5.5 still relaying after patch.. ARGH..

[WheatKing]

Ok...

exchange 5.5 SP4 with the update to the IMC to version 5.5.2655.55

and it's still relaying although hosts and clients that successfully authenticate is checked and routing for inbound is on (need it for remote clients..)

Just to check it out more i connected via telnet to: relay-test.mail-abuse.org and got this

:Relay test: #Test 17
>>> mail from: <spamtest@[***.***.***.***]>
<<< 250 OK - mail from <spamtest@[***.***.***.***]> <-!! removed ip to prevent more abuse !!
>>> rcpt to: <mail-abuse.org!nobody>
<<< 250 OK - Recipient <MAIL-ABUSE.ORG!NOBODY>
>>> QUIT
<<< 221 closing connection
Tested host banner: 220 host.domain ESMTP Server (Microsoft Exchange Internet Mail Service 5.5.2655.55) ready
System appeared to accept 1 relay attempts

Can anyone else verify this with their patched version?

I'm wondering if the local box should be allowed to relay for itself.. i'm half tempted to put the external IP and 127.0.0.1 as not allowed to route.. not sure of the consequences of this though.

 

[GaviD]

Be aware that these tests are not always accurate.
However, in order to properly block relaying, you HAVE to set up the appropriate rules.
If you go to your IMS, go the the Routing tab, and click the Routing Restrictions button.

Tick the 'Hosts and clients with these IP addresses' box, and make sure the only entries in the table are the local host addresses, and those of any other Exchange servers in the organisation. These must be the LAN addresses, not the public ones.

 

[WheatKing]

That's all fine and great to shut off external relaying.. but i need it. However even though it's set to SMTP Auth for being able to relay to another domain, if it telnet in like is in the message above i've been able to relay mail without any auth..

I wonder if all these people with the NDR turned off are still relaying but just dont know it.