Hi, My Exchange 2003 server is sending out spam via authenticated relay. How do I stop this? We have an Exchange 2003 and an Exchange 2007 server. I have followed this microsoft kb article to see which account is sending out authenticated relayed emails. http://support.microsoft.com/kb/895853 This is what I got in the log after enabling 'MSExchange Transport -> Authentication logging' on Exchange 2003 Event Type: Information Event Source: MSExchangeTransport Event Category: Authentication Event ID: 1708 Date: 7/10/2012 Time: 9:30:02 AM User: N/A Computer: ex03svr Description: SMTP Authentication was performed successfully with client "ex07svr.mydomain.local". The authentication method was "GSSAPI" and the username was "MYDOMAIN\ex07svr$". Is Exchange 2007 using Exchange 2003 to sending out authenticated spam emails? How do I stop this? What is 'GSSAPI' authentication? Which account is "MYDOMAIN\ex07svr$" ? Thanks

On Tue, 10 Jul 2012 16:44:28 +0000, kungpow112 wrote: >My Exchange 2003 server is sending out spam via authenticated relay. How do I stop this? We have an Exchange 2003 and an Exchange 2007 server. > >I have followed this microsoft kb article to see which account is sending out authenticated relayed emails. > >http://support.microsoft.com/kb/895853 > >This is what I got in the log after enabling 'MSExchange Transport -> Authentication logging' on Exchange 2003 > >Event Type: Information Event Source: MSExchangeTransport Event Category: Authentication Event ID: 1708 Date: 7/10/2012 Time: 9:30:02 AM User: N/A Computer: ex03svr Description: SMTP Authentication was performed successfully with client "ex07svr.mydomain.local". The authentication method was "GSSAPI" and the username was "MYDOMAIN\ex07svr$". > > > > > >Is Exchange 2007 using Exchange 2003 to sending out authenticated spam emails? Do you have a Send Connector in Exchange 2007? If not then 2007 is just routing the messages to your SMTP Connector (which probably has an address space of "*"). >How do I stop this? You need to find the source that's using the Exchange 2007 server. >What is 'GSSAPI' authentication? Kerberos. >Which account is "MYDOMAIN\ex07svr$" ? Thanks Probably the Exchange 2007 server's computer account. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Is Exchange 2007 using Exchange 2003 to sending out authenticated spam emails? Do you have a Send Connector in Exchange 2007? If not then 2007 is just routing the messages to your SMTP Connector (which probably has an address space of "*"). >How do I stop this? You need to find the source that's using the Exchange 2007 server. I have a Send Connector in Exchange 2007 so for external email addresses, they go out the ex07 send connector. I think Exchange 2007 is also using another connector to route messages between ex03 and ex07 mailboxes thus the 'GSSAPI' authentication. On Exchange 2003, after enabling logging for 'MSExchange Transport -> Authentication', I just check Event Viewer for EventID 1708 for any authenticated relaying. How do I check for authenticated relaying on Exchange 2007? Thanks

On Wed, 11 Jul 2012 16:24:35 +0000, kungpow112 wrote: >Is Exchange 2007 using Exchange 2003 to sending out authenticated spam emails? Do you have a Send Connector in Exchange 2007? If not then 2007 is just routing the messages to your SMTP Connector (which probably has an address space of "*"). >How do I stop this? You need to find the source that's using the Exchange 2007 server. > >I have a Send Connector in Exchange 2007 so for external email addresses, they go out the ex07 send connector. I think Exchange 2007 is also using another connector to route messages between ex03 and ex07 mailboxes thus the 'GSSAPI' authentication. Yes, it is. The Routing Group Connector. What address space values do you have in your SMTP Connector(s)? And what's the "Cost" assigned to your RGC? The only thing you want the RGC to be used for is sending and receiving e-mail to/from the "other" Exchange routing group. IOW, only to/from mailboxes in your own organization. >On Exchange 2003, after enabling logging for 'MSExchange Transport -> Authentication', I just check Event Viewer for EventID 1708 for any authenticated relaying. > >How do I check for authenticated relaying on Exchange 2007? Unless you've change the defaults on the Receive Connector(s) Exchange 2007 isn't going to allow anonymous relay. It'll only accept mail to the domains in the "Accepted Domains" list. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP