Exchange 2003 relay

Science & Technology Information Technology, Gaming, Machines, Gadgets
1

I have Exchange 2003 running on Windows 2003 server.

In Exchange Manager under SMTP connection I see several sessions going on with outside IPs. There is unauthorized mail relay going on since I see several outbound mails on my firewall.

I already have relay restricted to only IPs within my network but that doesn’t seem to be enough to block unauthorized access. Are there any other security setting that I need to tweak to block unauthorized email spam from my server?

2

Re: Exchange 2003 relay

Outside servers do have to connect to your SMTP to send you emails, right? To test if your server is configured right, from home (or anywhere else outside your firewall) set your outgoing smtp address of your email client to your Exchange servers address and see if you can send out emails. If you CAN then your server is not configured properly. Report back and we'll take it from there.

3

Re: Exchange 2003 relay

I CAN send email from outside using my server SMTP so something is not configured right. If you have any suggestions, please let me know.

Also, is there any place in Exchange Manager to restrict incoming email to only "@mydomains.com"?

4

Re: Exchange 2003 relay

Who can you send the emails to, using your Exchange's SMTP server? By default you should only be able to send it to addresses resident on the Exchange, not anywhere outside.

If the involvment of a foreign country found in the terrorist attack..
5

Re: Exchange 2003 relay

I configured outlook express with fake email on a different network and used Exchange server's IP for SMTP. But I could only send it to mailboxes on exchange.

6

Re: Exchange 2003 relay

That's what I just said, you should be able to send emails from outside to mailboxes on Exchange. If you aren't able to do that then how will anybody on Exchange get emails?

The test you should be doing is from Outlook Express on a different network try sending emails to some external (Yahoo or Hotmail etc) email addresses thru Exchange and see if those get thru. That's what should not go thru, and something to worry about.

7

Re: Exchange 2003 relay

I can't send email from another network to someone outside my domain through Exchange server. When I do, I get this error (i've masked the exchange/smtp server IP and email):

The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was '[email protected]'. Subject 'Test-1', Account: 'xxx.xxx.xxx.xxx', Server: 'xxx.xxx.xxx.xxx', Protocol: SMTP, Server Response: '553 Requested action not taken: mailbox name not allowed or chunk too large', Port: 25, Secure(SSL): No, Server Error: 553, Error Number: 0x800CCC79

Problem is that I'm quite certain that the exchange server is being used by spammers to relay to outside email addresses. In exchange manager I can see large influx of connection to server's IP for prolonged periods. As I refresh the server qeue there are usually 30-40 emails waiting to go out every second with random email addresses. Because of this our IP is getting blacklisted and we can't send emails to some places.

8

Re: Exchange 2003 relay

Please help! :(

if u can be little again
9

Re: Exchange 2003 relay

Yaar, ur server is fine. There's always going to be bad emails stuck in ur Exchange queue cuz of spam bounce backs. I've never seen an Exchange box with no bad items in queue. Go to the details part of those emails and it probably says that those emails are sent by your domain's postmaster.

You already proved that you can't relay emails to your outsidemydomain.com account. When relaying is blocked you either get the 553 or 550 errorcode.

10

Re: Exchange 2003 relay

Tofi - I understand your bounceback theory, but I'm 99% sure this is not the case here. There are IPs from several countries leeched on to my server for several minutes, even hours and I have to manually disconnect them. In the meantime I'm getting obscense emails on behalf of people in our company (I verified that they didn't send it). I'm also receiving some vaigra type emails from my email address. These emails have multiple recepients and a lot of them get queued up with invalid emails.
At the very least there has to be some settings in Exchange server where it only accepts/relays emails sent to my domain names only. Let me know if you have any idea where to look for this.

Thanks.

11

Re: Exchange 2003 relay

  1. Its the easiest thing to spoof the "from" field, i.e. I can send out emails and it would look like it came from your mailbox

  2. Exchange 2003 (not 100% about previous versions) had relaying blocked by default. You have to manually open it up by going to the Protocol section under the server then drill down to Default SMTP Virtual Server and go to its properties. Under there click on the Access tab and there's a button Relay. Once that opens you add a domain, a single IP or a group of IP's that are allowed to relay. There's also an option to allow Authenticated computer to relay no matter what's listed.

12

Re: Exchange 2003 relay

I went to Ironport's senderbase.com and noticed that our IP has a very low reputation score (-2.9). I'm very concerned but have no idea what's going on.
I may end up putting our mail server on a different network with new IP as a last resort.