Solved

Exchange 2010 how to turn off open smtp relay

Posted on 2016-07-30
5
111 Views
Last Modified: 2016-08-02
I'm a little confused here.  I have a test exchange environment and I want to turn OFF open smtp relay.  I thought this was easily accomplished when I deleted the relay connector I created in Exchange Management Console - Server config - Hub Transport - Receive Connector.  The only two connectors I have left are Client & Default connector which I thought as being the default connectors when you build the exchange server.  

Where else can this open SMTP relay be in Exchange 2010?
0
Comment
Question by:jo80ge121
  • 3
5 Comments
 

Author Comment

by:jo80ge121
ID: 41735914
I forgot to mention that I tested the open smtp relay from the same network/domain pc, a camera image device (internal but different subnet) and my network scanner and all kept working after I deleted the custom open smtp relay I created thinking it would stop this from working.  I want to find the reason why this is still working and modify / filter the connections that are allowed.  

As always, I went to go do something else only to find a separate issue- an open smtp relay when I thought I had a filter.
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 250 total points
ID: 41735922
Exchange isn't an open relay by default.
The most common way that people turn it in to an open relay is having the option "Externally Secured" enabled on the Default Receive connector.

Don't forget that if your devices are sending to an internal recipient that is NOT an open relay. Exchange will accept the email as it is just like email from the outside world.
0
 

Author Comment

by:jo80ge121
ID: 41735952
Thank you.  I understand now.  Internet recipients are not open relay.  

thanks for the information.  Is there a way to block anonymous relay to internal recipients from devices?
0
 
LVL 38

Accepted Solution

by:
Adam Brown earned 250 total points
ID: 41736162
It's blocked by default. You have to explicitly allow anonymous relaying by setting the "Externally Secured" flag on the receive connector or granting the correct permissions for the Anonymous user object.

I wrote an article on how to enable an Anonymous relay in exchange 2010 a while back. Go through your receive connectors to make sure they aren't set that way. https://acbrownit.com/2012/05/02/exchange-2010-relaying-how-to-use-it-how-to-turn-it-off/

However, there is another way to enable/disable anonymous relay. That involves setting the permissions on the connector to allow relaying directly. This method is not visible in the Exchange Management UI, so I don't recommend using it. However, http://alanhardisty.wordpress.com/2010/07/12/how-to-close-an-open-relay-in-exchange-2007-2010/ explains how to turn it off if someone enabled it. You'll want to run that against all receive connectors to ensure the permissions are not there.

That said, the other devices may be using Authenticated Relay, which is where they are configured with a username and password to connect to your mail server and send messages. You don't want to disable that on the Exchange server, since it's necessary for things to be able to send messages after authenticating. The way you stop that from working is to go to the devices and modify them so they aren't connecting to your mail server anymore.
0
 

Author Comment

by:jo80ge121
ID: 41736519
@Adam Brown - the problem was that when I delete a relay I created a while ago (when I built the environment) and only left the default and client relay, I assumed the it would block all internal devices to internal accounts and external.  I'm starting to see that by default it only blocks external addresses from internal devices unless I allow it such as clicking off "anonymous"

Thank you all.  I think I got it.  I'll close this out in a few days.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
how to add IIS SMTP to handle application/Scanner relays into office 365.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now