allowing relaying... security issues

We are using Exchange 2000 on an SBS 2000 machine.

We signed up with Spam Soap - an outside company to provide 
incoming/outgoing SMTP mail filtering . As part of their service, you also 
configure them as a "smart host". This is configured in the virtual SMTP 
Server area - in the advanced options for delivery. Also, in order to have 
this work properly, the SMTP Connector we had configured in the 'Connectors' 
area also had to be removed.

We have an in-house VB .net application that automatically  sends 
auto-generated emails. This particular application is configured and running 
as a service on a small Win2K server.  In the code we send the mail out 
using our Exchange 2000 server. This was all working just fine until I 
removed the SMTP connector and configured the smart host information in the 
SMTPVS area. Once that was done, we were completely unable to auto send any 
emails OUTSIDE the company. The error was similiar to the following...

ERR-SendEmail-The server rejected one or more recipient addresses. The 
server response was: 550 5.7.1 Unable to relay for {username}@{domainname}.

(Note: We could send email internally using this service no probs - only 
messages being sent outside the company domain failed)

Now, the way I was able to resolve this was to allow  'relaying' for the IP 
address of the Win2K machine sending these emails via the custom service. I 
configured relaying in the Virtual SMTP server settings, Access->Relay 
settings. I granted relay access ONLY to the WIn2K machine that is sending 
these emails and it works just fine again.

My question is this...In the past I have heard that it is not a good thing 
to allow relaying due to the security risks of allowing this. Since I have 
now allowed relaying (but only for the one machine) am I now opening us up 
to security issues?? Obviously if we need to allow relaying it needs to be 
so, but I just wonder how big of a security risk this will really be for 
us - keeping in mind the fact that we are sending all mail through a smart 
host...  I am thinking this configuration should keep us pretty protected 
from someone finding and using this machine to send their own emails (i.e 
spammers)

What are peoples thoughts on this issue??

Thanks, Brad 


0
bradp (24)
3/5/2007 9:31:39 PM
exchange.admin 57650 articles. 2 followers. Follow

2 Replies
288 Views

Similar Articles

[PageSpeed] 23

Brad,

You should be fine with allowing relay to a local IP on your Relay Tab in 
your SMTP VS.  Be sure that only the list below is checked and the IP of the 
local Win2k machine is in the box.  I would also uncheck "those who 
succesfully authenticate" if you have not POP3 users.   I have seen spammers 
get authenticated by cracking an account.

-- 
John Oliver, Jr
MCSE, MCT, CCNA
Exchange MVP 2007
Microsoft Certified Partner


"Brad Pears" <bradp@truenorthloghomes.com> wrote in message 
news:%233AzA12XHHA.208@TK2MSFTNGP05.phx.gbl...
> We are using Exchange 2000 on an SBS 2000 machine.
>
> We signed up with Spam Soap - an outside company to provide 
> incoming/outgoing SMTP mail filtering . As part of their service, you also 
> configure them as a "smart host". This is configured in the virtual SMTP 
> Server area - in the advanced options for delivery. Also, in order to have 
> this work properly, the SMTP Connector we had configured in the 
> 'Connectors' area also had to be removed.
>
> We have an in-house VB .net application that automatically  sends 
> auto-generated emails. This particular application is configured and 
> running as a service on a small Win2K server.  In the code we send the 
> mail out using our Exchange 2000 server. This was all working just fine 
> until I removed the SMTP connector and configured the smart host 
> information in the SMTPVS area. Once that was done, we were completely 
> unable to auto send any emails OUTSIDE the company. The error was similiar 
> to the following...
>
> ERR-SendEmail-The server rejected one or more recipient addresses. The 
> server response was: 550 5.7.1 Unable to relay for 
> {username}@{domainname}.
>
> (Note: We could send email internally using this service no probs - only 
> messages being sent outside the company domain failed)
>
> Now, the way I was able to resolve this was to allow  'relaying' for the 
> IP address of the Win2K machine sending these emails via the custom 
> service. I configured relaying in the Virtual SMTP server settings, 
> Access->Relay settings. I granted relay access ONLY to the WIn2K machine 
> that is sending these emails and it works just fine again.
>
> My question is this...In the past I have heard that it is not a good thing 
> to allow relaying due to the security risks of allowing this. Since I have 
> now allowed relaying (but only for the one machine) am I now opening us up 
> to security issues?? Obviously if we need to allow relaying it needs to be 
> so, but I just wonder how big of a security risk this will really be for 
> us - keeping in mind the fact that we are sending all mail through a smart 
> host...  I am thinking this configuration should keep us pretty protected 
> from someone finding and using this machine to send their own emails (i.e 
> spammers)
>
> What are peoples thoughts on this issue??
>
> Thanks, Brad
> 

