How to fix open relay exchange 2003


Posted on 15th July 2013 by Mike in Exchange 2003 |Windows 2003

, ,

Ever setup an open relay on exchange server 2003? Its really easy to do. In fact out of the box it is an open relay. There are a few tricky configurations you must make and mistakes are costly. So do/fix it right the first time by following this post, and forget all those other posts/sites out there that only give you half the story.

In short, here’s the fix:
non-relaying-2003-exchange server

So here’s the long version.

If you’ve been an open relay for a while, your server will crawl until you stop the smtp service. After you do that, continue…

Open exchange manager and drill down to your default smtp virtual server properties.

Under the access tab select the button in access controls and give anonymous access. This allows other SMTP servers on the internet to connect to authenticate with your server without a username / password. You’d only want to use basic or integrated windows auth if your server was receiving email from other servers you own (corporate mail farms etc). More specifically, if you do not enable anonymous, only servers who know the username / pass can authenticate and deliver mail to your server.

Under Relay Restrictions, the ip addresses are nearly useless. Selecting allow all computers to relay regardless… will allow all the anonymously authenticated servers to relay (nothing you want to do). The thing you’re looking for under relay restrictions is the permissions. You want to give authenticated users submit permission (allow), and leave their relay permissions blank or select deny to explicitly deny it. Now add a group that contains all the users in your organization and allow them to submit and relay. Apply everything and restart the SMTP service.

If your queues were backed up from being an open relay they should clear pretty quickly.