how-to close an open relay on E2K

[Albert Vasquez]

Title: Open relay

Okay if you are operating an Exchange 2000 server the following steps need to be followed for securing your server and preventing an open mail relay. 1. Start the system manager expand your administrative group (if your using one) in which the server you want to use resides. 2. In the console tree, navigate to the protocols container. Expand the servers, expand the server you want to work with then expand Protocols 3. In the console tree expand SMTP. Right click the virtual server that you wan to work with and select properties. 4.Click the access tab, and then click Relay. You should now see the Relay Restrictions dialog box. 5.To grant relay rights to specific computers and deny relay rights to all others, click Only the list below. 6.To deny relay for specific computers and grant all others the right to relay, click All Except the list below. 7. Create the grant or deny list, click add ,and thenin the computer dialog box specify a single machine, or a group of computers or a domain. for a single machine type the IP address for the computer for a group of computers type the subnet address and the subnet mask for a domain type the FQDN in the field. 8.click ok note: when you grant or deny based on domain there will be a performance hit while it does a reverse lookup. I also defined the who could make a connection to port 25 for an added level of security. To do this follow these steps: 1. Start the system manager expand your administrative group (if your using one) in which the server you want to use resides. 2. In the console tree, navigate to the protocols container. Expand the servers, expand the server you want to work with then expand Protocols 3. In the console tree expand SMTP. Right click the virtual server that you want to work with and select properties. 4.click the connections in the access tab.   5.To grant relay rights to specific computers and deny relay rights to all others, click Only the list below. 6.To deny relay for specific computers and grant all others the right to relay,click All Except the list below. 7. Create the grant or deny list, click add ,and then in the computer dialog box specify a single machine, or a group of computers or a domain. for a single machine type the IP address for the computer for a group of computers type the subnet address and the subnet mask for a domain type the FQDN in the field. 8.click ok note: If you use an Enterprise Monitor and monitor the SMTP port 25 make sure you add it to the grant list. That's it AlV     -----Original Message----- From: Jason Cordingley [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 15, 2002 11:41 AM To: MS-Exchange Admin Issues Subject: RE: Open relay Try   http://www.exchangeadmin.com/Articles/Print.cfm?articleID=7696   Worked for me   JasonCordingley   -----Original Message----- From: mark verschaeve [mailto:[EMAIL PROTECTED]] Sent: 15 January 2002 15:46 To: MS-Exchange Admin Issues Subject: Open relay   Hi all, I have a problem that my exchange server is on open relay. I already tried several settings, but a telnet-session still gives the possibility to send spam mail. I don't have the need to route to another server or so. It's a single domain, one exchange server, so the simplest configuration, but... I'm running NT4 SP6A and exchange 5.5 SP4 Also I have mails essentials installed on the same server. Even when i set routing to don't reroute I'm still open. Do I hav to re-apply the SP4, or can someone give me the exact settings? Thanks a lot, because we where spammed twice already!!!   Mark Verschaeve, IT-manager Mortier NV List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm