How To Close An Open Relay In Exchange 2007 / 2010

If you have an Exchange 2007 or Exchange 2010 server and you discover that you are an Open Relay, there is a very simple command that you can run from the Exchange Management Shell to close this down.

The command is:

Get-ReceiveConnector “YourReceiveConnectorName” | Remove-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “ms-Exch-SMTP-Accept-Any-Recipient”

Replace “YourReceiveConnector” with the name of your Receive Connector and then run the command.

To test if you are an open relay, you can visit MXToolbox or Mailradar.

If you want to check to see if you are allowing “ms-Exch-SMTP-Accept-Any-Recipient” on any Receive Connector for Anonymous Users, run the following command from the Exchange Management Shell:

Get-ReceiveConnector | Get-ADPermission | where {($_.ExtendedRights -like “*SMTP-Accept-Any-Recipient*”)} | where {$_.User -like ‘*anonymous*’} | ft identity,user,extendedrights

08/04/2014 Update – If you still have a problem after modifying your receive connector(s) accordingly, please make sure you or someone else hasn’t installed the SMTP Service on the Exchange Server.  I was emailed about such a problem with an Exchange 2010 server the other day and the having stopped ALL of the Exchange Services the server was STILL an Open Relay.  With a quick NETSTAT command to see what was listening on port 25, I soon discovered the SMTP service was present and enabled.  Having disabled the service and restarting all the Exchange Services, the Open Relay problem disappeared immediately.

Advertisements

Apple iOS4 Issues with iPhone 4 / 3Gs / 3G and Exchange

If you have a new iPhone 4 or have upgraded our old 3Gs / 3G iPhone to the latest OS (iOS4) and you use Exchange to push mail to your device, please visit the following page from your iPhone (using Safari) and click on the link to download and install a patch for your phone that should help ease the burden on the Exchange server you are connecting to: