Please someone kindly help me. This msg was posted 2 days
ago but the problem still can't be fixed. Please read the
following re-post. Thanks.
My Exchsrv 5.5 was identified as Open Relay server by
several anti-spam services. I tried many ways to fix this
problem by following Paul Robichaux's article
url=/technet/security/mail/excrelay.asp), but all failed
to stop relaying. Even I turned off all relays by
selecting "Do not reroute incoming SMTP mail" on Routing
tab (of course each time I remembered to stop and restart
IMS), the server still keeps relaying endlessly (can be
checked in the Event Viewer/Application Log. I have to
stop IMS currently.
In addition, according to Paul Robichaux's article, I
enabled (checked) "Hosts and clients that successfully
authenticate" and "Hosts and clients with these IP
addresses" and added relevant IP addresses in the box.
However, the mail can't be sent out to the outside domains
from any authenticated user or the computer with relevant
In short, currently all internal mails can't be relaid to
the outside domains but the spamming massages still keep
passing through the server!
--- Response by JS ---
Internet Mail Service.Quote:>-----Original Message-----
>Echange admin > IMS > Routing Tab > Routing Restrictions
> check the "Hosts
>and Clients Connecting to These Internal Addresses"
>Don't put any IP's in here. Close it and stop and start
>To test this...telnet into Port 25 of your server and
issue the following
>Telnet 100.100.100.100 25 (substitute the IP of your
>(you should get helo back)
>(this doesn't matter, it's just simulating an outside
>(insert a valid email address from your domain....you
>Now to see if you're locked down ....issue another rcpt
>(this is a bogus address not affiliated with your
--- Response by rhu -------Quote:>relaying denied.
>Hope this helped. Good luck
Thanks for your advice. Done per your instruction. Tested
with telnet commands you suggested and everything looked
OK. However, the server is still busy delivering spam
messages in mass volume. I checked the Event
Viewer/Application Log. After clearing all records, it'll
be full in a few minutes! Huge amount of spam mails are
still passing through!
Now all relay are prohibited. I can't even send out this
message via the server, but the server is still busy to
deliver spam mails from the outside!
Please HELP. THANKS!