Open mail relay abuse

[kathanon]

I have recently received a letter threatening closure of account as our server has been used for mail relay. I am a bit confused.

We have a permanent connection with Exchange 5.5 and VPOP set up. We also have a 3Com office connect firewall.

My question regards the best way to prevent the relaying and to resolve a dispute over responsibility.

Although I understand that VPOP must relay mail to Exchange for the LAN, it is currently configured not to check anything or any IP addresses.

Is it best to have Port 25 blocked on the firewall or to have VPOP configured to check client e mail addresses when relaying.

My second problem is that when I add the IP address range and subnet mask in the configure SMTP section under the Local Servers tab in VPOP, and try sending mail, the response I get is SMTP not authenticated.

I don't know if I am adding the addresses wrongly, I am putting the server IP followed by the subnet mask as follows(obviously with numbers not ***)
192.168.***.0 255.255.255.0

Am I doing something glaringly obviously wrong??

Is it better to have VPOP configured properly rather than simply have the firewall block all incoming to port 25, I welcome any suggestions.

Thanks in advance

 

[kathanon]

I forgot to mention, that for various administrative reasons at the moment we are not able to move to SMTP mail and cut out VPOP, even though we have a permanent connection. I am trying to get this done, but for the moment the setup is as above
kathy

 

[AlexIT]

Ok, you cannot block the port 25 from the outside as this is where the mail will always be sent to: (from your MX records you have mail.yourcorp.com = public.ip.address which always sends to port 25.)
To test if your server is able to act as a relay, telnet from the server to relay-test.mail-abuse.org, they run a series of tests for this.
To prevent this, do a keyword search for Open Relay in this forum. In short you go into the IMS, Routing tab, choose Reroute Incoming SMTP Mail, click Routing Restrictions, and check Hosts and Clients with these IP addresses but don't enter any addresses. Also check "Hosts and Clients that sucessfully autheticate" in the case that you actually need someone to relay. Start and stop the IMS service and repeat the telnet tests.


Alex

 

[kathanon]

Thanks Alex,

I did a search and read up on the subject. I also went into the routing tab and checked the authentication box. I must admit I am a bit confused though, before I did anything to Exchange, or read your post, I had changed our firewall configuration to send mail only from the server IP address, and that seemed to have stopped mail relay according to the telnet facility on mail-abuse.org. I am just not sure now if the firewall configuration will cause us other problems. At the moment we do not need anyone to relay mail from outside the organisation. In the next month or so, we will change from POP to SMTP and upgrade to Windows 2000 server. I am hoping it will be ok to leave it as it is for the moment. Many thanks for your input

Kathy

 

[yunit]

Check these Knowledge Base articles. I used them and no more warning from SPAM cop. Try the top article first; this should solve your problems.

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q199656

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q196626