Ok as soon as I can get this issue addressed I will be going back to trying to migrate my Exchange 2000 Server to Exchange 2007. Right now I have a major issue it seems on my current Exchange 2000 Server I have allot of folks trying to relay mail through my server. What is the best way to prevent unwanted Relaying right now I'm denying relaying by IP is there a better way. Please any feedback is good due to I have allot of junk in my Queues..!
It is best to deny all relaying (Select "Only the List Below") and then only add IPs that are allowed. You may also set the "Allow all computers which successfully authenticate to relay regardless of the list above" especially if you have POP/SMTP clients. If you do you will want to have them provide login credentials to the SMTP server over TLS.
In as many cases as possible I suggest not allowing your Exchange servers to allow relaying for internaly mail servers either, as if they become infected they can get your Exchange server blocklisted.
- Joel
Ok I got my Queues cleared and my SMTP Virtual Server is running and the Queues are empty but right now I'm not getting E-mail from the out side. I tried to email myself from Yahoo and nothing is coming in... Any Idea??
Do you get any NDRs when you try to send from outside? Is the Exchange server that you changed the relaying restrictions the same server with the mailboxes or a member of the same domain as the mailbox server?
You may want to enable SMTP protocol loggging and see what is happening when the remote SMTP servers are trying to send e-mail to you.
Yeah its the same server I just rebooted the server everything came up fine. But I just sent a email from my yahoo account and I'm still not getting it. Overall everything looks the same I see a few things in the queues like their wating to be remote deliverd. Everything has green circles with white check marks next to them. So looks normal I just wander what the delay is or what is going on.
Hmm one thing I have noticed is that when I go to the properties of my SMTP Virtual Server on the "General Tab"" IP Address say (All Unassigned) shuld that be set the my private IP that it has listed below??
Ok I changed that to my Private IP I was able to send a email to my yahoo account. Now it just seems like it's taking awhile to get a email from my yahoo account to me.
Man still can not get anything from outside like from my yahoo account..
Ok I got my mail working again looks like but this all seems to be a issue with Relay settings...... Right no what I did is on the properties of my SMTP Virtual Server on the ""Access Tab"" I went to "Connection Button"" and set it to "All except The List Below"". Before I had it set to "Only the List Below" it seems if it is set to that you can even get your yahoo mail from the outside. Now on the "Relay Button" I have it set to "Only The List Below" and I have checked "Allow all Computers Which Successfully Authenticate to Realy Regardless Of The List Above". What caused the problem was I had so much junk trying to relay mail off the server it hung up. So I finally clear all of the queues of like 1,600 items but now it seems things are working right now.
BUT what is the best way to prevent a bunch of junk relaying mail off the server that way I dont have tons of things my queues due to if you lock it down to much you can not get anything form the outside word...???
You should not have to enable relaying at all inorder to recieve inbound mail. Are the e-mail addresses that you are sending to part of your default recipient policy?
Do you have some sort of spam filter also running on the server?
Yeah I have a spam filter running and it has never given me any issues..As far as Relay Restrictions I have it set to "Only The List Below" which right now I have none in the list. As far as a default recipient policy I will half to look at that not for sure what it is set to or even if there is one at all. All I know is if on the "Connection Button"" if "Only The List Below" is checked then it seems like nothing comes in at all.. When it is set to "All Except The List Below" it seems mail comes in fine.. Checking the default recipient policy looks like nothing been really set there just default setting so forth..
Try adding just 127.0.0.1 and the local IP address of the server to the allowed list and see if that fixes the problem.
Ok add that to the Relay Restrictions or the Connections Control?? I think your talking about Relay Restrictions so right now it is set to "Only the list below" and its blank below. Also Allow All Computers Which Successfully Authenicate To Relay Regardless Of The List Above is checked. So add 127.0.0.1 and my private IP to the "Only The List Below" under Relay Restrictions??
You shouldn't need to but yes, try adding to the only allow the list below.
Also make sure that the guest account on your server is not enabled.
Yeah guest account Disable I will look at try that so far things seem back to normal queues are not that bad. Man come next week or two I got to get things moved over to the new server and get off Exchange 2000 and get on Exchange 2007... Anyway Thanks for all of your help today!!
Well everything is working but I guess I might half to look at putting my IP in the Relay Restrictions due to I see some junk in my Queues this morning..
The Connections are showing up in the Current Sessions and they end up in the queues. It seems like it more of a setting issue with the connection button..
Are the messages sitting in the queue Non-delivery reports from spam that is coming in to your Exchange server?
I think their just sitting to be deliver is all. But it seems like I'm not getting as much as I was the other day.