Closing open relay in exchange 2k

Rapamatic

Member
Aug 8, 2001
99
0
0
I am having problems closing open relay in exchange 2k.

If I close down relaying, then people outside my network cannot send me emails (i.e. they cannot relay to my domain).

If I open up relaying then it is totally open and people can relay to any domain.

I need a way to allow relaying only to my domains.

Is this possible with exchange 2k?

I am in the process of downloading sp2.

Thanks
 

PeeluckyDuckee

Diamond Member
Feb 21, 2001
4,464
0
0
Where do you set the option to open relay anyways?? My problem is that I can send messages within my domain, but others from outside cannot send to my domain. If you can please point me to the proper place or tabs where that can be done, thx.

BTW, I'm still trying to fix the website problem. Going to send you some pics of my config soon as I convert the 4mb BMP files to gif/jpeg :)

Plucky
 

Rapamatic

Member
Aug 8, 2001
99
0
0
in exchange 2k it is under properties on smtp service, then the access tab. There is a "relay" button.
 

Psychoholic

Elite Member
Oct 11, 1999
2,704
0
76


<< in exchange 2k it is under properties on smtp service, then the access tab. There is a "relay" button. >>


That is where you will also set the domains that are able to relay, in case you didn't notice when you brought it up.
 

Rapamatic

Member
Aug 8, 2001
99
0
0
<<That is where you will also set the domains that are able to relay, in case you didn't notice when you brought it up.>>

It is my understanding that this is a list of domains of computers that I will allow to relay. That is, computers from the "bar.com" domain can relay using my computer (i.e. computer "foo.bar.com" can relay using my SMTP server). What I am looking for is allowing mail for my internet domain names (raykramer.com, for example) to be relayed, that is any computer can relay mail using my SMTP server if it is addressed to someone in the "raykramer.com" domain.

Am I mistaken in this regard?

Thanks!
 

marat

Senior member
Aug 2, 2001
207
0
0


<< <EM><<That is where you will also set the domains that are able to relay, in case you didn't notice when you brought it up.>></EM>

It is my understanding that this is a list of domains of computers that I will allow to relay. That is, computers from the "bar.com" domain can relay using my computer (i.e. computer "foo.bar.com" can relay using my SMTP server). What I am looking for is allowing mail for my internet domain names (raykramer.com, for example) to be relayed, that is <STRONG>any</STRONG> computer can relay mail using my SMTP server if it is addressed to someone in the "raykramer.com" domain.

Am I mistaken in this regard?

Thanks!
>>



Consider the situation:
I am using your win2k box to relay my email to someone@yourdomain.com and BCC: it to a lot of people. That will let me send tons of spam. Are you sure you wanna do that?
 

Saltin

Platinum Member
Jul 21, 2001
2,175
0
0
By default, Exchange 2000 SMTP Service does not allow unauthenticated SMTP connections. This is by design and is intended to prevent the Exchange 2000 server from being used as a potential relay for sending unsolicited mail (spamming). Therefore, the only inbound SMTP traffic that an Exchange 2000 server accepts out of the box is from another Exchange 2000 server (because the servers automatically authenticate with one another through Kerberos), or from a client that knows how to issue an AUTH command. If an Exchange 2000 server is going to be listening on the Internet, you have to enable anonymous access.

Because enabling anonymous access to the SMTP service also opens up the Exchange 2000 server for relay, you need to specify the IP addresses, subnets, or domains that will be allowed to relay ( In this case only your own). This specification must include your other Exchange 2000 servers. In doing this, you should clear the Allow all computers which successfully authenticate to relay, regardless of the list above check box. To see this check box, open the properties of the default SMTP server, click the Access tab, and then click Relay .

Enabling anonymous access also allows internal POP/IMAP clients to relay without the AUTH command (because they are authorized via Kerberos already), but you shouldnt worry too much about people inside your organization relaying. You can easily police that.