Open relay, or is it?

Similar Messages

• Internal Open Relay For Entire Network

  Hello All,
  Sorry if this has been answered, but I haven't seen anything that addresses specifically what I need in the forums.
  I have a single Exchange 2010 Server. I've set up a new receive connector called Open Relay and have opened up various I.P. Addresses. What I would like to do is open it up for all of my subnets internally (10.0.0.1/24.) Which is easy enough.
  Here's the problem, I only want the Open Relay to work internally, I do not want any of my workstations to be able to relay off the trusted subnets, across those internal subnets YES, but to the outside world, NO. Everything I try gives them rights to relay
  both inside and outside, that is a blacklisting just waiting to happen.
  This is so that all the scripts that I run remotely on workstations can send me emails with info that I need.
  Thanks Eric

  Create a receive connector
  http://technet.microsoft.com/en-us/library/bb232021.aspx
  add the required subnet to allow relay
  Get-ReceiveConnector yourconnectorname | get-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights 
  MAS

• Repectfully tell someoen your email server does not accept mail from open relay?

  Bryce Katz wrote:
  "According to our email server, your email is being rejected due to a serious misconfiguration on the sending email server. Please have your IT department contact us for additional information. We cannot make adjustments to servers we don't own, but we'll happily work with your IT department to resolve this issue."
  I liked it until the "happily work with your IT department" part.. It's one thing to say they can contact them, but to say "happily"..... Nope nope nope nope...

  So I got a call from one of my co-workers this morning regarding an email that he has been trying to receive from a (vendor?) regarding generator information.  The domain is powersgenerator.com.
  In looking in my logs, sure enough there is a message in my amavis log regarding open relay:
  Open relay? Nonlocal recips but not originating:
  To the question:
  What is the best way to word an email to this person (in a respectful business manner) to tell him (probably not in IT at all, and will have no idea what I am talking about) the reasons his email was rejected?  Some examples would be awesome.
  Thanks!
  This topic first appeared in the Spiceworks Community

• Allow only specific domains to use open relay

  I have a client that I have to send emails on behalf of with a reply address for the client. If I have * as an accepted (open relay) I can successfully send emails with the from and replyto address required for my client. The problem with this is being
  an open relay I now have spam emails being sent through my exchange server. Is there a way I can stop external addresses accesing the open relay? Or enable an exchange account to send as a non domain email address?

  Hi Rich,
  I am running exchange 2010 Version: 14.01.0438.000
  I am sending the emails from MSAccess using VBA (see script below)
  With Flds
              .Item("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = 1
              .Item("http://schemas.microsoft.com/cdo/configuration/sendusername") = "Domain.A Username"
              .Item("http://schemas.microsoft.com/cdo/configuration/sendpassword") = "********"
              .Item("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
              .Item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "192.168.1.7"
              .Item("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
              .Item("http://schemas.microsoft.com/cdo/configuration/senduserreplyemailaddress") = "[email protected]"
              .Update
          End With
  strHTML = "HTML for email"
  With iMsg
          Set .Configuration = iConf
          .to = Screen.ActiveForm.[Email]
          .CC = ""
          .BCC = "[email protected];[email protected]"
          .ReplyTo = "[email protected]"
          .From = """Client Name"" <[email protected]>"
          .Subject = "Subject"
          .HTMLBody = strHTML
          .AddAttachment ("s:\emailatt\file.pdf")
          .Send
      End With
  (Domain.A = local domain)
  (Domain.B = clients domain)
  The sending machine is on our LAN and a receive connector has been setup to accept emails from the IP Range that are using this script. Authentication is set to Basic and Exchange Server Authentication and Permission groups is set to Exchange users. The
  [email protected] email address has also been added to the Domain.A User Account email addresses.
  If I do not permit an open relay within the accepted domains list I get the following error
  The message could not be sent to the SMTP server. The transport error code was 0x800ccc69. The server response was 550 5.7.1 Client does not have permission to send as this sender.
  If I add Domain.B as an accepted domain this works however a copy of the email is no longer sent to my client and is treated like an email on our domain. 
  Thanks in advance for any help.
  Ian