0
jcoliverjr (1013)
3/6/2007 4:28:44 AM
Perfect, thanks for that.  I checked the latter, and I do NOT have the 
"allow all who authenticate" box checked - so should be good there...

Thanks again, Brad

"John Oliver, Jr. [MVP]" <jcoliverjr@hotmail.com> wrote in message 
news:91110EF4-11B0-428E-88DB-9D3A3569F00A@microsoft.com...
> Brad,
>
> You should be fine with allowing relay to a local IP on your Relay Tab in 
> your SMTP VS.  Be sure that only the list below is checked and the IP of 
> the local Win2k machine is in the box.  I would also uncheck "those who 
> succesfully authenticate" if you have not POP3 users.   I have seen 
> spammers get authenticated by cracking an account.
>
> -- 
> John Oliver, Jr
> MCSE, MCT, CCNA
> Exchange MVP 2007
> Microsoft Certified Partner
>
>
> "Brad Pears" <bradp@truenorthloghomes.com> wrote in message 
> news:%233AzA12XHHA.208@TK2MSFTNGP05.phx.gbl...
>> We are using Exchange 2000 on an SBS 2000 machine.
>>
>> We signed up with Spam Soap - an outside company to provide 
>> incoming/outgoing SMTP mail filtering . As part of their service, you 
>> also configure them as a "smart host". This is configured in the virtual 
>> SMTP Server area - in the advanced options for delivery. Also, in order 
>> to have this work properly, the SMTP Connector we had configured in the 
>> 'Connectors' area also had to be removed.
>>
>> We have an in-house VB .net application that automatically  sends 
>> auto-generated emails. This particular application is configured and 
>> running as a service on a small Win2K server.  In the code we send the 
>> mail out using our Exchange 2000 server. This was all working just fine 
>> until I removed the SMTP connector and configured the smart host 
>> information in the SMTPVS area. Once that was done, we were completely 
>> unable to auto send any emails OUTSIDE the company. The error was 
>> similiar to the following...
>>
>> ERR-SendEmail-The server rejected one or more recipient addresses. The 
>> server response was: 550 5.7.1 Unable to relay for 
>> {username}@{domainname}.
>>
>> (Note: We could send email internally using this service no probs - only 
>> messages being sent outside the company domain failed)
>>
>> Now, the way I was able to resolve this was to allow  'relaying' for the 
>> IP address of the Win2K machine sending these emails via the custom 
>> service. I configured relaying in the Virtual SMTP server settings, 
>> Access->Relay settings. I granted relay access ONLY to the WIn2K machine 
>> that is sending these emails and it works just fine again.
>>
>> My question is this...In the past I have heard that it is not a good 
>> thing to allow relaying due to the security risks of allowing this. Since 
>> I have now allowed relaying (but only for the one machine) am I now 
>> opening us up to security issues?? Obviously if we need to allow relaying 
>> it needs to be so, but I just wonder how big of a security risk this will 
>> really be for us - keeping in mind the fact that we are sending all mail 
>> through a smart host...  I am thinking this configuration should keep us 
>> pretty protected from someone finding and using this machine to send 
>> their own emails (i.e spammers)
>>
>> What are peoples thoughts on this issue??
>>
>> Thanks, Brad
>>
> 


0
bradp (24)
3/6/2007 9:01:54 PM
Reply:

Similar Artilces:

HELP
we have page overflow and date format issues with excel macro. this macro generates about 20 pages of charts... 18 of 20 are printing on two pages when we run on xl2002 sp-2, same reports are on one per page in xl97 and xl2000. any suggestions as to a fix would be greatly appreciated. thanks, bluec ...

