1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Exchange Server - open relay!

Discussion in 'Exchange Exams' started by Sparky, Feb 21, 2007.

  1. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    I’ve just inherited a new SBS box and as usual inherited a whole load of problems.

    The guys who hosted the clients email used to hold the email on a POP3 server on a remote site and each PC would pull the email down with Outlook express. Now they don’t support the network (I do) so they basically switched off the POP3 access. That was nice of them.

    I managed to re-point the MX of the email domain to the SBS server. While this was migrating I pushed out Outlook 2003 from the server and migrated the email from Express into the Outlook profile. I then sat back and waited for the DNS to replicate and then for the email to start finding its way in, but no.

    Looked in Exchange system manager and the server is relaying spam all over the place and this brought the server to a crawl. I took the server offline and service packed Exchange and did a full virus scan but nothing was found. I also checked a DNS report on the domain and it is listed as a ‘open relay’ arrgh!

    Does anyone have any tips on how to lock down SMTP in Exchange? I’ve read some of the guides on the net but no joy.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  2. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    Can't help Sparky but I have subscribed because I would like to know the answer to this too :rolleyes:

    In the mean time, dodo's are hitting the fan big time in Sparky world :eek:
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  3. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    Looks like another sleepless night for me. I have configured a new Exchange server back at HQ so if there are major problems with SBS I can point the mail there and configure the clients to pull it down with POP3 taking Exchange (on SBS) out of the way.

    I need a holiday... :sleeping
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  4. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    Not sure how it looks on SBS... but if you can get to Exchange System Manager, check under DOMAIN > Servers > Servername > Protocols > SMTP > Default SMTP Virtual Server - right click this virtual server, and select Properties. The Access tab specifies how the server allows SMTP connections. The bottom button, Relay, deals with SMTP Relay restrictions. Verify what's allowed to relay, taking special note of that check box that allows everyone to relay regardless of how the above list is configured.

    Hope this helps.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  5. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    It was just the server I.P (I think that was in there)

    update: problem fixed. After closer investigation there is a spam filter on the server which relays email to the Exchange server (looks messy!). I have disabled it and changed the SMTP virtual server to listen on port 25, it was listening on a different port as the spam filter was listening port 25. Did a 'open relay' test and it passed, yay!

    Legit email is now starting to flow as I had to delete the whole queue directory in the mailroot folder as ESM would crash when I tried to purge the emails.

    I dunno why there is a spam filter on the server as this is the first time Exchange component has been used :hhhmmm
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  6. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    Yay! Good going, mate.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  7. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    I second that!!
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  8. supag33k

    supag33k Kilobyte Poster

    461
    19
    49
    Good to hear you got it going!

    Also what SPAM filter brand caused the problem?

    If spam is seen as an issue and the Exchange server is 2003 - you could configure up the IMF - Intelligent Message Filter - to control spam.

    Then you would keep the SMTP port number at 25 - where it belongs and have good spam control.

    Note that Exchange Server SP2 comes with IMF, and is now the only way over just downloading the IMF add-on....

    http://www.microsoft.com/technet/prodtechnol/exchange/downloads/2003/imf/default.mspx

    http://www.msexchange.org/tutorials/microsoft-exchange-intelligent-message-filter.html

    HTH

    supag33k
     
    Certifications: MCSE (NT4/2000/2003/Messaging), MCDBA
    WIP: CCNA, MCTS SQL, Exchange & Security stuff

Share This Page

Loading...