Stop Exchange 2000 relaying mail
An open mail relay is any mail server that can be used by an outside party to send mail. This is how a great many spammers do their dirty work: They find an open mail relay, connect to it, send their spam and then abandon the relay for another one. Being used as a spam relay is bad enough, but it's even worse if you get blacklisted by a database like ORDB (see
In some cases, you may want to make Exchange 2000 available to the outside world for authorized users. However, you'll want to do this in a way that doesn't allow Exchange to be used as a spam relay. To do this, you should follow these steps:
- Open the Exchange System Manager, go to the SMTP server you're configuring, right-click on it and select Properties.
- Select the Access tab, then select Relay.
- In the Relay Restriction dialog box, there are several options for choosing how to allow relaying from clients:
Only the list below. The list is empty by default. If you want to add specific computers or domains to this list, you can do that; this option is probably best if you want to only allow machines internal to your organization to relay. To add to this list, click the Add button and type either a single IP address or a domain name.
Allow all computers which successfully authenticate to relay, regardless of the list above. Use this option and any computer, inside or outside your organization, that can contact and authenticate with the server can relay mail. This is useful if you have people who work outside the in-house network and need to relay mail through your server. For instance, if you have rules applied about outgoing mail, or you want all outgoing mail from your organization to have consistent headers (which is a good way to avoid being branded a spammer), you can use this method. "Authentication" means that anyone who sends mail through the server needs to provide a valid username and password before he or she can send.
- When done, click OK on all Properties pages to close them out and save your settings. You don't need to restart the Exchange services for this to take effect.
Serdar Yegulalp is the editor of the Windows 2000 Power Users Newsletter.
This was first published in April 2002