• Open relay connector

  Trying to replace an open relay for servers/applications on exchange 2013 so I can retire exchange 2007, but I get the unable to relay error.  I’ve created the new frontend connector on CAS server with its own IP/DNS entries, scoped it and put security
  identical to the working connector on 2007. Also, I ran the obligatory: 
  Get-ReceiveConnector "exchange1\relay2" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"
  Used ADSIedit to verify it has the exact same permissions as the working relay connector in old exchange.
  Exchange 2013 I think, is not using the connector. When I telnet to relay.domain.com (exchange 2007), I get 250 relay.domain.com Hello [ip] as expected. When I telnet to relay2.domain.com (exchange 2013), I get 250 exchange1.domain.com Hello [ip] whereas
  I would expect to get 250 relay2.domain.com. If I attempt to send, I get unable to relay and logs show connection attempts using Exchange1\Default Front end connector.
  What did I miss?

  After some more testing, I think I may know what's going on, but not why.  I removed all the IPs from the remote range and added just one IP address and restarted the transport service. I can still open a telent session from a server that is not in
  the list.  
  From the How Does Exchange 2013 Know which recieve connector to use? section of http://exchangeserverpro.com/exchange-2013-configure-smtp-relay-connector/, he states the following:
  Simply put, receive connector selection is on a “most specific match wins” basis. The connector with remote network settings that most closely match the IP of the connecting server/device will
  be the one that handles the connection.
  This is not happening in my case. Even though my custom relay connector is a closer match, connections are going to the default frontend connector.

• Close Exchange 2010 Open Relay

  Hello,
  I am experimenting and trying to setup an exchange 2010 server to use with my personal domain. Let's make the following assumptions:
  Domain: domain.com
  Mail Server address: mail.domain.com
  My mail server sends emails using my ISP's SMTP server (suppose smtp.isp.com) as a smart host.
  My problem is that my exchange server seems to work like an open relay. If I use telnet to connect to mail.domain.com:25, I can send email from any to any address. What I'd like to do is to require some kind of authentication so only users that have mailboxes
  on my server can send email using mail.domain.com's SMTP.
  I believe the reason this happens is because I have enabled Anonymous users in the "Client" and "Default" Receive connectors. If I disable the Anonymous users though, I cannot receive emails from the internet. For example, a @gmail user
  won't be able to send an email to a user in my domain.
  How could I achieve my aim to restrict the SMTP relay to authenticated users but still be able to receive emails from the internet?

  Hi,
  As far as I know, there are two relay type:  authenticated relaying and anonymous or open relaying. And I recommend you use authenticated relaying which allows your internal users to send mail to domains outside of your Exchange organization,
  but requires authentication before the mail is sent.
  http://blogs.technet.com/b/exchange/archive/2006/12/28/3397620.aspx
  Thanks,
  Angela Shi
  TechNet Community Support

• Open relay issues

  i have installed iMS 5.1 but my mail server was listed as an open relay. how do i prevent my mail server from being listed as an open relay. are there any sample sciprts or lines that i have to add or modify my configurations?

  Hi Krish,
  It is my understanding that the files would not be available on the application server until after the transformation step has
  been completed. Therefore it would not be useful to create a routine in the transformation. 
  Maybe you could create a program that could be inserted in the subsequent step of the process chain?
  Best Regards,
  Vincent

• Open relay - urgent help please

  one of the admin guys for one reason and another which is too long to get into, opened us up as an open relay last night.
  It was supposed to be shutdown fairly quickly but got left open all night.
  It has now been stopped but we have been hit hard by relays
  I have stopped all the mail services and mail inbound and outbound is being stopped by the firewall.
  However I have run postsuper -d ALL
  but I am still seing tremendous amounts of garbage going into defer and deferred.
  How can I get all the system clear of mails that the system thinks it still has to deliver so that I can start my services again

  It has now been stopped but we have been hit hard by
  relays
  I have stopped all the mail services and mail inbound
  and outbound is being stopped by the firewall.
  However I have run postsuper -d ALL
  but I am still seing tremendous amounts of garbage
  going into defer and deferred.
  How can I get all the system clear of mails that the
  system thinks it still has to deliver so that I can
  start my services again
  postsuper -d ALL will delete all mail in the queue (will take a while though).
  Since you blocked mail at the firewall, I can't see how it could still be coming in.
  Unless you have been compromised and some script is sending from the inside.

