I'm going to continue the SPAM theme from my Tips N' Tricks post last week. SPAM (security in general) is a hot topic, so I think this information is well suited.
Those of you familiar with Microsoft Small Business Server 2003 (SBS) are most likely well acquainted with the numerous wizards it provides. These wizards were designed to help you complete everyday administrative tasks ranging from adding new users to configuring remote access. One wizard in particular is very powerful and must be run before SBS can be considered fully operational.
The Configure Email and Internet Connection Wizard (CEICW) provides a user-friendly interface to collect essential information needed to configure vital network infrastructure services. Out of consideration for this article’s intended audience, I won’t bore you with the nuts and bolts of the CEICW. Instead, here is a bullet list and brief description of the major wizard steps.
-
Internet Connection – Determines how your network connects to the Internet (dial-up vs. broadband)
-
Router – Sets up the connection to the router and if your router supports UPnP will configure port forwarding for the services you specify in the wizard
-
Firewall – Determines whether or not you want to enable the firewall and which applications you want accessible from the Internet.
-
Web Certificate – Creates a self signed SSL certificate to enable secure HTTP communications
-
E-mail – Configures Exchange server and its SMTP/POP3 connectors
As this bulleted list might indicate, the CEICW does a lot to get SBS up and running on the Internet. While it would be worthwhile to investigate each bullet individually, that is out of the scope of this document which is why we’ll zero in on the last bullet point – E-mail.
The E-mail section of the CEICW is where we tell SBS whether or not Internet e-mail is enabled and if so, how to send and receive it. Most of the settings in this step are fairly technical and if not configured properly can result in e-mail not being sent or delivered. You should talk to your ISP before changing any of this information.
Once you complete the E-mail section, the CEICW has all the information it needs to setup your server. You click the Finish button and watch in awe as SBS sifts through all the information you provided and does magic. The wizard finishes and you click Ok. You’re done! Right? WRONG!
What many people (IT consultants included) don’t realize is that every time you run the CEICW and CHANGE your e-mail configuration, your Small Business Server gets configured as an SMTP open relay. It’s important to note that you must CHANGE your e-mail configuration for this to happen. If you simply run the CEICW to reconfigure the firewall and do not change your e-mail configuration then problem will not occur.
For those of you unfamiliar with what an SMTP open relay is and why it’s bad, check out SpamHelp.org
So now that we know our problem and how it came about, let’s fix it.
-
Logon to your SBS either locally or remotely with an account that has Administrative rights.
-
Open the Server Management Console
-
Expand the following nodes in the left pane of the Server Management Console: Advanced Management > [Name of your Exchange Domain] (Exchange) > Servers > [Exchange Server Name] > Protocols > SMTP
-
Right-click on Default SMTP Virtual Server and click on Properties
-
Click on the Access tab
-
Click on Relay
-
Click on the entry in the list box that has an IP address of: 127.0.0.1
-
Click Remove
-
Click OK to close the Relay Restrictions dialog
-
Click OK to close the Default SMTP Virtual Server Properties dialog
NOW you’re done and don’t have to worry about SPAM being relayed through your server and all the negative consequences that entails.
Have a happy and safe 4th of July!
Take care,
Ryan J. Graham
President
Odyssey Computer Solutions, Inc.
www.odyssey-computers.com