-1

I have an Exchange 2013 server which was a victim of spam infiltration, and the exchange server was being used as an open relay for unauthorized users (and domains) to remotely send spam. I have done research and was unable to find any detailed tutorials on exactly how Frontend Receive connectors should be to prevent open relay.

My setup:

  • Exchange Server 2013: One server that holds all exchange roles and mailboxes with a single database.
  • A single static IP from Comcast: xx.xx.xxx.221
  • Users: We want all domains outside of the Exchange organization on the internet to be able to send emails to us and receive it in our organization. We also want to be able to send emails to any domain as well.
  • Using default connectors: We are using the default connectors created with the deployment of Exchange 2013. Anonymous users is turned on for authentication.
  • The Exchange Server is a part of an active directory domain corp.example.com and users' email address will be alias@example.com.

What are the appropriate ranges to put so that my Exchange Server does not become an open relay server for spam? So far I have xx.xx.xxx.221-255.255.255.255, but I believe this may not be entirely right.

In addition, when I turn off Anonymous Users emails from outside the Exchange organization are not received by any users who have mailboxes within the organization. I assume anonymous users should remain off to prevent open relay, but I'm not sure why mail can't be received when requiring authentication.

Kevin
  • 13
  • 4
  • `Using default connectors`. No you're not as there is no default send connector created with exchange 2013 deployment. Take a look at the following page it will explain what you need to do http://www.mustbegeek.com/configure-exchange-server-2013-to-send-and-receive-outside-email/ – Drifter104 Aug 24 '15 at 22:49
  • @drifter104:Yes. In Microsofts documentation it reflects that the receive connectors are created by default. – Kevin Aug 24 '15 at 23:10
  • yes the receive connector is configured by default but not the send connectors – Drifter104 Aug 25 '15 at 08:09
  • When you assume, you make an ass out of u and me. Hint: you need to leave anonymouse access enabled and ensure you only accept email for your domain. 'Accepted domains'. – BlueCompute Aug 25 '15 at 10:48
  • @BlueCompute: Yes. That I have done as you directed. The problem is that I have a large amount of spam being sent out from my server (large amount of NDRs in the queue). I being told that it's because it's an open relay. I want to allow users to send an receive emails, but avoid open relay and spam. – Kevin Aug 25 '15 at 18:22
  • So only accept email for your domain. Or even better, hire an IT professional to set up your Exchange server properly. – BlueCompute Aug 26 '15 at 09:24

1 Answers1

0

I highly doubt that you're open-relay, unless you have adjusted the default settings. By default, Exchange 2013 installed as not open-relay. Perform the required check here.

Reset all the settings performed in the receive connector using this guide.

[PS] C:>Get-ReceiveConnector | fl Name,AuthMechanism,RemoteIPRanges,TransportRole,permissiongroups,MaxMessageSize

Name : Default EX2013 AuthMechanism : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer RemoteIPRanges : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255} TransportRole : HubTransport PermissionGroups : ExchangeUsers, ExchangeServers, ExchangeLegacyServers MaxMessageSize : 35 MB (36,700,160 bytes)

Name : Client Proxy EX2013 AuthMechanism : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer RemoteIPRanges : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255} TransportRole : HubTransport PermissionGroups : ExchangeUsers, ExchangeServers MaxMessageSize : 35 MB (36,700,160 bytes)

Name : Default Frontend EX2013 AuthMechanism : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer RemoteIPRanges : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255} TransportRole : FrontendTransport PermissionGroups : AnonymousUsers, ExchangeServers, ExchangeLegacyServers MaxMessageSize : 36 MB (37,748,736 bytes)

Name : Outbound Proxy Frontend EX2013 AuthMechanism : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer RemoteIPRanges : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255} TransportRole : FrontendTransport PermissionGroups : AnonymousUsers, ExchangeServers MaxMessageSize : 36 MB (37,748,736 bytes)

Name : Client Frontend EX2013 AuthMechanism : Tls, Integrated, BasicAuth, BasicAuthRequireTLS RemoteIPRanges : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255} TransportRole : FrontendTransport PermissionGroups : ExchangeUsers MaxMessageSize : 35 MB (36,700,160 bytes)

Navigate to accepted domains, validate that appropriate domains are indicated there. Configure send connector.

Vick Vega
  • 2,398
  • 16
  • 22
  • I think I might be dealing with a separate issue then. I have a large number of NDRs when I got to look at the Exchange Server queue in Exchange Toolbox. It was filled with domains that didn't appear usual to me. Additionally, there were tons of messages attempting to be sent. – Kevin Sep 16 '15 at 16:07
  • Depends on the amount of traffic your Exchange server receives, you might want to configure additional protection. Google: "Anti-spam and Anti-Malware protection in Exchange 2013". Check the article on msgexchange.com8 – Vick Vega Sep 16 '15 at 16:11