Created database set security now won't let me in
I have created a rather simple database. I set up user and group security. I was in Access for hours yesterday with no problem. This morning I try to get in and it says I do not have permissions to contact administrator or creator to give permissions. Is there a way to get in and remove the security settings I placed so I don't have this issue? On Jan 16, 10:18=A0am, p-rat <osupr...@yahoo.com> wrote: > I have created a rather simple database. I set up user and group > security. I was in Access for hours yesterday with no problem. This > morning I try to get in and it says I...

Missing security tab in recipients
We are running Exchange 5.5 SP3 and when I click on recipients there should be a security tab so I can do more with the mailbox. This is missing? Any ideas? "Ken Reni" <ken@acc.smtc.net> wrote in news:01ce01c3d0b3$26cdc9d0 $a301280a@phx.gbl: > We are running Exchange 5.5 SP3 and when I click on > recipients there should be a security tab so I can do more > with the mailbox. This is missing? > > Any ideas? > In Exchange administrator click on Tools, options, permissions tab, select "show permissions page for all objects" Regards, -- Ar...

.xps file unable to read due to security setting
I created a Word 2007 & Publisher file and saved it as an .xps file. I emailed it to myself using Outlook Express. I was NOT able to open up the file due to a security setting problem. I have contacted MS support (Word) and Publisher. No one could find an answer. Any suggestions. The error message comes up under IE7. Have you tried to open the file with IE? A download Microsoft XML Paper Specification Essentials Pack http://www.microsoft.com/downloads/details.aspx?FamilyID=b8dcffdd-e3a5-44cc-8021-7649fd37ffee&DisplayLang=en -- Mary Sauer MSFT MVP http://office.microsoft.c...

Strange Message..."domain isn't in my list of allowed rcpthosts (#5.7.1)"
Hi, One of my clients emailed me this message a little while ago. Now, nothing has changed to my knowledge on the server or with-in their enviornment in any way. What would cause this message to all of a sudden appear? And, most importantly, how do I correct it? Thanks, Chris -------------------------------------------------------------------- > -----Original Message----- > From: System Administrator > Sent: Monday, April 18, 2005 3:44 PM > To: 'Maria Sayers' > Subject: Undeliverable: RE: Tomorrow Morning > > Your message did not reach some or all of ...

CRM Router Issues
Our crm router sends out alot of Delivery Status Notification (Delay) on a particular day. What are the possible reason for this happening and how can it be stopped without affecting the regular emails? ...

That assembly does not allow partially trusted callers
fwiw I'm a total newb to dotnet. trying to learn by doing. I started with an app we purchased from an outside consultant(including source code). Several things about it did not work properly so i'm in the process of revising. Even with my limited knowlege i saw several things they did that were not good coding, and have fixed. but there are other areas I don't know about - i think there are parts of their code i still have to remove but am working on over time. my new dll "works" on my machine but i tried to set it up on a co-worker's machine and get t...

New DPM2010 RC isntall. A few issues
I'm testing DPM2010 RC with some clients and have run across a few things I thought I would post here. I have the server hooked up to 2 clients 1 XP and 1 Win7 and on both of them in the DPM GUI on the client if I click on the Recover tab and then the search icon I get an error. The server is listed correctly, as DMP.domain.local and the clients are being protected. The error is: Unable to contact the DPM server. The specified server does not exist or is not compatible with the DPM Client. Recommendations: 1: Make sure DPM server name is correct. 2: Contact your DPM admin...

Service Module used to track software development issues
I have a client who develops software, and is very keen on MSCRM for both Sales and Service. However, they are looking at an additional product to track software bugs and development issues. I can't see why the service module can't handle this. Does anyone have any experience or know of any companies using MSCRM for this purpose? Any assistance will, as always, be gratefully appreciated. Cathy Allington Client Relationship Marketing P/L I agree that you could use the service module for this. I would advise you to scan the internet for packages dedicated to software bug tracking et...

