[email/head.htm]
[email/ads/adsleft.htm]

 

How to Configure the Exchange Server to block open SMTP relaying

There are two Exchange Server components that permit SMTP relaying to be turned on or off:  The Default SMTP Virtual Server and  The SMTP Connector. Additionally, if the server is running ISA Server, the server may be an open relay if the following conditions are true:  ISA Server is configured with a server publishing rule for the SMTP protocol and 127.0.0.1 is in the list of IP addresses that are allowed to relay in the properties of the default SMTP Virtual Server.

To block open relay on the Default SMTP Virtual Server, follow these steps:

1.  Click Start, click All Programs, click Microsoft Exchange, and then click System Manager.

2.  Expand Servers, expand Servername, expand Protocols, and then expand SMTP.
If the Exchange server is an upgrade from a previous version, expand Administrative Groups, expand Servername, expand Servers, expand Servername, expand Protocols, expand SMTP.

3. Right-click Default SMTP Virtual Server and then click Properties.

4.  Click the Access tab.

5.  Click the Relay button at the bottom.

6. Restore the default settings which are as follows:

·   Select Only the list below.

·   The Computers dialog box shows Access Granted to the Internal IP address of the Small Business Server network and to the external IP address (if the server has more than one network card.)

·   Make sure that Allow all computers which successfully authenticate to relay, regardless of the list above is selected.

7.  Set the Default SMTP Virtual Server configuration for relaying as indicated, which restores its settings to their defaults.

To check the properties for the SmallBusiness SMTP Connector, follow these steps:

1.  In the Exchange System Manager, expand Connectors, and then locate the SmallBusiness SMTP Connector.
If the server is an upgrade from Small Business Server 4.x, expand Administrative Groups, expand Servername, and then expand Connectors.
Note: The SmallBusiness SMTP Connector is created when you run the Small Business Server 2000 Internet Connection Wizard. If you have manually created an SMTP connector, it may not be named SmallBusiness SMTP connector. Also be aware that the SMTP connector is not required for external mail flow. The absence of a connector may not indicate a problem.

2.  Right-click the SmallBusiness SMTP connector (or on the connector name that you manually created), and then click Properties.

3.  Click the Address Space tab.

4. The default settings (when this connector is created by means of the Small Business Server 2000 Internet Connection Wizard) block open relay. The default settings are:

·  Address Space -Type: SMTP

·  Address: *

·  Cost: 1

·  The Connector Scope is Entire Organization.

·  Allow messages to be routed to these domains is cleared (not selected).

5. Configure the SMTP Connector as indicated to restore its settings to their default values.


To examine ISA Server configuration, follow these steps:

1.  Open the ISA Management Console.

2.  Expand Servers and Arrays, expand Computer name, expand Publishing, and then click Server Publishing Rules.

3. If you see Create Server Publishing Rules on the right side together with some text, you do not have any server publishing rules defined. You may go to the end of this section. If you do not see Create Server Publishing Rules, you will see a list of rules defined. Go to step 4.

4. View the Protocol column to see if SMTP Server is listed. SMTP Server is the name of the default protocol definition for TCP port 25 Inbound in ISA Server 2000. If this protocol definition exists, an SMTP server publishing rule has been added to ISA Server.
Note Administrators can add a custom protocol definition by using a different name to define TCP port 25 Inbound. If you do not specifically see SMTP Server in the Protocol column, but see a protocol definition that defines TCP port 25 Inbound, it may also be an SMTP Server Publishing Rule.

5. To resolve this, disable or delete the SMTP Server Publishing Rule in ISA Server. To disable this rule, right-click the rule, and then click Disable. To delete this rule, right-click the rule, and then click Delete.

6.  Run the Internet Connection Wizard in SBS 2000 or run the Configure E-mail and Internet Connection Wizard in Windows Small Business Server 2003 to configure ISA Server to enable SMTP Inbound. To run the Internet Connection Wizard in Small Business Server 2000, click Start, click Run, type icw, and then click OK.
To run the Configure E-mail and Internet Connection Wizard in Windows Small Business Server 2003, follow these steps:

a. Click Start, and then click Server Management to start the Configure E-mail and Internet Connection Wizard.

b. In the left pane, expand To Do List. In the details pane, click Connect to Internet.
Note The Internet Connection Wizard and the Configure E-mail and Internet Connection Wizard add a packet filter to ISA Server to enable SMTP incoming from the Internet. If you want to continue to use a server publishing rule for the SMTP protocol, make sure 127.0.0.1 is not in the allowed relay list in Exchange. If you run the Configure E-mail and Internet Connection Wizard in Windows Small Business Server 2003 and choose the option to configure Exchange, 127.0.0.1 will be added back. You must remember to remove the address every time that you run the Configure E-mail and Internet Connection Wizard and configure Exchange. This issue does not occur in SBS 2000.

Post your questions, comments, feedbacks and suggestions

Contact a consultant

Related Topics


 

[email/ads/adsright.htm]

 

 [email/footer.htm]