Hi, I have a exchange server 2010 with HUB, CAS and MBX on the same box. No Edge or filtering solution ahead of exchange. Anti Spam Installed on the server. My server is open relay and I can see that on mxtoolbox.com. Only two recieve connector (client and default) which have 0.0.0.0 to 255.255.255.255 on "recieve emails from...". Only Exchange user and Exchange server allowed on recv. connector. Did I miss anything?

Everything is Perfect !! Hoping you are having a firewall and not exposing your CAS Server to the Public. Which is not Recommended

Out of the box Exchange is not an open relay, so if it is reporting as one, something has change. Can you telnet to the box on port 25 and send a message as a relay? telnet yourserver 25 ehlo foo.bar mail from:foo@bar.com rcpt to:openrelay@somedomain.com If the response to the recpt to: command is 250k that would be bad. If it is 550 relaying denied, that would be what you want. On your authentication tab which boxes are checked?

Hi, plaese make sure that you configure your default receive connector only to accept mails from your ISV without authentification. Because if you open TCP/25 then everyone is able to use your Server in order to send SPAM. The result is, that your server will be blacklisted in the future and some other mailserver do not accept messeages your users send. The client Receive connector should be configured that only autehnticated Exchange Users are able to connect to Port TCP/587 and Send Mails. But if you configure your Receive Connectors this way everything is fine although it will be a good idea to implement a Mailgateway such as Edge Transport or some other Solutions. regards Thomas Paetzold visit my blog on: http://sus42.wordpress.com

I was able to drop email on my Gmail account from telnet and I am sure its an open relay. In the Auth. Tab 1. Default connector: TLS and Externally secured is checked. 2. On client : TLS,Enable Domain Security, Basic Auth, offer basic auth. , Exch server Auth. Not sure how can I stop this without using any Edge or smart host. My MX is directly pointing on the server.

"Externally secured " should NOT be enabled. That is what has made your server an open relay. You do not need to have an Edge server to secure Exchange. Why did you enable that option? Disable it and restart Exchange Transport Service. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.

"Externally secured " should NOT be enabled. That is what has made your server an open relay. You do not need to have an Edge server to secure Exchange. Why did you enable that option? Disable it and restart Exchange Transport Service. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.

Try below link http://alanhardisty.wordpress.com/2010/07/12/how-to-close-an-open-relay-in-exchange-2007-2010/ Girishp

Externally secured shld not be checked. Close this and all will be fine.Raj