Relay prevention on the Exchange server
How can I prevent Exchange 2003 from relaying? Or is relaying prevented by default?
Exchange Server 2003 and even Exchange 2000 Server have relaying turned off in a manner of speaking. Each Exchange 2000/2003 server has a SMTP Virtual Server that can be viewed/configured in the Exchange System Manager. The relay restrictions are set on the Access property tab of the Default SMTP Virtual Server. The default is to not allow anyone to relay. However, there is an exception to this rule. The "Allow all computers which successfully authenticate to relay, regardless of the list above"
checkbox is enabled. This is on by default to allow POP3 and IMAP4 clients with valid computer accounts in the domain/forest to send mail to your Exchange servers. This also reduces administrative overhead when an e-mail based application server is added to the domain/forest.
If you do not have IMAP4 or POP3 clients or you do not mind the additional overhead of manually adding entries for e-mail based applications servers, then you can go into each of your default SMTP virtual servers (one per Exchange server) and disable this checkbox.
Do you have comments on this Ask the Expert question and response? Let us know.
This was first published in February 2005