Registered users    
MembershipMembership:
Latest New UserLatest:chris reilly
New TodayNew Today:9
New YesterdayNew Yesterday:9
User CountOverall:23336
Private messaging    
You must be logged in to use this module.
Top 10 posters    
NamePosts
Mariette Knap12900
Marina Roos12523
Eriq Neale2114
Michael Patrick1913
Stan Guinn1913
Robert Pearman1771
Nick Pieters1425
Stewart Brown617
william warren601
Kevin D.579
Welcome unauthorized visitor    
If you want to join us in the discussions on this forum you need to register first. Registration is free! If you are already a registered user please login to join the forum.
Small Business Server Support Forum    
Forums > Microsoft Small Business Server 2003 & 2000 > Exchange Server 2003
Subject: open relay?
Prev Next
You are not authorized to post a reply.

Author Messages
Torrey Lauer User is Offline
United States
Member since
5/25/2005

Registered Users
Posts: 51
2/27/2008 10:53 PM  
Our ISP has blocked out outgoing e-mail for three days in a row now.  Starting about 2:30pm each day we get an message back from our ISP that our outbound mail has been refused.
 
I did a report and found that we are sending up to a 1000 e-mails from the Administrator account.  I cannot find any viruses on our PCs or the server. 
 
I have checked to make sure we are not an open relay, but from what I can see, it looks like we aren't.  From what I have read online this afternoon, it's possible to have SBS setup not to relay, but in certain circumstances, it still does.  Any advise on what to check further?
 
I just ran a Message Tracking from within Exchange System Manager.  I chose Administrator in the Sender field, and in just two days, over 1000 e-mails show up as coming from postmaster@moderntravel.net.  Can anyone help me figure out how someone is sending e-mails out from "postmaster" on our server?
 
Help, please.
 
Torrey Lauer
Michael Patrick User is Offline
United States
Member since
10/26/2005

Platinum Membership
Posts: 1913
2/28/2008 12:56 AM  
Turn off your NDR's in Exchange Manager...
 
Under Global Settings-->Internet Message Formats
 
Select the Advanced tab...uncheck all the boxes since you are limited on how many e-mails you can have per day.
 
Restart Exchange Services once you have done this....
 
 Because your running dyndns I am not sure how else to make sure your not an open relay.
 
You can try PM'ing me your domain info if you want....I can see what I can do.
Michael Patrick

"Technology Interpreter Extraordinaire"
CAD, BIM & SBS
Marina Roos User is Offline
The Netherlands
Member since
3/24/2005

Forum Admins
Posts: 12523
2/28/2008 01:59 AM  
Hi Torrey,
 
Didn't you already have a thread on this: ISP blocking outgoing e-mail > Small Business Server Support Forum - English > Smallbizserver.Net:
http://www.smallbizserver.net/Forums/tabid/53/forumid/5/postid/84149/view/topic/Default.aspx
Marina Roos Smallbizserver.Net AdministratorMission accomplished. We have joined the branch office to our SBS 2003 Headquarters and have the same user experience on the branch office as we have on our local  network at the Headquarters. Want to know how? Signup up for a subscription and get instant access to the article series 'How to add an additional Domain Controller from a remote office to the SBS domain'
Torrey Lauer User is Offline
United States
Member since
5/25/2005

Registered Users
Posts: 51
2/28/2008 03:37 AM  
Hi Marina,
 
I did, but I thought that the server could be an open relay, and started a new thread just for that topic.
 
I don't think it's an open relay, but there are a ton of e-mails going out as postmaster from our domain to every email address imagineable.  So, while I don't think it's an open relay, I'm still really not sure.
 
I have activated the recipient filter, and that seems to have helped the number of e-mails from postmaster going out.
Philip O'Rourke User is Offline
United Kingdom
Member since
10/31/2006

Registered Users
Posts: 7
5/06/2008 01:08 PM  

Hi Torrey,

If you still need help the following methodology might help guide you (speed through to step 2 if you wish)

Step 1

Determine whether you have actually an open relay.

Method 1 - the telnet method – The following is a good Microsoft article which explains the basics (must be done from an offsite machine or network).

http://support.microsoft.com/kb/324958/en-us

This is a useful webcast:

http://support.microsoft.com/?scid=http%3a%2f%2fsupport.microsoft.com%2fservicedesks%2fshowmehow%2f101904_1.asx

Method 2 – (the easy way) download Relay Test Pro from http://www.digiarch.org/relaytest.html

Before you ask I’m not affiliated with the firm in anyway but as a system administrator this tool is an essential. In the time it’ll take you to type your way through 1 test it’ll run 40+ separate tests!  – BTW you’ll still need an offsite/network pc to run this from.

Step 2

Ok, you’ve done the tests and you’re an open relay, now you’ve got to block it! The two obvious points to start with are your SMTP Connector and your SMTP Virtual Server. Not too many settings here and in most cases the following should fix it for you: http://support.microsoft.com/kb/324958/en-us

But here’s where it gets interesting; a lot of people report that they have their Exchange Server settings configured correctly but they still have an open relay - how so?

In every case of a properly configured Exchange Server relaying I’ve encountered the root cause lies in the Firewall configuration and how SMTP traffic is passed through to the SMTP server. How to test this - a quick examination of an email message header (right click an email on a client machine and select options) will show that the supposed sending server has a local IP address and of course Exchange Server will treat it as authenticated, see example below:

Microsoft Mail Internet Headers Version 2.0

Received: from msend5.rb.outsideserver.com (𖐸.168.1.99] RDNS failed) by someserver.co.uk with Microsoft SMTPSVC(6.0.3790.3959);

Obviously, in this example, the sending  SMTP server IP address should be public! Unfortunately there are many flavours of Firewall and for that reason I can’t go in to specifics here but, in general, when an inbound or outbound SMTP connection is NATed to an address other than the one assigned to the physical firewall interface, then the SMTP proxy still uses the physical interface name and address within the SMTP protocol exchange and in doing so rewrites the headers. 

If you’ve got exchange configured as it should be and your tests indicate that your server is an open relay then your Firewall is almost certainly to blame.

Step 3

You configured your firewall and Exchange server correctly, ran the test, blocked the open relay, and cleaned up your sever but your still unable to send email to some external domains– why? Well depending on how long your machine has been relaying it's  quite possible that your server has been placed on a “Spam Blacklist”. Again another easy one to check – simply go to http://www.dnsstuff.com or http://www.dnsreport.com (no, no affiliation with either but they are sys-admin essentials) put in your IP/Domain name. If you are logged you’ll find your SMTP IP or domain name listed there. Simply contact the list administrator have them delist your server; gradually you’ll mail services will go back to normal.

P.s. only when when you've got the basics right should you start using Intelligent Message Filtering

You are not authorized to post a reply.
Forums > Microsoft Small Business Server 2003 & 2000 > Exchange Server 2003 > open relay?


ActiveForums 3.7
Forum policy    
These Discussion Forums are dedicated to the discussion of the Small Business Server and related server and client software. For the benefit of the community please observe the following posting guidelines:
  1. No Advertising. This includes promotion of commercial products and non-commercial products which are not directly related to Small Business Server and related server and client software.
  2. No Flaming or Trolling.
  3. No Profanity, Racism, or Prejudice.
  4. Site Moderators have the final word on approving/removing a thread or post or comment.
Copyright 2002-2008 Concentrix b.v.    :   Page generated in 0.3906275 seconds.   :   Terms Of Use   :   Privacy Statement