Exchange 2003 Open Relay 5

[dearingkr]

Need some help please.
I don't have any hair left...pulled it all out.

I ahve a brand new clean install of Exchange 2k3 on a new install ow Windows 2k3. I have only added 2 user accounts so far.

My problem is that my server is an Open Relay!

According to MS, it's not supposed to relay by default.
I've tried everything on the MS web site (for Exchange 2k), and nothing helps.

 

[AXISPNOC]

Forgive my ignorance, but how do I find that out? I know NT4 like the back of my hand, but 2K is new to me. I have looked through the entire Active Directory Users and Computers and can find nowhere that the Authenticated Users group exists.

Thanks,
Jim

 

[xmsre]

Actually, on second thought, you don't have an issue. By default, authenticated users are allowed to relay. All this means is that you did the test from a sytem on your network on which you were logged on. On the SMTP virtual server, on the delevery tab, click relay and uncheck the authenticated users and run the test again. While this is unchecked, pop3 clients won't be able to send, but the test should only take a few second and you can do it during off hours.


It's amazing how a good nights sleep and a cup of coffee in the morning can clear your head. Perhaps you should try stepping back from the problem for a few hours, say get out of the office for lunch or something, and approch the problem fresh. If that doesn't work, have an adult beverage and post your resume to the job boards...

 

[AXISPNOC]

Thanks, I needed that ;-) I am the owner of the ISP, so although I do all the work, I am also tied to the job ;-) I worked through the night, and decided this morning to flaten the server, and start over, with a new IP of course (since ORDB.org) will have my .8 blocked for awhile, good thing this isn't a production server ;-)

Will keep you informed on what I find.

Thanks for all your help, it is greatly appreciated!

Regards,
Jim

 

[xmsre]

I recently did a migration at a univeristy in the US. Some the the users were on exchange 2000, and some of the users were on sendmail. The migration was to consolidate on the 2003 platform. Prior to the migration, the MX in external DNS pointed to the firewall where it was redirected to the sendmail box. During the migration, to cut over to E2K, I simply switched the redirection to point to the new E2K3 bridgehead. Well, it turned out the the old sendmail server was an open relay and had made many of the blacklists. Now, the new bridgehead was blacklisted simply because the outside world saw it as the same IP. I had to go through the whole process to get the new server removed from all the blacklists. All said, changing IP addresses might not be a bad idea.

 

[AXISPNOC]

Well when you are right you are right, after sleeping for about 10 hours <grin>

I went back to the problem, flattened the server. Clean install of W2K3 Server - Standard, Clean install of E2K3 Server, set the relays for only my Primary Mail Server IP's(not Exchange) and set the MAIL FROM on all accounts to an alias on the Primary box, went to the test site you suggested and viola! All is working as it is supposed to be, I also changed the IP and the name ;-)

Thanks again, and we will talk to you later, I'm sure ;-)

Jim