Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
block unauthenticated relaying
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
 Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM
|
|
TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!
|
block unauthenticated relaying - 1.Jun.2008 3:50:16 PM
|
|
|
hdamis
Posts: 72
Joined: 16.Mar.2005
From: Jordan
Status: offline
|
I am using windows 2008 exchange 2007 sp1.
I can telnet mail.domain.com 25
220 Mail.domain.com Microsoft ESMTP MAIL Service ready at..........
then I wrote
Helo
mail from: user1@mail.domain.com
it gave me
250 2.1.0 Sender OK
rcpt to: user2@mail.domin.com
..........
so how to block unauthenticated users from sending.
|
|
|
|
|
RE: block unauthenticated relaying - 2.Jun.2008 2:30:01 AM
|
|
|
hdamis
Posts: 72
Joined: 16.Mar.2005
From: Jordan
Status: offline
|
no one can help
|
|
|
|
|
RE: block unauthenticated relaying - 2.Jun.2008 9:12:00 AM
|
|
|
Sembee
Posts: 3960
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
You posted on a Sunday night, and then have chased again less than 24 hours later, when half the world isn't even awake yet. As with most technology forums, you will not see posts until California starts to wake up, that will be another four hours yet.
Does the message actually get sent? What have you changed because Exchange is relay secured by default. Therefore if the message does get sent then you have changed something. A setting on one of the connectors perhaps? Configured the Accepted Domains to be * ?
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/
|
|
|
|
|
RE: block unauthenticated relaying - 2.Jun.2008 1:45:21 PM
|
|
|
hdamis
Posts: 72
Joined: 16.Mar.2005
From: Jordan
Status: offline
|
Thanks for your replay, I know that but I really need the solution as soon as.
yes you are right I changed Receive connector permission groups on the default domain and checked Anonymous users. because when I unchecked it we couldn't receive any email from outside domaines like(yahoo,hotmail...). and who send from outside will get the following email " Delivery Status Notification (Failure)þ"
but wehen I unchecked Anonymous it will ask for authentication when telnet smtp.
but how to allow others to send to us emails .
< Message edited by hdamis -- 2.Jun.2008 3:56:10 PM >
|
|
|
|
|
RE: block unauthenticated relaying - 2.Jun.2008 4:14:26 PM
|
|
|
Sembee
Posts: 3960
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
A forum like this is not suitable for anything urgent. If you have an urgent query then you should call Microsoft support.
Enabling anonymous on the receive connector does not turn your server in to an open relay unless you have changed something else in the configuration.
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/
|
|
|
|
|
RE: block unauthenticated relaying - 3.Jun.2008 1:26:31 AM
|
|
|
hdamis
Posts: 72
Joined: 16.Mar.2005
From: Jordan
Status: offline
|
Enabling anonymous on the receive connector it will turn your server in to an open relay. if you Disabling anonymous it will turn off your server in to an open relay.
any other idea .
|
|
|
|
|
RE: block unauthenticated relaying - 3.Jun.2008 7:40:53 AM
|
|
|
Sembee
Posts: 3960
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
You are wrong there.
Enabling anonymous on the receive connector does not turn your server in to an open relay UNLESS you have changed something else in the Exchange org. It is very difficult to turn Exchange 2007 in to an open relay.
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/
|
|
|
|
|
RE: block unauthenticated relaying - 3.Jun.2008 11:49:25 AM
|
|
|
Sembee
Posts: 3960
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
How does that make me wrong?
If you want the server to receive email from the internet you have to enable anonymous on the receive connector. You have no other choice. That change on its own does not make the server an open relay.
Have you attempted to follow that post? That is for creating an additional receive connector to allow other servers to relay through your server.
If you are not using an Edge server then you should probably review this article from the same source:
http://msexchangeteam.com/archive/2006/11/17/431555.aspx
It explains how to setup a server to receive email from the outside.
If your server is becoming an open relay, then you must have changed something else, elsewhere in the server. How many times do I have to write that?
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/
|
|
|
|
|
RE: block unauthenticated relaying - 3.Jun.2008 2:12:05 PM
|
|
|
doctortt
Posts: 546
Joined: 26.Jan.2006
Status: offline
|
hdadmis,
Sembee is correct. I picked up a few Exchange 2007 books, and it explained everything about the receive connector and open relay.
|
|
|
|
|
RE: block unauthenticated relaying - 4.Jun.2008 1:39:32 AM
|
|
|
hdamis
Posts: 72
Joined: 16.Mar.2005
From: Jordan
Status: offline
|
Dear Simon
Suppose that I am wrong what things I changed. I didn't change any thing. and the question here how to deny clients from sending using
telnet ip 25
helo
mail from:...............
so Please I need a suggestion.
|
|
|
|
|
RE: block unauthenticated relaying - 4.Jun.2008 7:56:30 AM
|
|
|
Sembee
Posts: 3960
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
You cannot deny anyone sending email to users on your network using telnet or any other connection to port 25. Antispam software can deal with the messages or the connection, but out of the box, Exchange will accept email for any address on your domain. If you install the antispam agents you can enable recipient filtering, which will stop the server from accepting email for non existent users, but if someone knows the valid email address of a user then they can send email to them.
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/
|
|
|
|
|
RE: block unauthenticated relaying - 5.Jun.2008 3:44:32 AM
|
|
|
hdamis
Posts: 72
Joined: 16.Mar.2005
From: Jordan
Status: offline
|
Dear Friend,
I have AntiSpam but when I enable it on but when any one send from inside or even from outside company email it will return back with the follwing message :
554 5.7.1 This message has been blocked because the HELO/EHLO domain is invalid.
< Message edited by hdamis -- 5.Jun.2008 4:16:36 AM >
|
|
|
|
|
RE: block unauthenticated relaying - 5.Jun.2008 7:00:59 AM
|
|
|
Sembee
Posts: 3960
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
Are you sure that you are getting that message on internal email? A message sent between two users on the server get the message?
The message means what it says - the server is announcing itself as an invalid name. That is corrected on the Send Connectors for outbound email - IF the Exchange server is sending the email out directly and the messages are not going through an appliance or other SMTP host.
My primary recommendation though would be to get an experienced consultant to look at your server setup to ensure that it has been done correctly.
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
