BadMail and a closed relay 1

[vesendak]

Please help,

I have a site where the bad mail folder gets 1000's of bad mail everyday.

I have closed the open relay. I have added SP2 for Windows 2000 and also exchange 2000. I have reinstalled exchange 2000 and this still happens.

Thank you for your help.

kind regards


Vesendak

 

[Xybertron]

Have you looked at the messages in the badmail folder?

Are they from you or stuff that is banned? Dan
Microsoft Exchange Support @ Microsoft

 

[vesendak]

Thank you for your response.

There is no banned mail setup on the server. How do I look at the mail messages in the bad mail folder the files are just a row of digits.

 

[Xybertron]

I can't find how. We stream the messages in 2000 so I don't know off hand. Turn on logging on the SMTP Virtual server. You should see lines like.

Moving message with invalid syntax to Bad Mail Folder

At least this is how it was logged in 5.5 Dan
Microsoft Exchange Support @ Microsoft

 

[tom11011]

\exchsrvr\mailroot\vsi 1\badmail

should be able to open the files that are .bad and .bdr with notepad.

 

[vesendak]

It would seem that even though I have closed the open relay some one is still using it.

I will have alook into it further.

 

[vesendak]

Well I have followed all of Microsoft security papers on closing open relays and I am able to use it for open relay. Any Ideas.

Thnak you in advance

 

[Xybertron]

Set it back to default.

By default Exchange 2000 will NOT relay. Dan
Microsoft Exchange Support @ Microsoft

 

[vesendak]

I have done a fresh install of Exchange and I can relay through it. I also know other people that have fresh installs of Exchange and they can relay through it.

 

[cowboy00242]

Check the thread I just closed ahead of this one ("Ex2k still relaying email insecurely&quot... you may have the same problem.

Make certain that in your SMTP connector (In your Routing Groups) that in the Address Space tab, you have the following 3 items:

1) You have an address space defined as *

2) You have the item "Allow messages to be relayed to these domains" UNCHECKED.

3) You have the connector scope defined as "Entire Organization" (unless you need to route only for a specific routing group)

Item 2 is what had me baffled. It was explained to me that because you define in item 1 that ALL domains are to be relayed, you need to clear out item 2 or you will allow anything to be relayed to any address space FROM any address space. So you will be an open relay.

Clearing the box will not stop authenticated users (such as your users that use POP/SMTP instead of IMAP)from relaying, as Exchange will allow them to relay since they are identified as a legal user.

So if you have followed the instructions about setting up the connector (Q265293), and then the instructions on how to stop the relay (Q310380), and had NOT cleared the box as outlined in item 2 above, you would still open relay.

Hope this helps.

 

[vesendak]

I have tryed the above and it closes off the Relay but the ISP can not send e-mail in. When you connect to the SMTP port it tells me I can not relay for that recipient. But the recipient is the correct domain name.

Thnak you all

Vesendak

 

[tom11011]

Oh the joys of relay in exchange. You are on the right track. Now, go back to the smtp virtual server properties and add your own server ip in there. The reason I had to do this is because my email server is NAT'ed with a lan address. The server doesn't know the real IP address, therefore, it must be added.