Microsoft KB Archive/310380

= HOW TO: Prevent Exchange 2000 from Being Used as a Mail Relay in Windows 2000 =

PSS ID Number: 310380

Article Last Modified on 9/22/2003

-

The information in this article applies to:


 * Microsoft Windows 2000 Server

-



This article was previously published under Q310380



IN THIS TASK

 * SUMMARY
 * Requirements
 * Preventing the Exchange 2000 Server from Relaying E-mail Messages



SUMMARY
This step-by-step article describes how to prevent Exchange 2000 from being used as a mail relay. Note that the default Exchange 2000 configuration does not allow unauthenticated users to relay through the server.

Exchange 2000 provides full Simple Mail Transfer Protocol (SMTP) mail services. The Exchange 2000 SMTP server can be used to receive and relay e-mail messages to other Exchange 2000 servers on your network or to other SMTP servers on the Internet. Mail relay permits Exchange 2000 mail clients to send mail to users in other organizations. If mail relay is not permitted, the Exchange 2000 server can only receive and send mail for users in the same mail domain as the Exchange 2000 server.

When the Exchange 2000 server relays e-mail messages, the Exchange 2000 server can forward mail that is addressed to mail domains other than its own. This permits Exchange 2000 to forward mail to any internal or external network SMTP server.

There are dangers inherent in making an Exchange 2000 server accessible to Internet users. The Exchange 2000 server might be used as a mail relay by Internet users, which you do not want because unscrupulous users might forward mail to your Exchange 2000 SMTP server to distribute unsolicited commercial e-mail messages to large numbers of computers. This can have a severe adverse affect on available bandwidth for your Internet connection and might lead to your mail server being placed on &quot;black hole&quot; lists of open mail relays. If your server is placed on such a list, other mail servers may not accept mail from your domain.

back to the top

Requirements
For a user or computer to relay e-mail messages through an Exchange 2000 SMTP server, two conditions must be met:
 * The user or computer must be able to gain access to the Exchange 2000 server.
 * The Exchange 2000 server must be configured to relay e-mail messages to other domains.

If these conditions are not both met, the server does not relay e-mail messages.

back to the top

Preventing the Exchange 2000 Server from Relaying E-mail Messages
To prevent the Exchange 2000 server from relaying e-mail messages:
 * 1) Start Exchange System Manager.
 * 2) Expand the organization_name object, and then expand the Servers node. Expand the server_name object of the server on which you want to prevent mail relay, and then expand the Protocols node.
 * 3) Expand the SMTP node, right-click the virtual SMTP server on which you want to prevent mail relay, and then click Properties.
 * 4) Click the Access tab, and then click Relay.
 * 5) In the Relay Restriction dialog box, several options are available. The Only the list below option is turned on. By default, the list below this option is empty. The Allow all computers which successfully authenticate to relay, regardless of the list above option is also turned on. By default, this permits users and computers that can authenticate with the server to relay through the server. This option permits the Exchange 2000 server to relay mail from your internal network clients. Note that if you allow only anonymous access, the server cannot authenticate users or computers.
 * 6) Click Add. You can permit a single computer, a group of computers, or an whole domain to relay through the server by making the appropriate selection in the Computer dialog box.

Allowing access by IP address or domain name is helpful for users who do not authenticate with the Exchange server (for example, in an Internet service provider [ISP] implementation).

Click Cancel if you do not want to make any changes.
 * 1) In the Relay Restrictions dialog box, click OK.
 * 2) Click Apply, and then click OK in the Default SMTP Virtual Server Properties dialog box.

NOTE: By default, Exchange 2000 server is not open for Internet relay.

If the mail server continues to relay messages to external domains, it is possible the server has a connector for SMTP that allows relay. For additional information about how to prevent relay through an SMTP connector in Exchange 2000, click the following article number to view the article in the Microsoft Knowledge Base:

314734 Relay Restrictions on Default Virtual SMTP Server Are Not Working

For additional information about Exchange 2000 relaying, click the article numbers below to view the articles in the Microsoft Knowledge Base:

304897 XIMS: Microsoft SMTP Servers May Seem to Accept and Relay E-Mail Messages in Third-Party Tests

313395 HOW TO: Examine Relay Restrictions for Anonymous SMTP Connections and Filter Unsolicited E-mail Messages in Exchange 2000 Server

319356 HOW TO: Prevent Unsolicited Commercial E-Mail in Exchange 2000

324958 HOW TO: Block Open SMTP Relaying and Clean Up Exchange Server SMTP Queues on SBS 2000

back to the top

Additional query words: abuse, DSN, NDR, SPAM, UCE, open relay

Keywords: kbHOWTOmaster KB310380

Technology: kbwin2000Search kbwin2000Serv kbwin2000ServSearch

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© 2004 Microsoft Corporation. All rights reserved.