Open relay possible from inside to inside addresses
Hi,I tested my Exchange 2002 Server for Open Relay (at http://www.abuse.net/relay.html) and was unable to relay in all tests except when sending an email using and inside address to other inside address:>>>RSET<<<2502.0.0Resetting>>>MAILFROM:<spamtest@mydomain.pt><<<2502.1.0spamtest@mydomain.pt....SenderOK>>>RCPTTO:<securitytest%abuse.net@mydomain.pt><<<2502.1.5securitytest%abuse.net@mydomain.ptHow can I solve this problem?Thank you all.Pedro
April 30th, 2009 11:38pm
Pedro,Please check the relay settings on the smtp virtual server and make sure there's only a mark by only the listed below and please a checkmark at the option: Allow all computers which successfully authenticate to relay, regardless of the list if using pop3/imap to send mail.For details see this article: http://support.microsoft.com/default.aspx/kb/821746Regards,Johanblog: www.johanveldhuis.nl
Free Windows Admin Tool Kit Click here and download it now
April 30th, 2009 11:57pm
Hi Johan,At Relay Restrictions I've selected "Only the list below", but I have nothing at computers list.I had"Allow all computers which..." checked, but because I'm not using POP or IMAP, and following the document you mentioned, I removed the check. After remove the check, trhe Users button is enabled. At Users, there is "Authenticatred Users" at group list with "Submit Permition checked only" (that wasthe default).But the problem stills the same. I tested again and it has the same result: It stops at Relay Test 6 as before.Any new ideias?Regards,pedro
May 4th, 2009 7:36pm
Hello Pedro,
First, I would like to explain the current situation is not open relay. Relaying is the ability to forward mail to domains other than your own. More specifically, relaying occurs when an inbound connection to your SMTP server is used to send e-mail messages to external domains.
Regarding the options help control relay, please read our FAQ below:
4. What options in Exchange 2003 help us control Relay?
http://social.technet.microsoft.com/Forums/en-US/exchangesvrgeneral/thread/d46bf491-0e5b-4b9e-81b3-81c66b6ad81c#4
Nevertheless, the situation is a problem, as the spammer can spoof your colleagues to send you junk emails. We can fix the issue by creating a Sender Filter for self SMTP domain and enable the filter on the SMTP Virtual Server which used to receive external (Anonymous) email.
Regarding this issue, please read our another FAQ:
23. If I receive a Junk email from myself or my colleague email address but he does not send the email, how do we troubleshoot the issue?
http://social.technet.microsoft.com/Forums/en-US/exchangesvrgeneral/thread/f0e81ab0-99f0-46db-b1aa-83511a3af427#23
Thank you,
Elvis
Free Windows Admin Tool Kit Click here and download it now
May 5th, 2009 10:25am
Thanks Elvis. It was very helpful.In the point 23 says: "Create a Sender Filter for self SMTP domain such as *@mydomain.com and enable the filter on the SMTP Virtual Server which used to receive external (Anonymous) email."Has I don't have POP3 access I don't mind the note.I'm sorry but, where exactly can I create that filter, and where and how can I enable it on the SMTP Virtual Server?I've only one server. It has 2 NICs, one to the internet and the other to the internal netwoork. This server has Microsoft Exchange 2003, Microsoft Antigen for Exchange 2003 and Microsoft ISA 2006.Thank you,Pedro Gonalves
May 8th, 2009 5:46pm