Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Can't Block an IP Range from Connecting to My Server!

Status
Not open for further replies.
life036

life036

IS-IT--Management
Mar 29, 2005
25
US
Hello Friends,

I was wondering if anyone could tell me what I'm doing wrong here... I just set up exchange a couple of weeks ago, and am still confused about the settings which never seem to work logically the way they're supposed to (well, according to my logic at least).

Basically, I want to stop these bastards at hinet.net from sending mail through my server. Here's a picture of the queue. This means that they're using my server to relay, does it not?:
queue.jpg


Here's some of the addresses that are in the queues:
senders.jpg


Judging from the domains, it looks like the messages are using Chinese or Korean encoding. Does this mean that my relay is open, plus somebody jacked my postmaster account? I've already tried changing the Administrator password. I even deleted the postmaster email address from the Administrator account, and still get the same thing...

I've set up a sniffer on the inside of our network, and none of these messages are originating internally.

So I tried blocking the IP address range of those domains (168.95.4.1 - 168.95.4.254) using the global deny list, which doesn't seem to work. Are my settings incorrect?:
deny_list.jpg


I also tried to change the access settings in the smtp virtual server as such, with no luck:
authentication.jpg


connection.jpg


relay_restrictions.jpg


Can anyone tell me what I'm doing wrong? I can't prevent this darn IP range from using my server!

I WOULD try unchecking anonymous access, but whenever I do that nobody can send anything at all to my users from the outside!!!

Thanks for your help,
Chris
 
Sort by date Sort by votes
I'd look there
and your relay settings are wrong. You should not allow everyone BUT list below. You should only allow a given list (pretty, if you have only one exchange box, you should not allow anyone at all to relay through you).

Your last box says "I'm open relay except from hinet.net".. not too good :)

Chris
 
Upvote 0 Downvote
You don't want to untick anonymous or you won't receive email from outside - that's by design.

Does external email come straight to Exchange or is there another endpoint?

I agree with Chris about the relay - change it to only allow and unless there is a reason, the box below that should be blank and the tick box should be unticked.
 
Upvote 0 Downvote
And recreate the postmaster account. It's required by RFC.

Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
 
Upvote 0 Downvote
Hi Guys, thanks for the input! I was able to fix the problem with your suggestions, and tightened up the security a bunch.

I also recreated that postmaster account, and everything is looking good!

Thanks,
Chris
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

T
  • Locked
  • Question
How to use third party mail security gateway to scan internal/inter-domain mails in Exchange On-Premise?
Replies
3
Views
1K
DrB0b
DrB0b
Brent Fletcher
  • Locked
  • Question
Exchange rule to remove "✉" icon when it appears in a subject title from a supplier
Replies
0
Views
1K
Brent Fletcher
Brent Fletcher
PatrickRoggers
  • Locked
  • Helpful tip
Safest Way to Import PST file into Exchange Online
Replies
0
Views
2K
PatrickRoggers
PatrickRoggers
DrB0b
  • Locked
  • Question
Moved to 365 in cloud, cannot get iPhones default mail app to connect
Replies
2
Views
1K
Priyanka_Chauhan
Priyanka_Chauhan
Satishkumar007
  • Locked
  • Question
Help needed to recover after complete site failure
Replies
0
Views
1K
Satishkumar007
Satishkumar007

Part and Inventory Search

Sponsor

Back
Top