How to Verify an SMTP Virtual Server Is Not Set to Open Relay

 

To configure your SMTP virtual server to receive Internet mail, you must perform the following tasks:

  • Configure the inbound port as 25 and specify the IP address   Other servers on the Internet expect to connect to your SMTP virtual server on port 25. By default, all SMTP virtual servers use this port. For detailed instructions, see How to Verify the Inbound Port and IP Address.

  • Verify that your SMTP virtual server allows anonymous access   To receive Internet mail, your SMTP virtual server must permit anonymous access. Other servers on the Internet expect to communicate anonymously with your SMTP virtual server to send Internet mail to your users. For detailed instructions, see How to Verify an SMTP Virtual Server Is Configured to Allow Anonymous Access.

  • Verify that default relay restrictions are configured on your SMTP virtual server   By default, the SMTP virtual server allows only authenticated users to relay e-mail messages. This setting prevents unauthorized users from using your Exchange server to send e-mail messages to external domains. For detailed instructions, see the procedure below.

Procedure

To verify that your SMTP virtual server is not set to open relay

  1. In Exchange System Manager, in the Properties dialog box of the SMTP virtual server, on the Access tab, click Relay.

  2. In the Relay Restrictions dialog box (see the following figure), select Only the list below (if it is not already selected), click Add, and follow the instructions to add only those hosts that you want to allow to relay mail to the list.

    Note

    If you select All except the list below, unauthorized users might access your server to distribute unsolicited e-mail messages on the Internet.

    Relay Restrictions dialog box

    d3b391a6-0d86-4b12-ada8-a4cd0c63ee61

  3. Select Allow all computers which successfully authenticate to relay, regardless of the list above (if it is not already selected).

    This setting allows you to deny relay permissions to all users who do not authenticate. Any remote Internet Message Access Protocol version 4 (IMAP4) and Post Office Protocol version 3 (POP3) users who access this server will authenticate to send mail. If you do not have users who access this server through IMAP4 or POP3, you can clear this check box to prevent relaying completely, thereby increasing security. You can also designate a specific server for IMAP4 and POP3 users, and then clear this check box on all other Internet gateway servers.