SUM() issue
Hi, i have a question for y'all, i have a table D P Partner --------------------------- 1 3 P 5 2 P 6 4 K 8 3 K 7 8 P 7 5 K 2 3 K Ok, what i need, is to find a difference between the SUM(of D column where the Partner is P) and SUM(of P column for all partners)... So, the result should be SUM(D where Partner = P) - SUM(P) If anyone has any ideas, please share it with me,....THANX!! "ApeX" <mmojas@gmail.com> wrote in message news:1182468415.543257.187560@w5g2000hsg.googl...

Junk Mail Filtering Issue on an Existing Exchange Server
Hi all, I have an interesting issue using the IMF features of Exchange 2003 SP2 and I'm having a tough time tracking down the issue. I'm in the process of implementing the MS Messaging Security Suite. I have two clusters, one four node backed by a NetApp SAN in DC and one two node backed by an HP MSA storage device in Florida. I just implemented the DC cluster and I inherited the Florida cluster. The clusters are in two different routing groups, but same administrative group. Only one SMTP connector is shared. I've stood up MSS (Antigen AV and Spam) on my SMTP relays and configu...

SmartList Security
I'm having a significant problem with SmartList Security. It relates specificly to access for HR-Applicant, Applicant Education, Employee Benefit and Employee Education. I have at this point unchecked these options 6-7 times for my 46 users and their ablility to access keeps coming back. Yes, I have applied the changes. I've made the changes in SmartList Security and Advanced Security with no success. -- Thanks, Dean Anderson Hi Dean Are you using any User Classes? If you are, please check the Smartlist security stored against the class, it is possible that the class is cau...

External Link Issue
I have come across something rather bizarre that I hope someone can answer. I opened a workbook in excel, we will call it Book1, that has external links, I opt to "Don't Update". In the workbook are links to someone's C: drive and as far as I am aware I don't have access to their drive. Also FYI ... The status bar in the lower right says "Ready" ... not "Calculate". Plus, if I hit "F9" the numbers remain the same. When I look at a cell "D10" it shows $90. Then I open a copy of the same file but named Book2 .... Book1 is still ope...

.NET XMLDocument Save issue
Hi, Currently we are using the .NET XMLDocument Class to manipulate some xml documents. The issue we are having is that when we save the XML files using the classes save method, empty xml tags will be saved with a CRLF instead of the empty value. This can be solved by setting the PreserveWhiteSpace property to true. But then the indentation is lost. E.g.:- Before Saving this is how the tags are. <Test></Test> After saving <Test> </Test> Has anybody come across this, is there any solution for this. Thanks Amendra. ...

Outlook Exchange and pop3 relay problem
I have a problem, I have an exchange server working internaly through outlook and pop3 accounts working directly to the outside pop3 server from outlook. When I try sending mail to multiple users of which some are internal and some external the program sends all the messages through the external pop3 account. Even though I have the exchange server set as my default account, when I send a message to an exchange user, forwarded from a recieved message through pop3 it also sends the message through pop3 overriding the default settings. My question is: Is there any way of setting the progr...

Allow removal of "Sales Process" tab from Opportunity form
Currently there is no way through supported customizations to remove the "Sales Process" tab from the Opportunity form. We would like to be able to do this. ---------------- This post is a suggestion for Microsoft, and Microsoft responds to the suggestions with the most votes. To vote for this suggestion, click the "I Agree" button in the message pane. If you do not see the button, follow this link to open the suggestion in the Microsoft Web-based Newsreader and then click "I Agree" in the message pane. http://www.microsoft.com/Businesssolutions/Community/...

Macintosh Word X Indentation Issue
I am using Microsoft Office Mac X purchased December 24, 2003. Problem: I have a 250 page document, suddently the first line of each = page=20 is indenting and I am having to go to the individual pages to drop the=20 opening line down to eliminate the indent. The only explanation I can think of -- I had originally number the = pages,=20 then using the header/footer facility in View Mode, I deleted the page=20 numbers, creating this formatting inconsistency, which is extremely=20 disabling. I tried copying the full document onto another blank = document=20 but the formatting carried over. ...

