Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Avoiding the infamous DNS blackLists using E2k3
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Avoiding the infamous DNS blackLists using E2k3 - 11.Aug.2004 2:47:00 PM
|
|
|
MajorPay
Posts: 7
Joined: 11.Aug.2004
From: Colorado
Status: offline
|
I am running E2k3 with W2k3 and MailEssentials and have been blacklisted by njabl.org for being an open relay. The problem is this: I need to run a pop3 protocol so outside members can connect and gain access to their e-mail, I need for all members to be able to e-mail outside the AD, and lastly, I need for the outside world to be able to e-mail in (and all this needs to be done without being considered an open relay). I have read too many articles and have found solutions that either block incoming internet messages, kill pop3, or forces me to know what ip address I am going to be at at any given time. E2k3 is becoming annoyingly frustrating! If any of you can give me assistance that would be great!
|
|
|
|
RE: Avoiding the infamous DNS blackLists using E2k3 - 11.Aug.2004 7:24:00 PM
|
|
|
paulbaldwin
Posts: 137
Joined: 20.Apr.2004
From: Lancashire, UK
Status: offline
|
Exchange by default allows authenticated users to relay but your client must be told that your SMTP server (Exchange) requires authentication.
You do not need to make your server an open relay!
You should also consider using SSL/TLS for your external POP3/SMTP clients or you'll expose passwords.
|
|
|
|
|
RE: Avoiding the infamous DNS blackLists using E2k3 - 11.Aug.2004 7:37:00 PM
|
|
|
MajorPay
Posts: 7
Joined: 11.Aug.2004
From: Colorado
Status: offline
|
smtp is checked with anonymous access, basic authentication, and integrated windows auth. if I uncheck anonymous, it blocks outside emails.
|
|
|
|
|
RE: Avoiding the infamous DNS blackLists using E2k3 - 11.Aug.2004 7:48:00 PM
|
|
|
paulbaldwin
Posts: 137
Joined: 20.Apr.2004
From: Lancashire, UK
Status: offline
|
That's right, you need anonymous for inbound mail.
But your user clients aren't configured to authenticate for SMTP and they need to relay too. Outlook doesn't authenticate by default, you have to go into the profile settings and tell it to ('my outbound server requires authentication' or some such option).
|
|
|
|
|
RE: Avoiding the infamous DNS blackLists using E2k3 - 11.Aug.2004 7:57:00 PM
|
|
|
MajorPay
Posts: 7
Joined: 11.Aug.2004
From: Colorado
Status: offline
|
I did, but even with these items checked and authenticating via exchange, you can still send an e-mail out off the server without authenticating (because incoming mail cant authenticate) which means that when I am tested for open relay, they send an e-mail through my mailserver from themselves to themselves (as a different name) and it successfully goes through.
-Please bear with me as I am actually a programmer and haven't had much experience in this area.
[ August 11, 2004, 08:01 PM: Message edited by: MajorPay ]
|
|
|
|
|
RE: Avoiding the infamous DNS blackLists using E2k3 - 11.Aug.2004 8:27:00 PM
|
|
|
paulbaldwin
Posts: 137
Joined: 20.Apr.2004
From: Lancashire, UK
Status: offline
|
Go into the properties of your inbound SMTP virtual server in System Manager (you may only have one 'default' virtual server). Click Relay on the Access page. Select the 'Only list below' option and clear the contents in the 'Computers' list. Click 'Users' and select 'Allow' for 'Relay Permission' for 'Authenticated Users'.
Fine-tune to tighten further as required and check-out the TLS options (you really should enforce that on Basic auth but need a certificate installed).
|
|
|
|
|
RE: Avoiding the infamous DNS blackLists using E2k3 - 11.Aug.2004 9:15:00 PM
|
|
|
MajorPay
Posts: 7
Joined: 11.Aug.2004
From: Colorado
Status: offline
|
how do I kill outbound mail now as I am currently the spam king?
[ August 11, 2004, 09:18 PM: Message edited by: MajorPay ]
|
|
|
|
|
RE: Avoiding the infamous DNS blackLists using E2k3 - 11.Aug.2004 9:31:00 PM
|
|
|
MajorPay
Posts: 7
Joined: 11.Aug.2004
From: Colorado
Status: offline
|
ok, I implemented the test and this is what I got on an open relay check:
From relaytestsend@rt.njabl.org Wed Aug 11 15:24:40 2004
Return-Path: <relaytestsend@rt.njabl.org>
Received: from server1.something.something
(not shown.customer.xxx)
by rt.njabl.org (8.11.6/8.11.6) with ESMTP id i7BJOYg22112
for <relaytest@rr.njabl.org>; Wed, 11 Aug 2004 15:24:34 -0400
Received: from rt.njabl.org ([209.208.0.15]) by server1.something.something
with Microsoft SMTPSVC(6.0.3790.0);
Wed, 11 Aug 2004 13:27:13 -0600
X-RT-Subject: relaytest: x.x.x.x (not shown)
X-RT-From: relaytestsend@rt.njabl.org
X-RT-To: relaytest@rr.njabl.org
From: relaytestsend@rt.njabl.org
To: relaytest@rr.njabl.org
Message-id: <1092252267.21770.0@rt.njabl.org>
Subject: relaytest: x.x.x.x (not shown)
X-OriginalArrivalTime: 11 Aug 2004 19:27:14.0359 (UTC) FILETIME=[34CB5C70:01C47FD9]
Date: 11 Aug 2004 13:27:14 -0600
|
|
|
|
|
RE: Avoiding the infamous DNS blackLists using E2k3 - 12.Aug.2004 3:23:00 AM
|
|
|
MajorPay
Posts: 7
Joined: 11.Aug.2004
From: Colorado
Status: offline
|
so what do I do now - my server is really queing up with spammers!
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
RE: Avoiding the infamous DNS blackLists using E2k3 - ![[Smile]](/image/smiles/smile.gif)