• Open relay test results

  Hi all. I'm a new Ironport user, having just started working for a company that had a Spam and Virus Blocker already up and running.
  We've been put on some blacklists for acting as an open relay. Apparently my predecessor had already done much of the work involved in fixing this problem, but we're still on blacklists. I'm not sure when the last time we really were an open relay was; it could have been before the Ironport was ever installed. I want to clear our name, but before I start requesting removals, I want to be 100% sure that the problem is addressed.
  I've run some online open relay tests, and most report that we are not an open relay, but when I tried http://www.rbl.jp/svcheck.php , 5 of their 19 tests came back as "accepted".
  I searched the Ironport knowledge base and found that our settings already match the recommendation -- our RAT is set to reject "all other recipients".
  Here are the recipients from the tests that came back as "accepted":
  >>> RCPT TO: <rlytest%[email protected]>
  >>> RCPT TO: <"[email protected]"@server01.mycompany.com>
  >>> RCPT TO: <h.rbl.jp![email protected]>
  >>> RCPT TO: <"rlytest%h.rbl.jp"@mycompany.com>
  >>> RCPT TO: <"[email protected]"@mycompany.com>
  "server01" is the name of our Exchange server. Our firewall is set to forward port 25 to the Ironport.
  Some of the tests suggested that even an "accepted" message was not a sure sign of being an open relay, and that the mail server might accept it and then silently discard it anyway. Is this something I need to fix, or is it already handled by the Ironport? How can I tell for sure? I've considered telnet'ing in from my home PC and reproducing the commands shown on that site using a real email address of my own, but I'm not really confident in this procedure, or in the procedure of "properly" malforming email addresses. Any advice?
  Can anyone recommend further steps for me to take to be sure we are not operating an open relay?

  Thank you for the quick reply, Steven.
  It seems as though my Ironport does not have the "findevent" command. When I tried it I got an "unknown command: findevent" message, and the "help" message does not list findevent. Are you sure that command exists in the Spam and Virus Blocker, and not just other Ironport models?
  I notice that there are two upgrades available to download for my Ironport, so maybe it's just that my current version is too old. I'm not sure I'm daring enough to install the upgrades during business hours, so I'll probably do that on the weekend.
  Thanks again.

• How to close OPEN RELAY on Exchange 2010 EDGE server

  How to close open relay on it?
  Server passed OPEN relay test and we would like to avoid spammers attackin us.with best regards
  bostjanc

  Get-ReceiveConnector | Get-ADPermission | where {($_.ExtendedRights -like "*SMTP-Accept-Any-Recipient*")} | where {$_.User -like '*anonymous*'} | ft identity,user,extendedrights
  Identity                                User                                   
  ExtendedRights
  EXCHANGE-EDGE\Default internal receive co... NT AUTHORITY\ANONYMOUS LOGON            {ms-Exch-SMTP-Accept-Any-Recipient}
  Recreated RECIEVE CONNECTOR on EDGE solved it.
  bostjanc

• Disabling Open Relay in 904

  Hi,
  Does anyone know how to disable open relay in ocs 904?
  I've tried setting:
  relay allowed = false (smtp_in parameter)
  But it still allows the relaying of mails. The only way i can stop it is turning anti spam on, and that results in mails not getting sent or received.

  Paul,
  I had to eventually set relay allowed to false, aswell. For some reason i could no longer send mails via the webclient, sure outlook etc worked. The smtp_in log contained the following:
  (msgid ESSM-503)(mtext spam check failed for recipient: SMTP Authentication not done;relay not allowed for rcpt:[email protected]
  (mtext S: 550 Spam check failed for recipient's address:
  [email protected])
  The following message prompted me to set relay allowed to false - I would have thought the web client passed the authentication check.

