Outbound SMTP Authentication

By jgreer ·
I am currently running SBS 2003 server and have an issue with a few unauthorized third party servers sending email using our SMTP Virtual Server. Its currently set to allow anonymous with authentication and integrated windows authentication. I need to keep these servers from being able to send email out from our SMTP but also allow end users to be able to send/receive. When I remove the anonymous option and leave only integrated windows authentication, the server isn't able to receive email. I confirmed in Microsoft's knowledgebase this is by design. Does anyone else have some good steps for locking out these bad servers and not interfering with your network users abilities to send and receive? I thought about blocking the IP, but they are dynamic it appears.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

With SBS 2003 why not use ISA to do this? <NT>

by OH Smeg Moderator In reply to Outbound SMTP Authenticat ...
Collapse -

Inbound or outbound?

by Churdoo In reply to Outbound SMTP Authenticat ...

Your title says outbound, yet your description is clearly inbound, so I'll assume that. And is this the same as your last post? I think you may be confusing or interchanging inbound/outbound which can explain why your last post didn't get anywhere.

Exchange 2003 and therefore SBS 2003, UNLIKE 2000 and prior, is NOT an open relay by default. There is one spot which is enabled by default which, if you have a weak password on your network, can and often is exploited.

In Exchange System Manager, or SBS Server Manager / Advanced / Exchange Organization ... Administrative Groups / First Administrative Group / Servers / your server name / Protocols / SMTP / Default SMTP virtual server / Properties / Access tab / Relay... button / first, "Only the list below" should be selected (default), BUT the little checkbox at the bottom "Allow all computers which successfully authenticate to relay, regardless of the list above", is checked by default, and if that is checked and you have any weak password on your network, then the server can be exploited to relay. Clear this checkbox.

If you've left everything else their defaults and have used the SBS wizards to configure your server, AND you server is not infected from some malware or virus, then this "should" be the only other setting you need to change.

By the way, if your server has been exploited and has been sending spam, then there's a good chance that it is blacklisted. This could be causing some of your outbound issues, though would produce a different symptom than you described in your other post.

Hope this helps

Collapse -

your small business Default Virtual Server configuration

by CG IT In reply to Outbound SMTP Authenticat ...

relay restrictions you should have the only the list below checked and list your SBS box.

In your SMTP connector properties you should have the allow messages to be relayed to these domains unchecked.

to test your SMTP virtual server, click the delivery tab, click the advanced tab, you should see your FQDN. click the check DNS tab. this should give you a message that says the domain name is valid. you can add security by checking the box, perform revers DNS lookup on incoming messages. This is where your exchange server will ask for a reverse lookup and refuse mail if the reverse lookup fails.

Collapse -


by jgreer In reply to Outbound SMTP Authenticat ...

The issue is: I have server that keeps connecting and using our smtp to send spam. All passwords changed, relay all disabled using steps provided by Microsoft, even deleted and recreated the smtp virtual server. But we still have issues with a server using us to send out email. When I attempt to implement authentication using integrated windows authentication, then our server isn't permitted to receive email unless I leave anonmyous checked.

Per Microsoft, when anonymous is unchecked, Exchange 2003 will not accept external inbound email. How do I implement authentication to send email without disabling our ability to receive inbound emails.

Collapse -

We understand

by Churdoo In reply to Clarification

But the answer is still, "you can't unselect anonymous SMTP and still send/receive email on the public internet"

As we've said, SBS is typically not a relay by default and CG and I we've told you the places to check to be sure.

If you've verified these and you still have an outside box able to connect AND relay, then figure out how he is continually able to connect for relay and close it down, but forcing SMTP authentication is not the anwer.

And don't take this wrong because we're always happy to help, but perhaps it's time to get a local consultant to put this problem to rest once and for all?

Collapse -

Two Consultants Checked

by jgreer In reply to We understand

I haven't taken it the wrong way. I have asked two consultants that only handle Exchange Systems and they cannot find the cause.

They think we should just rebuild the server. Only problem is, scheduling downtime is a problem. So I need to find something in the interim. So that's why I am asking on here, looking for additional idea's.

Collapse -

What servers are on the relay list that authenticate?

by CG IT In reply to Two Consultants Checked

In SBS, Exchange is intergrated with Active Directory. If you have disabled relaying, have limited the authenticate list to only the SBS box, then it's doubtful relaying is going on. If another server tried to connect to your SBS network, you would find events in the security section of the event viewer. Further, you would find the server listed in my network places. Any client, workstation or server that tries to connect to the network and isn't part of the domain will generate an event.

you can check if your SBS box is an open relay. Try here.

I'll bet the test comes back that your not an open relay.

Collapse -

here are the experts on Exchange

by CG IT In reply to We understand

Related Discussions

Related Forums