How to Verify Relay Restrictions on an SMTP Virtual Server

 

By default, the default SMTP virtual server allows only authenticated users to relay e-mail. The default setting is preferred because it prevents unauthorized users from using your Exchange server to send e-mail messages to external domains. The most secure relay configuration requires authentication for anyone connecting from the Internet and attempting to relay.

Bridgehead servers that are connected to the Internet and accept Internet mail must generally accept anonymous connections. However, by default, these bridgehead servers do not allow anonymous relaying. Enabling anonymous relaying is strongly discouraged. If you allow anonymous relaying, other users can use your server to send spam. Subsequently, this activity could cause other Internet servers to block list your server.

Before You Begin

Before you perform the procedure in this topic, read Connecting Exchange to the Internet.

The following permissions are required to perform this procedure:

• Member of the local administrators group and a member of a group that has had the Exchange View-Only Administrators role to view configuration, or the Exchange Administrators role to change configuration, applied at the administrative group level

Procedure

To verify relay restrictions on an SMTP virtual server

1. Click Start, point to Programs, point to Microsoft Exchange, and then click System Manager.

2. Expand Servers, expand <Server Name>, expand Protocols, and then expand SMTP.

3. Right-click Default SMTP Virtual Server, and then click Properties.

4. In Default SMTP Virtual Server Properties, click the Access tab.

   The Access tab in the Default SMTP Virtual Server Properties dialog box

   

5. Under Relay restrictions, click Relay to verify relay restrictions. The Relay Restrictions dialog box appears.

   Default relay restrictions in the Relay Restrictions dialog box

   

6. In Relay Restrictions, verify the following settings:

   • Verify that Only the list below is selected. To list only those hosts that you want to allow to relay mail, click Add, and then follow the instructions. If you click All except the list below, your server may appear to be a server that is a source of unsolicited commercial e-mail on the Internet.

   • Verify that the Allow all computers which successfully authenticate to relay, regardless of the list above check box is selected. This setting allows you to deny access to all users who do not authenticate. Any remote Post Office Protocol (POP) and Internet Message Access Protocol (IMAP) users accessing this server will authenticate to send mail. If you do not have users who access this server through POP or IMAP, you can clear this check box to prevent relaying entirely, thereby increasing security.