Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Ex2k still relaying email insecurely

Status
Not open for further replies.
cowboy00242

cowboy00242

MIS
Dec 20, 2001
45
US
We are using Ex2k, sp2.

I tested our domain for open relay, and it was set to relay email. So I made the following changes in the system, according to 3 different sources:

1) Opened Exchnage System Manager, and went to the Default SMTP Virtual Server

2) Opened Properties, and Access

3) Clicked on Relay

4) Chose "Only the List Below", and left the list blank.

5) Chose "Allow all computers that successfully authenticate to relay..."

...and stopped/restarted the system. I even rebooted the server.

But it will STILL allow open relay!!

The above fix is described by Microsoft, and outlined in 2 other places (including an FAQ here at Tek-Tips). But I am still capable of relay!

Help!
 
Sort by date Sort by votes
But I am still capable of relay...

From externally? Dan
Microsoft Exchange Support @ Microsoft
 
Upvote 0 Downvote
Yes. We are still able to relay externally. Having followed all guidelines from Microsoft that supposedly prevent this, we are still relaying externally.

Any ideas?
 
Upvote 0 Downvote
You might have a problem with a connector. Go to system manager and go into your connectors for the server. choose the properties of the connector. Choose the address space tab. Uncheck the box that says 'Allow messages to be relayed to these domains'. That seemed to work for me.
 
Upvote 0 Downvote
As it turns out, that was exactly the problem. When the machine was first set up, that box had been checked. That allowed everybody to relay through, regardless of the restrictions. Unfortunately, the article that Microsoft has for setting up the SMTP Connector (Q265293) does not mention this; neither the default setting nor the danger of having the box checked is mentioned (only that the * in the Address Space is default, and should be accepted). I'll confess that I was the one that set it up, so my bad :(. However, in my defense, the tech from Microsoft (you ROCK, Ed!!) had to admit that the article is vague on this point at best.

I still feel like an idiot, but live and learn, I guess.

:)
 
Upvote 0 Downvote
Hey, don't feel bad, at least you didn't have to spend a tech call at MS for it!

The way the MS tech told me was this.

1) You don't need a connector for yourself under normal situations. But if you need special routing groups or something, then go ahead and create it.

2) If you will be hosting other domains, you need the connector.

3) So, if you need both 1 and 2 above (and I think this is what he said), create one connector for yourself, with the box unchecked. Create another connector for all the other domains you are hosting and be sure to check the box on this connector.

I may be off a little so you may have to experiment.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

sreejay2211
  • Locked
  • Question
email issue
Replies
0
Views
1K
sreejay2211
sreejay2211
IcarusHallsorts
  • Locked
  • Question
VBA to create output file of headers of selected emails
Replies
0
Views
1K
IcarusHallsorts
IcarusHallsorts
Trevor Gryffyn
  • Locked
  • Question
Removed Accepted Domain, now can't email that (now external) domain
Replies
2
Views
163
AdrianGates
AdrianGates
m245
  • Locked
  • Question
Adding a disclaimer for all outgoing emails in Exchange 2013 Standard Edition
Replies
0
Views
1K
m245
m245
CorbinMyMan
  • Locked
  • Question
Lost public folders on production server. Still have db and backups. Best way to restore?
Replies
3
Views
107
CorbinMyMan
CorbinMyMan

Part and Inventory Search

Sponsor

Back
Top