Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

protect from open relay

Status
Not open for further replies.
galloshes

galloshes

MIS
Jul 10, 2003
14
GB
Hi All

We are about to change our MX records to point incoming mail at virus scanning towers owned by our ISP (outbound is already directed at them).

This means all mail will be coming in from the same place. We want to configure our exchange server so that it does not allow open relay. We need to do this so that our mail server cannot be used as a Spam gateway. This means that we want to restrict the IP addresses that we will accept mail from, or reject all mail for domains other than our own. They have provided a list of IPs of their virus scanning towers.


I think that the listed Ips need to be listed in the section found at:
IMS- routing tab-routing restrictions button- hosts and clients-

And then for the 0.0.0.0 deny to be added to the never accept section at the bottom of that screen.

Can anyone confrim that i have this right?

many thanks
Galloshes




 
Sort by date Sort by votes
mail below shows what I did in the end- all working fine.

OK, I checked this out on Seattle's Exchange Server today. The place I think all this will need to happen is in IMC --> Routing tab --> Routing Restrictions button. The you need to check both the "Hosts & clients that successfully authenticate" and "Hosts & clients with these IP addresses" checkboxes (and the IP address they gave you go here too). The first checkbox allows Exchange to relay from your own PCs if they need to, but it's not absolutely necessary. Some of our remote users using POP3 would send email and couldn't without the first one checked.

I wouldn't do the 0.0.0.0 entry. I really think it will just end up denying everything -- that's just a gut feeling. I think you're protected from relaying by doing the first 2 boxes. I just don't think the 0.0.0.0 deny is necessary and was aimed at UNIX/SENDMAIL servers rather than Exchange.

I hope this helps. Let me know if I can answer any more questions.

 
Upvote 0 Downvote
of course, don't forget to stop and start IMC service through services after making the change!
 
Upvote 0 Downvote
Yes. The settings you have mention are correct. I did it one month ago and it is working fine. BUT last week we found that our "Postmaster" account received lots of messages as "Inbound and outbound mail delivery failed". After investigation these mails were sent from anonymous user to anonymous user (I mean someone trying to use our mail as relay).

Does it mean Exchange is not allowing relaying, BUT keeps adding log entries for failed mail delivery?
Shouldn't Exchange drop them, instead of processing?

Thx

Rc
 
Upvote 0 Downvote
Well, Exchange has to process them to see if it needs to drop them or not. The email you're getting in the Postmaster accounts are probably there simply because that account was set up as a 'catch-all' for NDR reports and any other errors. Without seeing the actual messages I can't give you an exact answer as to what they are/were and why they went to the Postmaster account.



J
 
Upvote 0 Downvote
Hi,
since sunday (7.9.03) I also have the problem on my exchange 5.5 sp4 server:

about 5000 NDRs found their way to my (postmaster) mailbox

I was concerned about haveing an open relay which I thought was safe and closed to spammers since I installed the server this February.
I checked all todo-lists to make the server save and didn´t find an error in my config.
So I had to try some things and since the moment I disabled this option -

Routing/Routing Restrictions/Hosts and Clients which have sucsessfully authenticated

the annoying NDRs stopped!

I´m not yet sure if my server actually sent any spams - I lack the ability to correctly read the Server-Log (is there a tool to view it better than with notepad?)

As I understand by disabling the abovementiond option my users will not be able to send mail with their outlook-clients at home (using POP/SMPT-Outlook).
This can be solved by using a local ISPs SMTP Rely.

But does anybody know if there is a security flaw that lets spammers autenticate sucsessfully to my Exchange Server?
Another unchecked Buffer?

Regards,
Schim










 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Brent Fletcher
  • Locked
  • Question
Exchange rule to remove "✉" icon when it appears in a subject title from a supplier
Replies
0
Views
1K
Brent Fletcher
Brent Fletcher
david jackson
  • Locked
  • Question
Extract only the subject and recipients from a mailbox
Replies
0
Views
1K
david jackson
david jackson
Rupinder Kaur
  • Locked
  • Question
How do you delete time from activity in QuickBooks?
Replies
3
Views
164
strongm
strongm
rokkit99
  • Locked
  • Question
Outlook 2013 cannot open shared calendar attachments
Replies
1
Views
93
rokkit99
rokkit99
SWC6284
  • Locked
  • Question
Exchange 2011 - mail bouncing back from from one user sending scans via address book on Fuji Xerox
Replies
0
Views
71
SWC6284
SWC6284

Part and Inventory Search

Sponsor

Back
Top