want to turn OFF open smtp relay.  I thought this was easily accomplished when I deleted the relay connector I created in Exchange Management Console - Server config - Hub Transport - Receive Connector.  The only two connectors I have left are Client & Default connector which I thought as being the default connectors when you build the exchange server.  

Where else can this open SMTP relay be in Exchange 2010?
0
Comment
Question by:jo80ge121
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 

Author Comment

by:jo80ge121
ID: 41735914
I forgot to mention that I tested the open smtp relay from the same network/domain pc, a camera image device (internal but different subnet) and my network scanner and all kept working after I deleted the custom open smtp relay I created thinking it would stop this from working.  I want to find the reason why this is still working and modify / filter the connections that are allowed.  

As always, I went to go do something else only to find a separate issue- an open smtp relay when I thought I had a filter.
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 1000 total points
ID: 41735922
Exchange isn't an open relay by default.
The most common way that people turn it in to an open relay is having the option "Externally Secured" enabled on the Default Receive connector.

Don't forget that if your devices are sending to an internal recipient that is NOT an open relay. Exchange will accept the email as it is just like email from the outside world.
0
 

Author Comment

by:jo80ge121
ID: 41735952
Thank you.  I understand now.  Internet recipients are not open relay.  

thanks for the information.  Is there a way to block anonymous relay to internal recipients from devices?
0
 
LVL 42

Accepted Solution

by:
Adam Brown earned 1000 total points
ID: 41736162
It's blocked by default. You have to explicitly allow anonymous relaying by setting the "Externally Secured" flag on the receive connector or granting the correct permissions for the Anonymous user object.

I wrote an article on how to enable an Anonymous relay in exchange 2010 a while back. Go through your receive connectors to make sure they aren't set that way. https://acbrownit.com/2012/05/02/exchange-2010-relaying-how-to-use-it-how-to-turn-it-off/

However, there is another way to enable/disable anonymous relay. That involves setting the permissions on the connector to allow relaying directly. This method is not visible in the Exchange Management UI, so I don't recommend using it. However, http://alanhardisty.wordpress.com/2010/07/12/how-to-close-an-open-relay-in-exchange-2007-2010/ explains how to turn it off if someone enabled it. You'll want to run that against all receive connectors to ensure the permissions are not there.

That said, the other devices may be using Authenticated Relay, which is where they are configured with a username and password to connect to your mail server and send messages. You don't want to disable that on the Exchange server, since it's necessary for things to be able to send messages after authenticating. The way you stop that from working is to go to the devices and modify them so they aren't connecting to your mail server anymore.
0
 

Author Comment

by:jo80ge121
ID: 41736519
@Adam Brown - the problem was that when I delete a relay I created a while ago (when I built the environment) and only left the default and client relay, I assumed the it would block all internal devices to internal accounts and external.  I'm starting to see that by default it only blocks external addresses from internal devices unless I allow it such as clicking off "anonymous"

Thank you all.  I think I got it.  I'll close this out in a few days.
0

Featured Post

Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This article outlines some of the reasons why an email message gets flagged as spam on a recipient's end.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question