Questions

Someone keeps using my exchange server

+
0 Votes
Locked

Someone keeps using my exchange server

mmbc_voltron
The queue keeps filling up. 60k messages in 6hrs. I have enabled message
filtering and check there is no relay. I tested using one of the ms articles
and I don't get
550 5.7.1 Unable to relay for user@spam.com -or-
250 2.1.5 user@spam.com
I get unrecongized email address.

I am trying to use this http://support.microsoft.com/kb/324958
but the queue never stops filling up.
Right-click SmallBusiness SMTP Connector, and then click Properties. If you
have more than one SMTP Connector, the one that you want to work with in the
following steps is the one that contains the "*" (asterisk) for the SMTP
address on the Address Space tab.
3. Click the General tab. Make a note of all the settings on this tab. You
have to return these settings later in this article.
4. Click Forward all mail through this connector to the following smart
hosts.
5. In the field provided, type a false IP address and enclose it in
brackets. For example, type [99.99.99.99].
6. Click the Deliver Options tab .
7. Click Specify when messages are sent through this connector.


I checked these settings and they are correct.

Verify that your Exchange computer is not an open mail relay. To do this,
follow these steps:a. Click Start, point to Programs, point to Microsoft
Exchange, and then click System Manager.
b. In Exchange System Manager, expand the following object:
Servers\Your_Exchange_Server_Name\Protocols\SMTP
c. Right-click the virtual SMTP server where you want to prevent mail
relay, and then click Properties.
d. Click the Access tab, and then click Relay.
e. By default, open relay is blocked. The default settings are as follows:
? The Only the list below check box is selected.
? The Allow all computers which successfully authenticate to relay,
regardless of the list above check box is selected.
  • +
    0 Votes
    CG IT

    allow all computers which successfully authenticate to relay regardless of the list.

    you don't want that active but disabled. You don't want anyone to be able to relay through your server. no one, zitch, nadda....

    you receive from all but only your users in AD can send. that's it.

    +
    0 Votes
    mmbc_voltron

    So i should remove the check box?

    +
    0 Votes

    Yep

    Kjell_Andorsen

    If only people on your internal network need to send e-mail it's safer to only allow traffice from that IP address range. It's technically possible that someone outside the network has gotten a username and password and are using it to authenticate to your server, thus bypassing your relay restrictions. If you lock it down to just the IP adfdress range of your internal network you will take away this window.

    +
    0 Votes
    bob_steel

    I hope you've unplugged it and stopped supporting the spam community by now.

  • +
    0 Votes
    CG IT

    allow all computers which successfully authenticate to relay regardless of the list.

    you don't want that active but disabled. You don't want anyone to be able to relay through your server. no one, zitch, nadda....

    you receive from all but only your users in AD can send. that's it.

    +
    0 Votes
    mmbc_voltron

    So i should remove the check box?

    +
    0 Votes

    Yep

    Kjell_Andorsen

    If only people on your internal network need to send e-mail it's safer to only allow traffice from that IP address range. It's technically possible that someone outside the network has gotten a username and password and are using it to authenticate to your server, thus bypassing your relay restrictions. If you lock it down to just the IP adfdress range of your internal network you will take away this window.

    +
    0 Votes
    bob_steel

    I hope you've unplugged it and stopped supporting the spam community by now.