Need help with SMTP server in IIS 6

[convertasam]

Hi there,

I'm new to the forum and am seeking help with an on going issue that has plagued my company's e-mail server for way too long. We're currently victim of a Taiwanese hacker group that is using our server to relay spam e-mail. Up until a few weeks ago I had no idea how to prevent them from using our server for relay and still keep my users able to e-mail from their company e-mail addresses.

The day before last I started changing the configuration on the server to require a username and password for outbound messages using basic authentication. I created a user, applied the password, and configured outlook correctly. When I tried to e-mail a message using outlook I received a 550 cannot relay for such and so. Worse yet is all my users are getting a 550 cannot relay. What can I do to let all my users e-mail from home and not have the spammers muck up my server?

[fizban2]

sam,

how is your email system setup? is it exchange? what version? is it a front end - backend solution? we w ould need to know some of these thigns to help more

to take of your initial issue of, you need to turn off the authentication, set the smtp server to authenticate anonymous. to send and receive email from the internet, you need to have the smtp server that connects to the internet set with anonymous access

By default, SMTP virtual servers are configured to relay outbound messages sent from authenticated users and to relay incoming messages sent to the private domain. If you allow more open relaying, your server might be used as a spam relay where messages sent from the Internet are relayed through your server to other Internet hosts. check your Virtual SMTP server for settings about open relay (sorry can't think of exactly where it is atm) but open relay should be off (this allows spammers to use your mail server to router though)

[convertasam]

It’s the virtual SMTP server that comes with IIS 6.0.

[fizban2]

ok same rules apply,

go into IIS, go to the Virtual SMTP connector, got to properties, go into the access tab, here under relays it should be set to allow only the list below and the check box below should be checked click on the authentication button and uncheck basic and intergrated authentication if they are selected. this should take care of the issue, if you are still getting spam routed through it, under connections on the access tab you can deny access to it to the IP{ of the spam server they are sending from, or the domain it is coming from