Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Abusing Exchange Server

Status
Not open for further replies.
ZeRoMaX

ZeRoMaX

Technical User
Joined
Dec 11, 2001
Messages
80
Location
CA
Hi All,

I noticed when I'm archiving my exchange server mail, I see that there are people that are not in my domain sending mail from thier email address to a yahoo group. Is there anyway to block off both parties from using my server as a middle point?

Thks
Chris
 
Sort by date Sort by votes
You need to turn of mail relaying. Which version of exchange are you running? Exchange 2k on Win 2K?

-Scott
 
Upvote 0 Downvote
I mean I'm using exchange 2k on win2k.
 
Upvote 0 Downvote
Turn off Exchange's Mail Relaying and if you're using ISA, you can use SMTP filtering to help prevent relaying on your Exchange server.

From Firewall ----> SMTP Relay server ---->Exchange server. You'll have SMTP traffic sent to the Relay server and it will forward to Exchange. SMTP Relay should be configured to only send data TO YOURDOMAIN.COM only. You can test this at SMTP Relay test sites on the Internet that are free to the public. Try Spamcop.com or something rather. They'll even send you an email message of what they found which is neat because it's free and it works.

Try isaserver.org (or this message board in the ISA group) and other locations for the setup or your firewall provider. I believe you can also limit SMTP connections by computer/User/and IP.

Regards,

Evil Klown
 
Upvote 0 Downvote
I have turned off relay according to isaserver.org insturctions but I still get people from yahoo emailing to yahoo groups. Is there any other way to block them?
 
Upvote 0 Downvote
What R U seeing? Where is the evidence or logz that u c that corroborate this? Be sure they're not internal users that have rights to send from your domain.

Be sure that you aren't just using Exchange's "No Relay" option but I also use an SMTP Relay server. I found it more secure and it passed many tests to setup a small PC as a Win2k server, IIS installed with SMTP option, install ISA SMTP Filter on it, configure it to relay to Exchange server and to relay ONLY for your domain.

U C, U can't stop internal hosers from using your SMTP server to send to other domains because they're allowed by domain authentication to use the SMTP server. You will have to limit the SMTP server itself not to relay to any other domains but itself. This way, it will allow a connection from anywhere in the world, but will refuse sending email if it isn't being sent to "user@yourdomainname.com"

This will help you greatly:
If you're having security issues, then there's much more to do than just this.

Regards,

Evil Klown
 
Upvote 0 Downvote
The default install of Exchange 2K doesn't allow relaying whereas 5.5 did. I'm a little confused as to how this relaying started.

OTOH EvilKlown, you can see the outbound messages coming from your server from the SMTP outbound protocol.

 
Upvote 0 Downvote
For example I see that users from yahoo emailing to yahoogroups or I see users from other domains emailing to yahoogroups none of these users are using my domains email address. I don't have an ISA server is there any other way I can relay to my domain only?

Chris
 
Upvote 0 Downvote
Exchange blocks computers from relaying unwanted e-mail through an SMTP virtual server. By default, all users and computers are blocked from relaying, except those that are able to authenticate....guess, what, EVERYONE can authenticate because SMTP NEEDS ANONYMOUS ACCESS. Everyone can authenticate because by default, ANONYMOUS is allowed for SMTP connection, if you disable this, you won't receive any email because no one will be able to authenticate to your SMTP server to send your domain email. :O

You have to leave Anonymous access on otherwise if you password protect the SMTP connection, then you have to give everyone that wants to send your domain email the password to authenticate to your SMTP server. : )

Obviously, you can't do this. Next, by default, your server:

Exchange = Protocols = SMTP = Default SMTP Server = Relay Properties say : Select which computer may relay through this virtual server: "Only the list below" is default, and by default no one is present, means that no one can relay, right? WRONG. Right below there's a little checkbox that says "Allow all computers which successfully athenticate to RELAY, REGARDLESS OF THE LIST ABOVE!! This single little checkbox effectively bypasses the dissallowed computers/users because this is checked!

Good luck on your Exchange setup, if you're on the West Coast or nearby I can recommend some orgz that specialize in security and Exchange. Furthermore, you can have forensics come in and see who's bouncing email off your servers internally.

Evil Clown.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

S
  • Locked
  • Question Question
MS Exchange contacts question
Replies
0
Views
835
sdp.Daniele
S
A
  • Locked
  • Question Question
MS Exchange Setup
Replies
0
Views
737
andreegington
A
PatrickRoggers
  • Locked
  • Helpful tip Helpful tip
Safest Way to Import PST file into Exchange Online
Replies
0
Views
3K
PatrickRoggers
PatrickRoggers
T
  • Locked
  • Question Question
How to use third party mail security gateway to scan internal/inter-domain mails in Exchange On-Premise?
Replies
3
Views
3K
DrB0b
DrB0b
ComputersUnlimited
  • Locked
  • Question Question
Migrating to Exchange 2019
Replies
0
Views
3K
ComputersUnlimited
ComputersUnlimited

Part and Inventory Search

Sponsor

Back
Top