Solved

Exchange 2010 how to turn off open smtp relay

Posted on 2016-07-30
5
237 Views
Last Modified: 2016-08-02
I'm a little confused here.  I have a test exchange environment and I want to turn OFF open smtp relay.  I thought this was easily accomplished when I deleted the relay connector I created in Exchange Management Console - Server config - Hub Transport - Receive Connector.  The only two connectors I have left are Client & Default connector which I thought as being the default connectors when you build the exchange server.  

Where else can this open SMTP relay be in Exchange 2010?
0
Comment
Question by:jo80ge121
  • 3
5 Comments
 

Author Comment

by:jo80ge121
ID: 41735914
I forgot to mention that I tested the open smtp relay from the same network/domain pc, a camera image device (internal but different subnet) and my network scanner and all kept working after I deleted the custom open smtp relay I created thinking it would stop this from working.  I want to find the reason why this is still working and modify / filter the connections that are allowed.  

As always, I went to go do something else only to find a separate issue- an open smtp relay when I thought I had a filter.
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 250 total points
ID: 41735922
Exchange isn't an open relay by default.
The most common way that people turn it in to an open relay is having the option "Externally Secured" enabled on the Default Receive connector.

Don't forget that if your devices are sending to an internal recipient that is NOT an open relay. Exchange will accept the email as it is just like email from the outside world.
0
 

Author Comment

by:jo80ge121
ID: 41735952
Thank you.  I understand now.  Internet recipients are not open relay.  

thanks for the information.  Is there a way to block anonymous relay to internal recipients from devices?
0
 
LVL 38

Accepted Solution

by:
Adam Brown earned 250 total points
ID: 41736162
It's blocked by default. You have to explicitly allow anonymous relaying by setting the "Externally Secured" flag on the receive connector or granting the correct permissions for the Anonymous user object.

I wrote an article on how to enable an Anonymous relay in exchange 2010 a while back. Go through your receive connectors to make sure they aren't set that way. https://acbrownit.com/2012/05/02/exchange-2010-relaying-how-to-use-it-how-to-turn-it-off/

However, there is another way to enable/disable anonymous relay. That involves setting the permissions on the connector to allow relaying directly. This method is not visible in the Exchange Management UI, so I don't recommend using it. However, http://alanhardisty.wordpress.com/2010/07/12/how-to-close-an-open-relay-in-exchange-2007-2010/ explains how to turn it off if someone enabled it. You'll want to run that against all receive connectors to ensure the permissions are not there.

That said, the other devices may be using Authenticated Relay, which is where they are configured with a username and password to connect to your mail server and send messages. You don't want to disable that on the Exchange server, since it's necessary for things to be able to send messages after authenticating. The way you stop that from working is to go to the devices and modify them so they aren't connecting to your mail server anymore.
0
 

Author Comment

by:jo80ge121
ID: 41736519
@Adam Brown - the problem was that when I delete a relay I created a while ago (when I built the environment) and only left the default and client relay, I assumed the it would block all internal devices to internal accounts and external.  I'm starting to see that by default it only blocks external addresses from internal devices unless I allow it such as clicking off "anonymous"

Thank you all.  I think I got it.  I'll close this out in a few days.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now