06 Sep 2010
Support Center
»
Knowledgebase
»
Prevent open relays on Exchange Server
Prevent open relays on Exchange Server
Article
Takeaway: Open relays on corporate networks are a contributing factor to the volume of unsolicited e-mail currently flying around the Internet—and the presence of such relays is often unbeknownst to the owners of those networks. Are your e-mail servers vulnerable to mail relaying? In this edition of Security Solutions, Mike Mullins tells you how to determine if they are.
Open mail relays—e-mail servers that allow third-party transmission of messages—are a significant contributing factor to the volume of unsolicited e-mail currently flying around the Internet. Spammers send millions of junk e-mail messages daily, and open mail relays make the process easier.
However, most companies are unaware that spammers are taking advantage of the organization's e-mail servers for such nefarious purposes. Depending on the version of Exchange server that your organization is running, you might be vulnerable to mail relaying. Let's look at how you can find out.
Defining the problem
Mail relaying occurs when e-mail sent from one server routes to an intermediate e-mail server, which then delivers it to the recipient's e-mail server. But there are, in fact, legitimate uses for a mail relay.
For example, you might have a e-mail server that serves as your Internet bridge server. That server receives e-mail from the Internet and distributes it to a cluster of internal e-mail servers.
However, spammers who want to disguise the point of origin for their spam messages will route their junk e-mail through a mail relay to confuse the recipient. Seeing an e-mail from a legitimate address can easily dupe users into thinking the message is worthy of attention.
Checking your vulnerability
You can check your organization's Exchange servers to determine whether they're vulnerable to mail relay. The best way to do so is using a workstation from outside the company's network.
To check your servers, you need to know the fully qualified domain name (FQDN) for your e-mail server. If you don't know the FQDN, you can find it rather easily. Follow these steps:
Go to Start | Run, type cmd, and click OK.
At the command prompt, type nslookup, and press [Enter].
Type set type=mx, and press [Enter].
Type the domain name of your organization (e.g., techrepublic.com).
The results will show an MX preference that lists the name(s) of the Exchange server.
To determine whether your Exchange servers are vulnerable to open relays, follow these steps:
Go to Start | Run, type telnet, and click OK.
At the Telnet command prompt, type set localecho, and press [Enter].
Type open
25, replacing
with the FQDN of the Exchange server. 25 signifies the port you want to connect to. (TCP/IP port 25 is for SMTP.)
Your telnet console should return a result that looks something like the following. (The Version will vary, depending on the version of your Exchange server.)
220
Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at –date- -0500Next, type ehlo
, replacing
with any domain except your own, and press [Enter].
This will return some output, and the last line of the result should be:
250 OKType mail from:
, replacing
youremailaddress@anotherdomain.com
with a valid e-mail address, and press [Enter].
This will return some more output, and the last line of the result should say:
250 2.1.0
youremailaddress@anotherdomain.com...Sender
OKType rcpt to:hacker@spammail.com, and press [Enter].
If you see the following result, you have an open relay and need to take action.
250 2.1.5
hacker@spammail.comStopping
the relay
If you discover that your organization has an open relay, you need to stop it. To stop open relaying on the Default SMTP Virtual Server, follow these steps:
Go to Start | All Programs | Microsoft Exchange | Exchange System Manager.
Expand Servers, expand
(the name of your Exchange server), expand Protocols, and expand SMTP.
Right-click Default SMTP Virtual Server, and select Properties.
On the Access tab, click the Relay button at the bottom.
Select the Only The List Below check box, and remove any entries in the list that aren't a part of your business network.
Select the Allow All Computers Which Successfully Authenticate To Relay, Regardless Of The List Above check box.
Close all dialog boxes.
Your Exchange server will now only relay mail for authenticated computers and computers that you have specifically allowed.
Final thoughts
Exchange Server 2003 disables open mail relay by default. And unless you've made some major changes to its SMTP configuration, Exchange Server should have this disabled as well.
However, if you suspect that your server is vulnerable to mail relaying, it's worth checking out. Make sure your organization is part of the security solution—and not part of the problem.
Article Details
Article ID:
4
Created On:
02 Sep 2009 12:01 PM
This answer was helpful
This answer was not helpful
User Comments
Add a Comment
Sharing is good. If you have a comment about this entry, please feel free to share. The comments might be reviewed by our staff, and may require approval before being posted. Questions posted will not be answered. Please submit a Ticket for support requests.
Image Verification Required
Please enter the characters that appear to the right in the space provided. This is just to verify that you are a human.
Full Name:
E-mail Address: (optional)
Comment:
Back
Login
[Lost Password]
E-mail:
Password:
Remember Me:
Search
-- Entire Support Site --
Knowledgebase
Downloads
Troubleshooter
Article Options
Add Comment
Print Article
PDF Version
E-mail Article
Add to Favorites
Home
|
Register
|
Submit a Ticket
|
Knowledgebase
|
Troubleshooter
|
News
|
Downloads
Language:
English (U.S.)
Help Desk Software by Kayako SupportSuite v3.30.02
