Mail Relay....

[julianf]

Hi,

I run exchange 5.5 with IIS 4...and proxy 2....I noticed that our server was being used to relay mail from outside sources....At one stage my server was clogged up with over 5000 e-mails....Also, why did this suddenly start happening...I dont recall having this problem last week...???

How do I prevent this...I have changed the advanced routing settings so that only authorized users can relay messages. Is this enough, or is there any other permissions that need to be altered.

thanx

Jules

 

[griffandy]

The changes you have made should be ok as long as you have restarted the IMC.

Regards

Griffandy

 

[ddesign]

Couple of questions on this subject?.....How do I lock down Exchange to disable relaying? How can I tell before I lock it down if someone out there is using it for relaying? Finally, we have several remote offices that access the net via broadband cable access and they are using our mail server for outgoing and incoming mail. Since their bradband connection is assigned a DHCP address, how can I specify that they are allowed to relay across our server? Thanks in advance for any assistance.

 

[AlexIT]

You can telnet from your exchange server to:

relay-test.mail-abuse.org

this will run series of tests to check if your server is an open relay.

Add the DHCP pool of addresses into the relay accepted list, then whatever address an office receives it will be able to relay through your server.

Alex

 

[Beambones]

Once you have made changes to your routing/relaying options in Exch. Admin, you can test the function of your relaying options (almost as if you were an outside trying to use the server as a relay server). You need to follow these steps:

1. Telnet to your Exchange Server using port 25 (or whatever you use).
2. Type: helo me
3. Type: mail from: "external email add - ie@hotmail.com"
4. Type: rcpt to: "external email add - peter@mrjones.com"
5. You should get a message saying "Relaying Denied" or something similar.

Remember, RCPT TO: must have a different email addy then the MAIL FROM:. If you don't get the Relaying Denied message, your routing options aren't set correctly and you will still have people using your Exch. Server as a relaying server. Don't put the " in your commands above.

 

[cahelmster]

We got hit with being a spam relay at first...below is what I found on the Internet that was suggested to block the relay...

Go into the IMS, Routing tab, choose Reroute Incoming SMTP Mail, click Routing Restrictions, and check Hosts and Clients with these IP addresses but don't enter any addresses. This has worked for us...of course, we don't relay mail to other servers or anything..

Bye

 

[julianf]

Hi,

yes, according to other sources, all you need to do is to check the box in routing that says "Hosts and clients that successfully authenticate".

This seems to have done the trick for me. I am however concerned that the server is still taking strain due to all the "attemted" spam that is still trying to bounce off our server. i can still see a lot of activity, even though it gets rejected. Is there anyway that one can stop these requests from even trying to make use of the exchange server? Aren't all these requests unnecessarily adding to the workload of the server?

thanx,

Jules

 

[AlexIT]

You can block the spam before it ever hits your Exchange server by installing another server with an SMTP mail filter (like STEMailFilter, or Mail Marshal) in front of the Exchange box. Unfortunately, you still burn bandwidth in your internet connection telling those jerks you won't let them bounce mail through your server...

Alex