| Author |
Message |
MAC
Guest
|
 Posted:
Mon Dec 27, 2004 10:41 am Post subject:
RELAY Problem - Exchange 2000 |
|
|
Hi All,
Exchange Server 2000 SP3 (build 6249.4) all patched up....
I configured it according to Microsoft's KB on how to fixe an open relay
http://www.microsoft.com/technet/prodtechnol/Exchange/ExBPA/6d2c9c82-bcc2-4261-a30d-90536577c873.mspx
and http://support.microsoft.com/?kbid=304897
to disable relay, yet when I scanned it with the updated Best Practices
Analyzer Tool it still shows that it failed the open relay test (I also
telented in on port 25 and confirmed that manually that I could send an
email from a bogus domain)
Microsoft doesn't make sense.... if you disable anonymous for the SMTP
authentication then granted no Spammer will be able to relay, but just the
same for VALID email servers!!!?
HELP!
|
|
| Back to top |
|
 |
Rich Matheisen [MVP]
Guest
|
| Posted:
Mon Dec 27, 2004 10:58 pm Post subject:
Re: RELAY Problem - Exchange 2000 |
|
|
"MAC" <no_spam_ad_888@yahoo.com> wrote:
Then you've omitted something.
| Quote: | Microsoft doesn't make sense.... if you disable anonymous for the SMTP
authentication then granted no Spammer will be able to relay, but just the
same for VALID email servers!!!?
|
Microsoft makes sense (well, most of the time), but you've confused
the requirement for authentication before you accept ANY connection
with the requirement that authentication is necessary before your
server will accept a relay request. The two are quite different! You
really want to accept anonymous connections, but you don't want to
allow anonymous relays.
Try this and see if the open relay disappears:
Display the property page of the SMTP Virtual Server.
Click the "Access" tab
Click the "Relay..." button
Select the "Only the list below" radio button
Make sure the list is empty
Uncheck the box at the bottom labeled "Allow computers..."
If this fixes your problem then you probably have the Guest account
enabled on the machine (or some other permissions problem).
If it DOESN'T fix your problem then it may be that the thread the
transfers the information form the AD to the IIS metabase is not
working. Restart the System Attendant service and see if that fixes
the problem.
--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm |
|
| Back to top |
|
|
Geoff Pearce
Guest
|
| Posted:
Tue Dec 28, 2004 7:07 pm Post subject:
Re: RELAY Problem - Exchange 2000 |
|
|
| Quote: | to disable relay, yet when I scanned it with the updated Best Practices
Analyzer Tool it still shows that it failed the open relay test (I also
telented in on port 25 and confirmed that manually that I could send an
email from a bogus domain)
|
Unless you have RDNS setup the originator could be any originator sent to
your local domain. Are you stating that you can send an email from a bogus
domain to a domain that does not resolve on your Exchange Server?
| Quote: | to disable relay, yet when I scanned it with the updated Best Practices
Analyzer Tool it still shows that it failed the open relay test (I also
telented in on port 25 and confirmed that manually that I could send an
email from a bogus domain)
|
What test did it fail? Do you have the text from the error?
Geoff Pearce
Nemx Software
"MAC" <no_spam_ad_888@yahoo.com> wrote in message
news:un8GO386EHA.1296@TK2MSFTNGP10.phx.gbl...
| Quote: | Hi All,
Exchange Server 2000 SP3 (build 6249.4) all patched up....
I configured it according to Microsoft's KB on how to fixe an open relay
http://www.microsoft.com/technet/prodtechnol/Exchange/ExBPA/6d2c9c82-bcc2-4261-a30d-90536577c873.mspx
and http://support.microsoft.com/?kbid=304897
to disable relay, yet when I scanned it with the updated Best Practices
Analyzer Tool it still shows that it failed the open relay test (I also
telented in on port 25 and confirmed that manually that I could send an
email from a bogus domain)
Microsoft doesn't make sense.... if you disable anonymous for the SMTP
authentication then granted no Spammer will be able to relay, but just the
same for VALID email servers!!!?
HELP!
|
|
|
| Back to top |
|
|
MAC
Guest
|
| Posted:
Tue Dec 28, 2004 8:30 pm Post subject:
Re: RELAY Problem - Exchange 2000 |
|
|
you know what... I just got it fixed, it was misconfiguration and
misunderstanding of the setup.
in the Relay section a local subnet was added to the exception list (allow
computers) by one of the admins as they thought that that has to be there in
order to allow email to be relayed out by the local users
then the relay test was conducted from the inside...duh... ofcourse it was
relaying. it was working perfectly as configured.
