Chris, I have been fighting the same problem for the past few days, and so far, simply unchecking the "Allow all computers..... " has not done it for me. I thought that at the end of the day I had it solved, however, this morning I walked into more NDR's than I wanted to see, all indicating that the relaying was still happening. I checked the server settings one more time to make sure that this was unchecked, and it was. If anyone has other suggestions (yes I am convincing my boss that we need stronger pswrds) to stop the relaying, please let me know! Thanks and Good luck Chris, Ken -----Original Message----- From: Allen, Chris [mailto:CAllen@xxxxxxxxxxxxxxxx] Sent: Friday, September 26, 2003 9:54 AM To: [ExchangeList] Subject: [exchangelist] RE: Relaying question http://www.MSExchange.org/ The problem is, I need to allow relay internally. I have various custom apps that the users need to email a client upon completion of a workorder. They each do over 500 a day and automation is the only way to do this effectively. So, if I shut off the checkbox in question, will the internal IPs still be able to relay? -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Friday, September 26, 2003 9:50 AM To: [ExchangeList] Subject: [exchangelist] RE: Relaying question http://www.MSExchange.org/ Hi Chris, Yes. If you don't allow relay, then the server will not relay. You can also do other things like prevent the machine from resolving Internet host names (just for fun). HTH, Tom Thomas W Shinder <http://www.isaserver.org/shinder> www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: <http://tinyurl.com/1llp> http://tinyurl.com/1llp -----Original Message----- From: Allen, Chris [mailto:CAllen@xxxxxxxxxxxxxxxx] Sent: Friday, September 26, 2003 8:34 AM To: [ExchangeList] Subject: [exchangelist] Relaying question http://www.MSExchange.org/ Per SpamCop and SpamHaus, "Spammers are taking advantage of weak passwords on systems using smtp/auth and brute force finding name/password combinations that work and then sending spam thru these servers. There are various characteristic footprints for this and one of them is the use of a "from" address of the format bluestallnn@some legit ISP and the "nn" iterates in each successive spam. bluestelllf@xxxxxxx bluestellpg@xxxxxxxxxxx bluestelluf@xxxxxxxxx " My question is this, if I uncheck "Allow all computers which successfully authenticate to relay, regardless of the list above", will this effectively stop brute force attacks on weak passwords as far as exchange is concerned and what will this break? I am also taking measure by blocking their entire block of IPs. The ranges are as follows: 211.158.32.0/20 211.158.48.0/21 211.158.80.0/20 219.153.144.0/20 ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSExchange.org Discussion List as: callen@xxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSExchange.org Discussion List as: kmorris@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')