exchange 16 open relay

How do I close my exchange server from being an open relay.  I am running exchange 16, and earlier today, i thought it was configured to NOT be an open relay.
I since made a lot of changes today and when I just checked, looks like I'm an open relay.  I'm sure it's some permissions issue in one of the connectors, I just
don't remember which one.
DanNetwork EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

DanNetwork EngineerAuthor Commented:
I'm confused, why these discrepancies?
https://www.adminkit.net/smtp.aspx
This place says  "550 relay not permitted"

http://www.spamhelp.org/shopenrelay/shopenrelaytest.php
This place says "error, could not connect to server"

https://mxtoolbox.com/SuperTool.aspx?action=smtp%3
This place says "SMTP server disconnected, may be an open relay"


https://www.wormly.com/test-smtp-server
This place says "Message completed successfully.", and I do get the test email.

So who do I trust?
0
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Dan, at this point in time, all MTAs (including Exchange) default settings disable open relaying.

To create an open relay, you'd have to configure your MTA to allow this.

If you're running with defaults, you're closed to relaying.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DanNetwork EngineerAuthor Commented:
Got it, but concern is that in the past, I don't remember if I made any changes to the default connectors.
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

DanNetwork EngineerAuthor Commented:
what's the best way to check if any of my settings allow for open relaying?
0
timgreen7077Exchange EngineerCommented:
see the below link for the default receive connector settings for exchange 2016. compare your receive connectors to the default settings. just a note if you configured a custom relay for internal relaying based on IPs of course those connector will not show.

https://docs.microsoft.com/en-us/exchange/mail-flow/connectors/receive-connectors#default-receive-connectors-created-during-setup
0
AmitIT ArchitectCommented:
Just send an email using PS script from any member server. If it fails, then you don't have open relay.
0
DanNetwork EngineerAuthor Commented:
internally, I could send an email, so I know it's open internally.
0
AmitIT ArchitectCommented:
From member servers?
0
DanNetwork EngineerAuthor Commented:
from my own computer, does it make a difference if I run the telnet command from a server or my PC?
0
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
To test for open relays, there are many online tools for this.

https://mxtoolbox.com/diagnostic.aspx is one common tool for this.
0
AmitIT ArchitectCommented:
If you are using script for testing and not passing any credential, And client IP is not added in relay connector, then you have open relay.
0
DanNetwork EngineerAuthor Commented:
David:
I used mxtoolbox before numerous times, this is what I get that fails:
      SMTP Server Disconnected      May be an open relay
But I used 3 other sites, and they all said that it's not an open relay, not sure what to believe.

Amit:
I did not use a script, I just manually did a telnet IP 25
Then just entered sending email, rcpt email, the message and sent.  
I did receive the email, so I know internally, it's an open relay, was just trying to figure out it's an open relay externally.
0
AmitIT ArchitectCommented:
Telnet is not the right way to test, As it will use your session to connect and send mail. You need to use script to send a test mail. Use this:

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
Send-MailMessage -From yourmailid -To externalmailid -Subject test -SmtpServer serverip

Do it from member server. 99% you don't have open relay.
0
DanNetwork EngineerAuthor Commented:
I just double checked all the default connectors, and they were all fine, except one, it had the anonymous checked, unchecked it.
Same results on mxtoolbox.
0
AmitIT ArchitectCommented:
Wait for sometime, and test again.
0
DanNetwork EngineerAuthor Commented:
So I waited a few days, and using wormly.com, it was still able to send a test message, so my system is an open relay  :(
All the default connectors are fine, so then I guess it means that one of my other connectors is the culprit, right?
0
DanNetwork EngineerAuthor Commented:
I just realized, wormly.com does not test for open relay, but just tests to see if email is working correctly, send a test email.

I used two other websites, and it can't connect, so I think I'm good.
0
DanNetwork EngineerAuthor Commented:
Thanks guys for your help.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.