Sync Issues
Ok, I've seen other people run into this, but it seems no-one has an answer to it: Symptoms: Your "Sync Issues" starts getting clogged with entries named "Synchronization Log" and with an error description "Error synchronizing message...". It happens whenever somebody else starts creating appointments and and uses the "track in crm". You get it every time your outlook tries to sync. with the Exchange server; on my laptop, around 2 mails/minute. You also get a copy of the calendar entry in the "Local Failures", virtually doubleing th...

Exchange 2003 "send as" issue.
Hi, A client of ours uses SBS 2003 and would like certain users to be able to send "as" other users. They can "send on behalf" however the email then states "sent by xxxxx on behalf of yyyyyy" which is not what they want. They want the email to appear as though it has come from another user. Administrator can achieve this yet no other users can - even when full permission is granted to the mailbox etc. We have previously been able to do this with SBS 2000 (or full Exchange 2000) yet it appears to be different in 2003. The error reported is "you do not h...

Issue skiping characters by Regular Expressions searching Word
When using Regular Expression search using VBA script in Excel to search Word document, "-" character in the word document gets skiped (substituted with "" empty character). Here is the string in Word: <DE4.0><SWR4.4.l‑CE6:A> Here is the snipet of VBA code used: With Selector.Find .text = "\<DE?*^13" .Replacement.text = "" .Forward = True .Wrap = wdFindzz .Format = True .MatchCase = False .MatchWholeWord = False .MatchAllWordForms = False .MatchSoundsLike = False .MatchWild...

data form
Is there a way, with a data form, to allow the user to only input one record. For instance, I have a macro that opens the data form, uses "SendKeys" statment to start a new record. It then relies on the user to press Enter at the end of the record and then the close button to exit from the data form. Is there a way for it to close after they've entered the last field? TIA Steve You can't program the built-in data form, but you could build your own, or try John Walkenbach's Enhanced Data Form. http://j-walk.com/ss/dataform/index.htm Steve Simons wrote: > Is...

I want to relay
Exchange 2003 on Server 2003. I want to allow our external Linux machines to relay through exchange. How do I do this? TIA Eric In news:110C4AB3-CD03-4C8B-910A-CC4D3D4D4CF5@microsoft.com, Eric K <EricK@discussions.microsoft.com> typed: > Exchange 2003 on Server 2003. > I want to allow our external Linux machines to relay through exchange. > How do I do this? > > TIA > Eric Either allow their IP addresses to relay in the virtual SMTP server properties, or, if they can authenticate to the server, use authenticated relay, which is enabled by default. Add the IPs o...

Access Right Shift Issue
If I hold down the right shift in Access, an Accessability window pops up. I find that annoying, so I took the option to change the behavior. This created worse problems. How do I reverse it? I can't find it. Thanks THis newsgroup is for Excel questions. Maybe you will have better luck posting in an Access group. On Mon, 7 Feb 2005 15:35:01 -0800, "t0mg" <t0mg@discussions.microsoft.com> wrote: >If I hold down the right shift in Access, an Accessability window pops up. I >find that annoying, so I took the option to change the behavior. This >created wor...

#5.7.1 smtp;550 5.7.1 Unable to relay for Tester@contoso.com
Hey folks, Outlook 2003 with Exchange 2003 SP2. I started having this weird issue this morning. Users that we email multiple times a day, at ONLY one domain, all of a sudden started being unreachable, see error message below. No other emails to other domains had this issue. Just this one. Yet, after trying to resend the same exact email, they seem to have gone thru not 10 minutes later on the second attempt. Does anyone have any ideas? From: System Administrator Sent: Tuesday, January 02, 2007 10:42 AM To: Tester@contoso.com Subject: Undeliverable: Test Email Your message did not reach s...

Windows Vista upgrade to Windows 7
Hi all, I have a laptop bought in 2007 with Vista Home Premium version OEM in Italian. Now I live in Berlin and I saw in a shopfron a big chain theWindow 7 Home Premium Upgrade for only 89 €, instead of 129 €. But my worry is the following: with this upgrade, I will be able to chose the language, in order to have the OS in Italian, or it will be only in German? -- Thanks a lot in advance for your help. Ciao Franz Verga from Italy (now in Berlin) German "Franz Verga" <fra68ve@InVento.it> wrote in message news:OPhZgALdKHA.1156@TK2MSFTNG...