|
SonOfPirate -> Security Setup Issues (21.Feb.2007 4:23:26 PM)
|
I am running Exchange 2000 for a small business that hosts its own e-mail as well as the e-mail of some of its smaller clients. We have run into an issue where a client that was recently added cannot connect to the server using Outlook 2000, 2003 or Express. The error message has to do with the server not responding.
As part of my troubleshooting efforts, I have tried unsuccessfully to telnet into the server from outside our network using the command: "telnet mail.mydomain.com 25". From this, I began monitoring TCP port activity using the Windows netstat command.
What I have found is what appears to be someone (or someoneS) using our servers to relay messages. I began doing a whois search on all of the IP addresses that connected to port 25 and repeatedly found these to be from Asia, Africa or Latin America. In addition, when viewing the Queues for the Default SMTP Server in Enterprise Manager, the list grows dramatically when one of these IP's connects. All messages indicates that they are being sent by postmaster@mydomain.com I'm thinking this is a bad sign (correct my if I'm wrong).
The problem is that I don't know what settings I should have in place to properly block these outside "users" from being able to relay message but still allow our outside clients to do so. The setup currently allows anonymous access and the relay restrictions are set to "Only the list below" and the "allow all computer which successfully authenticate..." checkbox is checked. If I change the restriction to "All except those below", our client can connect and send e-mail from Outlook. But, doesn't this open our server up for attacks like it appears is occuring?
How can I prevent these outside users from relaying through our server yet continue to provide POP3/SMTP access to our clients?
Thanks in advance.
|
|
|
|