I'm a Net Admin with Exchange 2000 responsibilities. I've been told by a network security company that my server is an open relay. What is it and how do I close it??
This conversation is currently closed to new comments.
In the "old days," before spam was more than a lunch meat, any mail server would accept mail for anybody in the world, and would forward that mail to the correct server for delivery. This behavior is now known as being an open relay. It is undesireable because it allows some spam generator to send junk email to YOUR mail server, and your server will forward the mail for him. This makes the spammer harder to trace, lets him send his mail without his local ISP killing his account, and ties up your resources.
The preferred behavior today, caused by shutting off relaying, is to accept and forward mail to anybody if it originates within your domain (set of ip addresses), and to accept mail addressed to people in your domain. All other mail is rejected.
titled "How to Stop Internet Mail Service from Relaying Junk E-mail Without Preventing Other Mail Services (Q279860)"
points to one of several Microsoft knowledge base pages describing how to stop this behavior. (remove any spaces in the url). This article links to several others.
Ok, basically you go into your Virtual SMTP settings and there's a setting for which ip's to allow to relay through your server. By default, you allow everything to get relayed. Change it to the other setting and put in only ip's of other servers that have to send email through you to get to the internet. Once that is done, go back to the place that told you about the open relay and have them try to test you. I had this occur a month or two ago...It's really easy to fix.
If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.
Open Relay server