General discussion

Locked

Exchange Server not receiving

By salmonslayer ·
For the last 18 months, our Exchange server has been working. However, recently we discovered that we were being used for spam relays. The server was buttoned down, but the relays continued. The problem was traced to NAI WebShield which was passing all messages back to the server.
When I disabled and removed Webshield, our server would no longer send or receive outside e-mail. I attempted to redo the IMS but at that time, Exchange decided to die. I am doing a complete restore from backup,but will then be open to spam relays again. Any ideas out there about what can be done?

This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Exchange Server not receiving

by NTOz In reply to Exchange Server not recei ...

To configure your system to not relay SPAM, you need to select the Reroute incoming SMTP mail option on the Routing tab of the Internet Mail Service Properties sheet. Although this choice might seem counter to the objective, it provides a more secure system if you configure it properly. After you've selected this option, you must specify all the domains for which your IMS handles incoming mail. For example, assume that you have no internal or external systems that need to use the Exchange server as a relay and that you're not using any POP or Internet Message Access Protocol (IMAP) clients. Your primary domain is realdomain.com, and you host mail for one other organization: virtualdomain.com.
On the Routing tab, add realdomain.com and virtualdomain.com to the Sent to list. When you add these domains, you have three routing options to choose from.
Should be accepted as "inbound" signals that all recipients with this domain name must match a corresponding SMTP address in the GAL.
Override relay restrictions. Always "relay" exempts the domain from any restrictions that you set by using Routing Restrictions.
The Should be rerouted to this domain option lets you specify the domain where the system will redirect mail. The IMS replaces the original domain name with the value you specify here. For example, if mail comes into joe@dec.com, the system rewrites the address as joe@compaq.com and sends the message on to the compaq.com mail host.
Select Should be accepted as "inbound" for both realdomain.com and virtualdomain.com. This choice assumes that you don't have any complex scenarios in which you're hiding internal hosts and addresses or allowing relaying through to specific domails.
Choosing the routing option is onlypart of the configuration. You need to set routing restrictions to protect your system from being wide open for relaying.

Collapse -

Exchange Server not receiving

by NTOz In reply to Exchange Server not recei ...

The Microsoft article "XFOR: Restricting Routing in the Internet Mail Service" (http://support.microsoft.com/support/ kb/articles/q196/6/26.asp) describes how to choose a routing restriction option. Click Routing Restrictions on the Routing tab to display the dialog box you see in Screen 4. Enter the IP addresses of systems that you want to let deliver and reroute mail through your server. This dialog lets you control access to Exchange Server's relaying capabilities under several conditions:
The Hosts and clients that successfully authenticate option assumes that an additional security mechanism is in place to confirm the identity of the sender or system. For example, a host might need to use an Enhanced SMTP Auth command or NT LAN Manager (NTLM) credentials to validate its right to relay.
The Hosts and clients with these IP addresses option lets you grant specific machines or machines on specific subnets the ability to use Exchange as a relay.
The Hosts and clients connecting to these internal addresses option lets you let systems relay if they can access a specific network adapter on a multihomed system.
The Specify the hosts and clients that can NEVER route mail option lets you prohibit specific hosts from relaying when you've granted a large group, such as a subnet, the ability to relay.
What the Microsoft article and online Help don't spell out is that when you select a routing restriction, you can choose not to enter any IP information. The trick is that you can select the Hosts and clients with these IP addresses check box but not specify any IP addresses.

Collapse -

Exchange Server not receiving

by NTOz In reply to Exchange Server not recei ...

Unless you have a specific need to have your Exchange server relay, don't enter any IP addresses on this page. This selection changes the rules that the IMS uses when evaluating the SMTP protocol. Instead of letting the IMS accept the RCPT TO specification blindly, this selection causes the IMS to check for local delivery before letting it upload a message. If the recipient isn't local, the IMS will return 550 Relaying prohibited.
Confirming the Configuration To make these changes take effect,stop and restart the IMS. If you want to confirm that your server is rejecting relays but still accepting mail for your local recipients, you can use a Telnet session on the SMTP port. Open Telnet, and connect to your Exchange server on port 25. Youcan connect quickly by selecting Start, Run and typing
telnet servername 25 where servername is the name of your Exchange server. The Exchange server will respond with a message similar to 220 host.domain.com ESMTP Server (Microsoft Exchange Internet Mail Service 5.5.2650.10) ready. Then enter the following commands. The commands aren't case-sensitive, but the punctuation (e.g., colons, angle brackets?< &gt is important, so include all the marks.

Collapse -

Exchange Server not receiving

by NTOz In reply to Exchange Server not recei ...

Enter

HELO me

The server will respond with 250 OK and identify your IP address and possibly your host name.

Enter

MAIL FROM: someaddress@somedomain.com

Again, the server will respond with 250 OK.

Enter
RCPT TO: nobody@afakedomain.com
The server will respond with 550 Relaying prohibited.

Using a valid address from your GAL, enter
RCPT TO: thegaladdress@yourdomain
The IMS will reply with 250 OK when it accepts the address.

To close the session, type
QUIT

Protect Your Server and Your Reputation

These changes protect your Exchange server against relaying and help protect your reputation. If you need to allow relaying, check out the Microsoft articles "XFOR: New IMS Routing Functionality in Exchange Server 5.0 SP2" (http://support.microsoft.com/ support/kb/articles/q169/6/83.asp" and "XFOR: Restricting Routing in the Internet Mail Service," which I cited earlier. You can make your server safer when you configure the system to allow as few systems as possible to relay through your server. And don't forget to always thoroughly test your configuration!

Collapse -

Exchange Server not receiving

by salmonslayer In reply to Exchange Server not recei ...

Been there, done that. The problem is not with Exchange, but with Webshield. Believe it or not, but Webshield will actually relay messages without the Exchange services running. We fixed the problem by renewing our license with NAI and getting the most recent version.

Collapse -

Exchange Server not receiving

by estebandelatorre In reply to Exchange Server not recei ...

Don't know exactly but find in your Web Shield configuration, a place where you can define something like this: "Receive e-mails to this domains" IF empty relay is enable, put here the complete name of your domain
e.g.: bancobgn.com, gauchito.com.ar (, or ; are the default separatorS)

Collapse -

Exchange Server not receiving

by salmonslayer In reply to Exchange Server not recei ...

Been there, done that. The problem is not with Exchange, but with Webshield. Believe it or not, but Webshield will actually relay messages without the Exchange services running. We fixed the problem by renewing our license with NAI and getting the most recent version.

Collapse -

Exchange Server not receiving

by salmonslayer In reply to Exchange Server not recei ...

This question was closed by the author

Back to Windows Forum
8 total posts (Page 1 of 1)  

Related Discussions

Related Forums