locked
Open Relay Exchange 2010 RRS feed

  • Question

  • Hi,

    I have a exchange server 2010 with HUB, CAS and MBX on the same box. No Edge or filtering solution ahead of exchange. Anti Spam Installed on the server. My server is open relay and I can see that on mxtoolbox.com. Only two recieve connector (client and default) which have 0.0.0.0 to 255.255.255.255 on "recieve emails from...". Only Exchange user and Exchange server allowed on recv. connector.

    Did I miss anything?

    Tuesday, January 10, 2012 2:48 PM

Answers

  • "Externally secured " should NOT be enabled. That is what has made your server an open relay.

    You do not need to have an Edge server to secure Exchange. Why did you enable that option?

    Disable it and restart Exchange Transport Service.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.
    • Marked as answer by RSHARMA101 Thursday, January 12, 2012 5:27 AM
    Tuesday, January 10, 2012 9:49 PM
  • Externally secured shld not be checked. Close this and all will be fine.


    Raj
    • Marked as answer by RSHARMA101 Thursday, January 12, 2012 5:30 AM
    Thursday, January 12, 2012 5:29 AM

All replies

  • Everything is Perfect !!

    Hoping you are having a firewall and not exposing your CAS Server to the Public. Which is not Recommended

    Tuesday, January 10, 2012 3:05 PM
  • Out of the box Exchange is not an open relay, so if it is reporting as one, something has change. Can you telnet to the box on port 25 and send a message as a relay?

    telnet yourserver 25
    ehlo foo.bar
    mail from:foo@bar.com
    rcpt to:openrelay@somedomain.com

    If the response to the recpt to: command is 250k that would be bad. If it is 550 relaying denied, that would be what you want.

    On your authentication tab which boxes are checked?

    Tuesday, January 10, 2012 4:39 PM
  • Hi,

    plaese make sure that you configure your default receive connector only to accept mails from your ISV without authentification. Because if you open TCP/25 then everyone is able to use your Server in order to send SPAM. The result is, that your server will be blacklisted in the future and some other mailserver do not accept messeages your users send.

    The client Receive connector should be configured that only autehnticated Exchange Users are able to connect to Port TCP/587 and Send Mails.

    But if you configure  your Receive Connectors this way everything is fine although it will be a good idea to implement a Mailgateway such as Edge Transport or some other Solutions.

     


    regards Thomas Paetzold visit my blog on: http://sus42.wordpress.com
    Tuesday, January 10, 2012 4:52 PM
  • I was able to drop email on my Gmail account from telnet and I am sure its an open relay.  In the Auth. Tab

    1. Default connector: TLS and Externally secured is checked.

    2. On client : TLS,Enable Domain Security, Basic Auth, offer basic auth. , Exch server Auth.

    Not sure how can I stop this without using any Edge or smart host. My MX is directly pointing on the server.

     

    Tuesday, January 10, 2012 4:53 PM
  • "Externally secured " should NOT be enabled. That is what has made your server an open relay.

    You do not need to have an Edge server to secure Exchange. Why did you enable that option?

    Disable it and restart Exchange Transport Service.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.
    • Marked as answer by RSHARMA101 Thursday, January 12, 2012 5:27 AM
    Tuesday, January 10, 2012 9:49 PM
  • Try below link

    http://alanhardisty.wordpress.com/2010/07/12/how-to-close-an-open-relay-in-exchange-2007-2010/

     

     

     

     

    Girishp

    Wednesday, January 11, 2012 11:36 AM
  • Externally secured shld not be checked. Close this and all will be fine.


    Raj
    • Marked as answer by RSHARMA101 Thursday, January 12, 2012 5:30 AM
    Thursday, January 12, 2012 5:29 AM