Open relay question

15 pts.
Exchange security
Microsoft Exchange
Microsoft Windows
SQL Server
Hi all we have an exchange 2003 server that routes mail to an isp using an internet connector. This connector uses a smart host at the isp. I ran the Exchange best practices analyser tool and 1 of the results was that the server is configured as an open relay. Since we route mail through an isp i suppose this isnt a prob. But if i want to secure this server against open relaying how do i do this? Yesterday i changed the props of the smtp virtual server > Access > Relay > and selected "only the list below" and also selected "allow all computers which successfully authenticate to relay, regardless of the list above". All users afterwards could send external mail ok but some could not receive. Have i missed something? Thanks

Answer Wiki

Thanks. We'll let you know when a new response is added.


I dont think , that these settings have caused the prob there could be some other reason

Discuss This Question: 4  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • JimTrouble
    Hi Domino do u have any suggestions as i have checked all settings in exchange and everything looks as it should?
    15 pointsBadges:
  • Petroleumman
    Hello, I agree with Domino, your SMTP configuration for relaying is correct so there must be another problem preventing some users from receiving their mail. Can you expand on the problem a bit, have you noticed any pattern amongst the users not receiving mail like do they all belong to a specific AD group or assigned to a different routing group or information store on the server? Does this problem affect specific users only or does it strike randomly among all users? What about you ISP, have they offered any suggestions? Post some further detail and hopefully that will shed some light on what might be going on. Good luck!
    0 pointsBadges:
  • Stevesz
    You said you have selected Only the list below in your relay restrictions. You should have a range of IP addresses equal to your internal network IP addresses. If you have something else, you will be in trouble. One does suppose here that you are using a private range of IP addresses here 192.168.x.x or 10.x.x.x or 176.16-31.x.x. If your internal network is using public IP addresses, then you will probably only want to allow only those addresses that are actually being used, meaning you'll need to put them in one at a time as individual addresses and change them each time an additional workstation is added or removed. Have you seen the NDRs the senders are gettin gfor those who are now not recieving mail? That will give you your biggest clue as to what is happening, and probably lead you to the proper solution.
    2,015 pointsBadges:
  • JimTrouble
    Hi all thanks for all your input guys. stevesz your suggestion of adding the IP addresses to the allowed to relay list seems to have done the trick! Thanks for that!
    15 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: