Solved

Exchange 2010 how to turn off open smtp relay

Posted on 2016-07-30
5
854 Views
Last Modified: 2016-08-02
I'm a little confused here.  I have a test exchange environment and I want to turn OFF open smtp relay.  I thought this was easily accomplished when I deleted the relay connector I created in Exchange Management Console - Server config - Hub Transport - Receive Connector.  The only two connectors I have left are Client & Default connector which I thought as being the default connectors when you build the exchange server.  

Where else can this open SMTP relay be in Exchange 2010?
0
Comment
Question by:jo80ge121
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 

Author Comment

by:jo80ge121
ID: 41735914
I forgot to mention that I tested the open smtp relay from the same network/domain pc, a camera image device (internal but different subnet) and my network scanner and all kept working after I deleted the custom open smtp relay I created thinking it would stop this from working.  I want to find the reason why this is still working and modify / filter the connections that are allowed.  

As always, I went to go do something else only to find a separate issue- an open smtp relay when I thought I had a filter.
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 250 total points
ID: 41735922
Exchange isn't an open relay by default.
The most common way that people turn it in to an open relay is having the option "Externally Secured" enabled on the Default Receive connector.

Don't forget that if your devices are sending to an internal recipient that is NOT an open relay. Exchange will accept the email as it is just like email from the outside world.
0
 

Author Comment

by:jo80ge121
ID: 41735952
Thank you.  I understand now.  Internet recipients are not open relay.  

thanks for the information.  Is there a way to block anonymous relay to internal recipients from devices?
0
 
LVL 41

Accepted Solution

by:
Adam Brown earned 250 total points
ID: 41736162
It's blocked by default. You have to explicitly allow anonymous relaying by setting the "Externally Secured" flag on the receive connector or granting the correct permissions for the Anonymous user object.

I wrote an article on how to enable an Anonymous relay in exchange 2010 a while back. Go through your receive connectors to make sure they aren't set that way. https://acbrownit.com/2012/05/02/exchange-2010-relaying-how-to-use-it-how-to-turn-it-off/

However, there is another way to enable/disable anonymous relay. That involves setting the permissions on the connector to allow relaying directly. This method is not visible in the Exchange Management UI, so I don't recommend using it. However, http://alanhardisty.wordpress.com/2010/07/12/how-to-close-an-open-relay-in-exchange-2007-2010/ explains how to turn it off if someone enabled it. You'll want to run that against all receive connectors to ensure the permissions are not there.

That said, the other devices may be using Authenticated Relay, which is where they are configured with a username and password to connect to your mail server and send messages. You don't want to disable that on the Exchange server, since it's necessary for things to be able to send messages after authenticating. The way you stop that from working is to go to the devices and modify them so they aren't connecting to your mail server anymore.
0
 

Author Comment

by:jo80ge121
ID: 41736519
@Adam Brown - the problem was that when I delete a relay I created a while ago (when I built the environment) and only left the default and client relay, I assumed the it would block all internal devices to internal accounts and external.  I'm starting to see that by default it only blocks external addresses from internal devices unless I allow it such as clicking off "anonymous"

Thank you all.  I think I got it.  I'll close this out in a few days.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
how to add IIS SMTP to handle application/Scanner relays into office 365.

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question