I cleared out the Relay list, unchecked the "allow authenticated"
and tested the relay from the outside, and it works just fine.
now I need to run a couple of additional tests... see if it will relay from
local user to local user, and from <> blank to a local user.
"Geoff Pearce" <nemx02@magma.ca> wrote in message
news:zdKdnRBa560LxkzcRVn-gg@magma.ca...
| Quote: | to disable relay, yet when I scanned it with the updated Best Practices
Analyzer Tool it still shows that it failed the open relay test (I also
telented in on port 25 and confirmed that manually that I could send an
email from a bogus domain)
Unless you have RDNS setup the originator could be any originator sent to
your local domain. Are you stating that you can send an email from a
bogus
domain to a domain that does not resolve on your Exchange Server?
to disable relay, yet when I scanned it with the updated Best Practices
Analyzer Tool it still shows that it failed the open relay test (I also
telented in on port 25 and confirmed that manually that I could send an
email from a bogus domain)
What test did it fail? Do you have the text from the error?
Geoff Pearce
Nemx Software
"MAC" <no_spam_ad_888@yahoo.com> wrote in message
news:un8GO386EHA.1296@TK2MSFTNGP10.phx.gbl...
Hi All,
Exchange Server 2000 SP3 (build 6249.4) all patched up....
I configured it according to Microsoft's KB on how to fixe an open relay
http://www.microsoft.com/technet/prodtechnol/Exchange/ExBPA/6d2c9c82-bcc2-4261-a30d-90536577c873.mspx
and http://support.microsoft.com/?kbid=304897
to disable relay, yet when I scanned it with the updated Best Practices
Analyzer Tool it still shows that it failed the open relay test (I also
telented in on port 25 and confirmed that manually that I could send an
email from a bogus domain)
Microsoft doesn't make sense.... if you disable anonymous for the SMTP
authentication then granted no Spammer will be able to relay, but just
the
same for VALID email servers!!!?
HELP!
|
|
|
| Back to top |
|
|
MAC
Guest
|
| Posted:
Tue Dec 28, 2004 9:42 pm Post subject:
Re: RELAY Problem - Exchange 2000 |
|
|
Thx Rich, it worked just the way you described it. it was misconfiguration
and misunderstanding of how it should be setup and tested.
thank you for your help. :)
"Rich Matheisen [MVP]" <richnews@rmcons.com.NOSPAM.COM> wrote in message
news:47f0t0p5q11ap2c431h6cciqqkl5qbem2m@4ax.com...
| Quote: | "MAC" <no_spam_ad_888@yahoo.com> wrote:
Exchange Server 2000 SP3 (build 6249.4) all patched up....
I configured it according to Microsoft's KB on how to fixe an open relay
http://www.microsoft.com/technet/prodtechnol/Exchange/ExBPA/6d2c9c82-bcc2-4261-a30d-90536577c873.mspx
and http://support.microsoft.com/?kbid=304897
to disable relay, yet when I scanned it with the updated Best Practices
Analyzer Tool it still shows that it failed the open relay test (I also
telented in on port 25 and confirmed that manually that I could send an
email from a bogus domain)
Then you've omitted something.
Microsoft doesn't make sense.... if you disable anonymous for the SMTP
authentication then granted no Spammer will be able to relay, but just the
same for VALID email servers!!!?
Microsoft makes sense (well, most of the time), but you've confused
the requirement for authentication before you accept ANY connection
with the requirement that authentication is necessary before your
server will accept a relay request. The two are quite different! You
really want to accept anonymous connections, but you don't want to
allow anonymous relays.
Try this and see if the open relay disappears:
Display the property page of the SMTP Virtual Server.
Click the "Access" tab
Click the "Relay..." button
Select the "Only the list below" radio button
Make sure the list is empty
Uncheck the box at the bottom labeled "Allow computers..."
If this fixes your problem then you probably have the Guest account
enabled on the machine (or some other permissions problem).
If it DOESN'T fix your problem then it may be that the thread the
transfers the information form the AD to the IIS metabase is not
working. Restart the System Attendant service and see if that fixes
the problem.
--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm |
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in