Locking down SMTP and spamming on Exchange 2007

[kornakmf]

I have not found any information on locking down Exchange 2007 SMTP from open relaying of messages.

Unlike Exchange 2003, you do not install SMTP on the server. Exchange 2007 has it's own SMTP agent.

I have users sending messages using SMTP and port 25 is NAT'ed (mapped) to another port on the internet router.

Does anyone have any suggestions or information to lock down SMTP on the Exchange server. It is a stand alone machine with no external servers or hubs.

Thanks,
Mark

 

[gb0mb]

If I am understanding your question correctly, you can only allow authenticated relaying.

For receiving email from the internet you tell the Exchange to only receive for your domain, else since it cannot relay it responds with no relaying error.



Gb0mb

........99.9% User Error........

 

[kornakmf]

You are correct, I am looking how to disable unauthenticated relaying of SMTP messages in Exchange 2007.

 

[gb0mb]

I am not 100% sure so please test this.

By default unauthenticated relaying is enabled. If you only create a receive connector for your domain then all other mail should be dropped.

To test this just telnet to the exchange server from the outside.

telnet x.x.x.x 25

then type:

helo mail
mail from: test@gmail.com
rcpt to: johndoe@gmail.com

The server should give you an error saying that relaying is not allowed.


Gb0mb

........99.9% User Error........

 

[kornakmf]

That is correct, I get the following reply...

250 2.1.0 Sender OK

 

[gb0mb]

right then type in after rcpt to:

data

type a message

use a period to end

.

then a message will say sent. If that happens your exchange is relaying and you need to turn authentication on. I know enough about xchange to be dangerous thats it. I will look at my settings to give you better details on how to prevent it from openin relaying.

Will post uit l8r today for you.

Gb0mb

........99.9% User Error........

 

[kornakmf]

Thanks for your help.

I think that relaying is my problem.

The issue for me is I am getting about 50,000 messages a day trapped by the content filter with the email at the bottom of this post.

I am assuming that they are servers returning a NDR for spam potentially sent from my server.

I am looking to see how I can eliminate this.

Thanks,
Mark



_____________________________________________
From: Microsoft Exchange
Sent: Thursday, December 20, 2007 8:14 PM
To: Spam
Subject: Undeliverable: new watches models available tomorrow,


Delivery of this message to the following recipients or distribution lists is quarantined:

Ronda

Subject: new watches models available tomorrow,

_____

Sent by Microsoft Exchange Server 2007

Diagnostic information for administrators:

Generating server: mail.goodguy.net

annette@crackho.com
#550 5.2.1 Content Filter agent quarantined this message ##

Original message headers:

Received: from 251.160.60.58.broad.sz.gd.dynamic.163data.com.cn
(58.60.160.251) by mail.goodguy.net (192.168.0.10) with Microsoft SMTP Server
id 8.1.240.5; Thu, 20 Dec 2007 20:14:03 -0700
Return-Path: <husw@crackho.com>
X-Original-To: annette@crackho.com
Delivered-To: annette@crackho.com
Received: from [58.60.160.251] (port=32628
helo=251.160.60.58.broad.sz.gd.dynamic.163data.com.cn) by
mail.goodguy.net with esmtp id 173408-173408-04 for
annette@crackho.com; Wed, 21 Dec 2005 11:14:02 +0800 (EET)
Message-ID: <003a01c6061f$a6289c70$fba03c3a@crackho.com>
From: Pansy <husw@crackho.com>
To: Ronda <annette@crackho.com>
Subject: new watches models available tomorrow,
Date: Wed, 21 Dec 2005 11:14:02 +0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_0037_01C605DC.98186F40"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Received-SPF: None (mail.goodguy.net: husw@crackho.com does not
designate permitted sender hosts)