General discussion

Locked

Preventing Open Relay with E2K

By jedavidow ·
I have been completely unsuccessful in locking down my E2K server as an open relay. Please help. You will get all the points I have to offer if I can verify that your solution is working.

My current setup is listed below.
NOTE: If I disable "Relay for all except", I am UNABLE to receive mail destined for my domain! It's as if E2K is treating my incoming mail as mail to be relayed!

Details:
Exchange Server 2000
Authentication: Anon/Basic and Integrated
Connection Control: I have blocked a few machines.
Relay: All Except the list below (no entries).

SMTP connector:
Address Space: *
UNCHECKED "Allow Messages to be relayed to these domains"

Everything else is default.

Please help! How can I disable relaying mail through my server if it is not destined for my domain?!!!

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Preventing Open Relay with E2K

by shmaltz In reply to Preventing Open Relay wit ...

Untill your Relay setting everything is OK.
You have Select "Only The List Below".
Also if you want your POP3 clients to be able to send email check the box "Allow all computer which succesfuly authenticate to relay, regardless of the list above.Your connector properties are OK.
Exchange 2000 will know which one is a local Domain and allow the connection by the Recipient Policy.

Collapse -

Preventing Open Relay with E2K

by jedavidow In reply to Preventing Open Relay wit ...

I think you are telling me to select "Only the List Below".

I tried that, and then I am no longer able to RECEIVE mail from other mail servers. Why is that?

Collapse -

Preventing Open Relay with E2K

by Ann777 In reply to Preventing Open Relay wit ...

Try this step-by-step article:
http://support.microsoft.com/default.aspx?scid=KB;en-us;q310380

And use the links within the article to test and follow-up. Make sure all the settings are as described in the article.

Collapse -

Preventing Open Relay with E2K

by jedavidow In reply to Preventing Open Relay wit ...

OK- the part about "Note that if you allow only anonymous access, the server cannot authenticate users or computers."

Does this mean that I want to turn off Basic and Integrated Authentication? But I still need to leave anonymouse on, right?

If I turn off Anon, then other servers will not be able to deliver mail to me.

If this works, WHY? Why would having the other two authenticaton options on allow someone to relay when they would still have to use basic, since they do not have accounts on my machine?

Collapse -

Preventing Open Relay with E2K

by shmaltz In reply to Preventing Open Relay wit ...

The instructions I gave you works for me, and Microsoft says that it works. Looks like some other setting is messing this up.
1. Make sure you have a default SMTP address in the recipient policy (otherwise Exchange doesn't know what your domains are).
2. Delete the blocked machines (it might be that you mistyped something there that defines those machines as any computer).
3. Delete any additional connectors you have configured on your Server (leave only the default).
4. Make sure annonymous access is enabled.

For more resources on Exchange visit www.slipstick.com

Collapse -

Preventing Open Relay with E2K

by jedavidow In reply to Preventing Open Relay wit ...

I was using a slightly different email address, "@mail.mydomain.com" which I hadn't listed in the recipient policy. "mydomain.com" was, and I thought this was enough. Guess not.

After SIX MONTHS of this, my server is finally secure! Thank you!

Collapse -

Preventing Open Relay with E2K

by jedavidow In reply to Preventing Open Relay wit ...

This question was closed by the author

Back to Software Forum
7 total posts (Page 1 of 1)  

Related Discussions

Software Forums