Uncheck 'All except the list below' and select 'Only the list below' Click on 'Add' and specify only your internal IP subnet(s) and any other approved machines for relay purposes. This should lock you down. Basically, the 'All except the list below' allows anyone to to relay off of your SMTP server. -----Original Message----- From: William Holmes [mailto:wtholmes@xxxxxxxxxxxxxx] Sent: Monday, May 03, 2004 4:01 PM To: [ExchangeList] Subject: [exchangelist] Exchange Relay http://www.MSExchange.org/ Hello, On an Exchange 2003 system I have configured the SMTP virtual server in the following way: Authentication: Anonymous access. Connection: All except the list below, with no computers listed in the access list. Relay Restrictions: Only the list below, with my local subnet added to the Access List and the Alloqw all computers which successfully authenticate to relay Checkbox is cleared. With this setup any host should be able to send mail to my domain, but no one should be able to relay through my server. However it is still possible to relay. Any ideas on what my be going wrong? Thanks Bill ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------