No announcement yet.

Open Relay problem

  • Filter
  • Time
  • Show
Clear All
new posts

  • Open Relay problem

    I have a brand new server running Microsoft Small Business Server 2003. I have recently noticed that a large volume of spam e-mail is going out of our server. The problem seems to be an open relay problem because I shut down all workstations last night and there were about 50 emails sent from the server. The SMPT log shows the e-mails going to random addresses and the From field is blank. I have scanned the computer for viruses and nothing was found. My Exchange Server settings prohibit relaying and my server seemed to pass an open relay test. However, there is no question that a large volume of spam e-mail is leaving the server. Any help is appreciated.

  • #2
    What are your relay settings? How many SMTP virtual servers are you running? Are you using a complex password for all users? Did you enable logging on the SMTP v. server?

    Daniel Petri
    Microsoft Most Valuable Professional - Active Directory Directory Services


    • #3
      Open Relay issue

      I am currently experiencing something similar, although I had noticed that in ->SMTPVS->PROPERTIES->ACCESS->RELAY RESTRICTIONS:

      The "All except the list below" radio button was selected
      Along with the default "Allow all computer which successfully authenticate to relay, regardless of the list above" checkbox selected (checked).

      The problem that occurs is that when I switch the above radio button to "Only the list below" the internal domain suddenly is not able to receive email from the outside world. Meaning I send an email from an external account and at that external account I immediately get a message that says:

      Delivery Status Notification
      SMTP diagnostic: 550 Requested action not taken: mailbox unavailable

      It is confirmed internally that the email never makes it to the mailbox.
      But the moment that I set the radio button back to "All except the list below" mail starts to come in or is allowed in. Meaning I can do the same test and watch the email that was sent from the external address plop right into the mailbox that it was sent to internally.

      What is causing this to happen. It seems kind of buggy to me and contrary to every bit of information that I have been able to get a hold of with regards to preventing open relay on an Exchange Server.

      NOTE: In the tests performed above "the list below" is blank on both situations.

      Any help would be greatly appreciated.




      • #4
        Under Relay Restrictions select 'only the list below' and grant relay rights to the local host. Allow all computers. which successfully authenticate to relay.

        hope this helps


        • #5
          Thanks for the reply

          Actually, I have tried this and it does not seem to work the way it should. I still get the same error as mentioned in my previous post. It is odd, but it does not matter who I grant access to, including the localhost, mail is rejected when the "Only the list below" radio button is selected. Any other ideas?


          • #6
            Could the SMTP service be running as a different administrator and password?


            • #7
              I am currently logging on as Administrator on the server at which point all services seem to start up without error. Under the services section the SMTP service is set to use the local account.

              Should I set it manually to use the administrator account? If I do this I believe that I will have to set any/all "dependent" and "depended upon" services manually as well.
              Your thoughts?


              • #8
                OK. leave that alone for the time being.
                What would be interesting to know is
                1. whether you are configured to use a separate domain name for internal use... like on your LAN, which differs from the domain name that identifies you on the Internet?
                2. How did you configure your DNS in relation to the above?


                • #9
                  The public domain is with the private NT Domain as and the SOA as


                  • #10
                    1. One of the problems most often encountered when configuring an Exchange Server system is the fact that often the internet domain nane you want to receive email for (i.e. "") does not match your standard active directory domain name (i.e. ""). The Exchange Server component handling incomming emails - the SMTP server - does not accept emails for other domains than your standard active directory domain, even if you entered the correct email addresses ("[email protected]") in the active directory.

                    So take a look into your Recipients Default Policies and add what might be missing, so that Exchange will start accepting messages. just make sure there is a tick in This Exchange Organisation is responsible for mail delivery to this address..

                    2. SMTP server.
                    This one should be configured by now. Check again:
                    - Choose "Connection" to grant or refuse the right to connect to the SMTP server to individual or multiple IP Address Ranges. Please ensure the system Exchange runs on does have the right to connect granted. Selecting All except the list below' option and leaving 'Computers' field blank will allow all systems to have access to the SMTP server.

                    - Under "Relay..." you can assign the right to relay through your SMTP-Server to some systems. Allow localhost ( to relay. 'Only The List Below' option should also be selected. Effectively, it will be the only entry there, as I dont think you have a specific need to relay elsewhere. Don't forget to put a tick to allow all successfully authenticated computers to relay.

                    Test this with all things in place. This should, hopefully, do the trick..
                    Good luck, mate.


                    • #11
                      IT WORKETH!!! THANK YOU!!

                      That did the trick. Thank you so much. It is funny that in all my Exchange Server training and residual information (books and manuals), there is no discussion about the relation between the Recipient Policy and the Relay restricions section for the SMTPVS. I greatly appreciate your help, you have saved, yet another "about to go insane" Systems Engineer.


                      • #12
                        no problem

                        Heh, sorted...