RE: Open Relay on exchange 2000

  • From: "Mark Fugatt" <mark@xxxxxxxxx>
  • To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
  • Date: Thu, 18 Sep 2003 13:25:12 -0400

Ahh, so it's the content filtering that was modifying the header, thanks,
its good to know these things.

Glad you have it all worked out.

Mark Fugatt 
MCT, MCSE, Microsoft Exchange MVP 
Pentech Office Solutions Inc 
Tel:  585 586 3890
Cell: 585 576 4750
Fax:  585 249 0316 
www.4mcts.com 
www.exchangetrainer.com 



-----Original Message-----
From: Allen, Chris [mailto:CAllen@xxxxxxxxxxxxxxxx] 
Sent: Thursday, September 18, 2003 1:07 PM
To: [ExchangeList]

http://www.MSExchange.org/

Yeah, it's a fortinet firewall/av/content filter appliance. We just switched
from MSISA to this as ISA was causing us no end of grief. We can live with
this issue now that open relay is closed off. Thanks for the inputs though. 

-----Original Message-----
From: Mark Fugatt [mailto:mark@xxxxxxxxx]
Sent: Thursday, September 18, 2003 12:20 PM
To: [ExchangeList]
Subject: [exchangelist] RE: Open Relay on exchange 2000

http://www.MSExchange.org/

Well, I just tested it via telnet and your not an open relay now, this is
very interesting, so your firewall is actually modifying the SMTP Header, so
its more than just a firewall right? 


Mark Fugatt
MCT, MCSE, Microsoft Exchange MVP
Pentech Office Solutions Inc
Tel:  585 586 3890
Cell: 585 576 4750
Fax:  585 249 0316
www.4mcts.com
www.exchangetrainer.com 



-----Original Message-----
From: Allen, Chris [mailto:CAllen@xxxxxxxxxxxxxxxx]
Sent: Thursday, September 18, 2003 11:56 AM
To: [ExchangeList]

http://www.MSExchange.org/

No. It is set up just like in your document and in the MS documents.
This is were my dilemma comes in. I have made the requested change that I
told you about however and have submitted to ordb for a retest. I will let
you know their results. All my other smtp traffic seems to be carrying on.
Though I do have a queue of over 9000 aol emails that can't seem to go out
now. :)

-----Original Message-----
From: Mark Fugatt [mailto:mark@xxxxxxxxx]
Sent: Thursday, September 18, 2003 11:46 AM
To: [ExchangeList]
Subject: [exchangelist] RE: Open Relay on exchange 2000

http://www.MSExchange.org/

And is the checkbox selected? 


Mark Fugatt
MCT, MCSE, Microsoft Exchange MVP
Pentech Office Solutions Inc
Tel:  585 586 3890
Cell: 585 576 4750
Fax:  585 249 0316
www.4mcts.com
www.exchangetrainer.com 



-----Original Message-----
From: Allen, Chris [mailto:CAllen@xxxxxxxxxxxxxxxx]
Sent: Thursday, September 18, 2003 11:45 AM
To: [ExchangeList]

http://www.MSExchange.org/

It is a *. 

-----Original Message-----
From: Mark Fugatt [mailto:mark@xxxxxxxxx]
Sent: Thursday, September 18, 2003 11:28 AM
To: [ExchangeList]
Subject: [exchangelist] RE: Open Relay on exchange 2000

http://www.MSExchange.org/

I would find it highly unlikely that your firewall is causing the problem, I
have never seen a firewall cause Exchange to relay.

On the SMTP Connector, is the address space * and do you have the "Allow
messages to be relayed to these domains" checked? 


Mark Fugatt
MCT, MCSE, Microsoft Exchange MVP
Pentech Office Solutions Inc
Tel:  585 586 3890
Cell: 585 576 4750
Fax:  585 249 0316
www.4mcts.com
www.exchangetrainer.com 



-----Original Message-----
From: Allen, Chris [mailto:CAllen@xxxxxxxxxxxxxxxx]
Sent: Thursday, September 18, 2003 11:22 AM
To: [ExchangeList]

http://www.MSExchange.org/

We do, but I have verified their settings as well. It looks like possibly it
is relaying because the firewall is passing its internal address as the
sender. One suggestion was to change "only the list below" with the internal
IP range to "All except the list below" and add the internal IP of the
firewall. I will give that a shot and let you know. If this is the solution,
feel free to add it to your article.

My IT team got this information from the following:
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=u9Q3
TwpeDHA.1760%40TK2MSFTNGP09.phx.gbl&rnum=1&prev=/groups%3Fhl%3Den%26lr%3
D%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dprevent%2Bopen%2Brelay%2Bexchange%2B20
00%2Bbehind%2Bfirewall



-----Original Message-----
From: Mark Fugatt [mailto:mark@xxxxxxxxx]
Sent: Thursday, September 18, 2003 9:57 AM
To: [ExchangeList]
Subject: [exchangelist] RE: Open Relay on exchange 2000

http://www.MSExchange.org/

Yes, you are indeed an open relay, unplug your Exchange server NOW, read my
article again and double-check all your settings, do you have any SMTP
Connectors? 


Mark Fugatt
MCT, MCSE, Microsoft Exchange MVP
Pentech Office Solutions Inc
Tel:  585 586 3890
Cell: 585 576 4750
Fax:  585 249 0316
www.4mcts.com
www.exchangetrainer.com 



-----Original Message-----
From: Chris Allen [mailto:callen@xxxxxxxxxxxxxxxx]
Sent: Thursday, September 18, 2003 9:40 AM
To: [ExchangeList]

http://www.MSExchange.org/

I have read the article on
http://www.msexchange.org/pages/article.asp?id=54 and Microsoft's knowledge
base articles (310380, 314734, and 304897) and verified through each of
these that my exchange server is not set up as an open relay.
However, ORDB.org ran a test on it and list it as such. When I found out
about this, I attempted to send an open relay message from outside my
network and was also able to do it. Any advise on how to stop open relay
beyond what was published in these articles? We put in a new firewall two
days ago (also the same day the site was submitted to ORDB) but I am not
sure how a firewall would open relaying when exchange has it turned off.
Any advise would be appreciated. Thanks in advance.

Chris Allen
Systems Administrator

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
mark@xxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')




------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
callen@xxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
mark@xxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')




------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
callen@xxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
mark@xxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
callen@xxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
mark@xxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')




------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
callen@xxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
mark@xxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

Other related posts:

  1. Home
  2. exchangelist
  3. Archive
  4. 09-2003