Exchange 5.5, Stopping Open Relay, Configuring Relaying

Exchange 5.5, Stopping Open Relay, Configuring Relaying

Post by Jay McMick » Tue, 16 Dec 2003 02:37:26

I have a Win2k Server within a NT4 environment running
Exchange 5.5, SP4. Currently, it's being black listed,
and allows relaying through it. I have found multiple
articles on how to stop this and implemented these
suggestions. However, none of them work. I have even
gone as far as installing a Second Exchange Server, point
my MX record to it, and relay through it to my actual
exchange server. However, through multiple
configurations, the emails either get stuck or get a "Host
Unreachable" on one of the two servers. Can anyone give
me some documenation on how to allow the email server
(Relay Server) to allow only incoming mail for my domain
only, therefore, disallowing my server as an open relay on
the Internet?

Jay McMickle
Network Operations, Team Lead

Exchange 5.5, Stopping Open Relay, Configuring Relaying

Post by suppor » Wed, 17 Dec 2003 07:16:14

We've had the same problem with one of our mail servers.
A long search on the internet has resulted in the
following weakness in Exchange 5.5 :
When you limit access to a particular domain name
( then only the utmost right part of the
domainname is verified. That means that all mail being
sent to lets say XXXX@XXXXX.COM will also be
accepted, thus leaving the server open as a relay server
for spam.
So far, I'm still looking for a solution to this problem.
If anyone can help me, pleas notify on XXXX@XXXXX.COM

a "Host


Exchange 5.5, Stopping Open Relay, Configuring Relaying

Post by valt » Thu, 18 Dec 2003 12:29:44


Setting the entry to in Exchange 5.5 allows all mail in the
'' namespace to be accepted.

The following article explains the use of a '' to explicitly
define a domain, which should assist with your issue.

259531 XFOR: How to Configure SMTP Relay for Domains and Subdomains

Val Tuckett
Microsoft PSS

This posting is provided 'AS IS' with no warranties and confers no rights.
Please do not send email directly to this alias. This alias is for
newsgroup purposes only.