• Open relay test

  I had just recently changed from a commercial mail server to using postfix/cyrus as supplied with 10.4.4 server. Set up went well though did get bit by having some mail come in before any users had login, there by causing some accounts to use the default mail store, when I wanted them using specific mail stores associated with their virtual domains.
  Anyway got that all sorted out, with the help of messages other had posted here about similar problems.
  I've also ran the mail server though a few open relay checks with no problems found, and have been going through the smtp mail logs every day for the last week and it looks like everything is buttoned down tight. But in doing so, it brings me to my question.
  As far as I can tell, all of the open relay tests available are from 1999 - 2003. Seems these are going to be outdated and that those wanting to co-opt mail servers to use for spamming have probably found new methods.
  So, any good relay test suggestions from anyone?
  Tom N.

  Better late than never I guess...
  Create an account at http://www.abuse.net/relay.html by sending an email message to "[email protected]".
  regards
  /rune

• Any special precautions needed to prevent open relay?

  Hi, we turned on the mail server on our os x server 10.4.7 machine and have started learning how to setup and manage our email server.
  Is there any special precaution / setup we need ot do to ensure we do not unwittingly become an "open relay" for spammers?
  Or does the default behavior after an install take care of that?

  greetings
  postfix by defaultis not open for relay. The settings in your /etc/main.cf files will determine what is any other machines you will allow to relay.
  mynetworks_style and mynetworks determine what other systems can relay.
  set mynetwork_style to host to limit relaying to just your local machine. Add ip addresses to mynetworks to allow specific clients to use your smtp server.
  hope this helps

• Specify Open Relay in Route Group

  Is there a way to specify opening a relay connection in MAX?
  I want to create a route group that opens some relay connections and closes others without having to issue individual connect and disconnect commands in TestStand for each relay.

  Hi Jason,
  You could use the Switch Soft Front Panel (right-click on the switch module in MAX and select Test Panels...), but since you've already configured a route group (and thus I assume you're using NI Switch Executive), you can use the NI Switch Executive Test Panel! 
  In MAX, select the NI Switch Executive Virtual Device of interest (i.e. SwitchConfiguration1).  In the menu above the NI Switch Executive user interface, click "Test Panel..."  The test panel allows you to connect/disconnect the routes and route groups in the Virtual Device.  You can even launch the Switch Soft Front Panel!
  Let me know if you have further questions.  Best regards!
  Chad Erickson
  Switch Product Support Engineer
  NI - USA

• Why is our server is listed as an Open Relay

  Following is my mappings file:
  <pre>
  ! VERSION=1.0
  ! Modified by IMS administration server on: Fri Mar 01 16:55:38 EST 2002
  PORT_ACCESS
  *|*|*|*|* $C$|INTERNAL_IP;$3|$Y$E
  * $YEXTERNAL
  INTERNAL_IP
  $(XXX.XXX.XXX.0/32) $Y
  127.0.0.1 $Y
  * $N
  LIST_AUTH
  *;*|* $[IMTA_LIBUTIL,imdlauth,$2+$1@$0]
  ORIG_SEND_ACCESS
  tcp_local|*|tcp_local|* $Y
  tcp_local|*|tcp_internet|* $Y
  tcp_local|*|tcp_local|* $N$D30|Relaying$ not$ allowed
  tcp_*|*|hold|* $N
  tcp_*|*|pipe|* $N
  tcp_*|*|ims-ms|* $N
  SEND_ACCESS
  tcp_*|*|*|*@[127.*] $X5.1.2|$NBad$ destination$ system
  tcp_*|*|*|*@localhost.* $X5.1.2|$NBad$ destination$ system
  *|*|inactive|* $X4.2.1|$NMailbox$ temporarily$ disabled
  *|*|deleted|* $X5.1.6|$NRecipient$ no$ longer$ on$ server
  </pre>
  The XXX.XXX.XXX.0 is our Class C Block of IP's.
  I have just installed this server so I don't fully understand it yet.
  Thanks in advance for any help with this.

  I think it is because of the first line in ORIG_SEND_ACCESS. That line (tcp_local|*|tcp_local|* $Y
  )allows spamming. In version 5.1 that line is not there by default because IMS5.1 forbids spamming by default. Your third line (tcp_local|*|tcp_local|* $N$D30|Relaying$ not$ allowed) is the first one in version 5.1.
  That's my guess.