Setting up email servers involves much planning and resources. One of the decision points in configuring email servers is that of deciding whether your server is to become a mail relay system. This will allow your Microsoft Exchange Server to forward email that it receives that is really intended for another domain. But there are problems that can happen when your Exchange server or one of your accounts on the Exchange server is setup to function as an open mail relay.

If your system has been configured as an open mail relay then outside email can be sent through your email server that can originate from both known and unknown users. In the early days, most email servers were set up as open mail relay server but now with the explosion of spammers, viruses and all the various methods to bring down exposed servers this practice of opening up your servers to the outside world have become less popular.

If your email server has not been configured correctly as a mail relay server then there will be obvious problems.

One of the hidden cost problems that can occur is that your email server might end up being blacklisted meaning that if your email server has been identified as a server that is a source for spammers email – even though your server is not the point at which spammer emails are created from – then your email server could be flagged on the network by other servers as an email server to deny email from. If your users begin to complain about their email not reaching their destinations then this might be a sign that your mail server has indeed been flagged as a server to avoid email communications with. Your Exchange Server will be added to the block lists of other email servers up and down the line. Another side effect of being an open mail relay is that the available bandwidth for your Internet connection could take a hit and your traffic could slow down considerably.

An email administrator can identity they are experiencing mail relay issues if one or more of the following symptoms occur:

• Logging shows receipt of non-delivery reports (NDRs) that contain error codes 5.0.0, 5.7.1, or 5.7.3.
• Email messages are no longer being sent or forwarded.
• You mail queues contain large numbers of unsolicited commercial email.
• Your Exchange server has been identified as an originator of unsolicited commercial email.
• The Application log contains one or more of the following events:

Event Type: Warning
Event Source: MSExchangeTransport
Event Category: SMTP Protocol
Event ID: 1710
Computer: Computer_Name
Description: An SMTP client authenticated as user “NT AUTHORITYANONYMOUS LOGON” attempted to send as ” User.one @ domain.edu “. Access was denied because the authenticated client does not have permission to Send As this SMTP address. Data: 0000: 05 00 07 80 …?

Event Type: Error
Event Source: MSExchangeTransport
Event Category: SMTP Protocol
Event ID: 7004
Date: Date
Time: Time
User: N/A
Computer: Computer_Name
Description: The description for Event ID ( 7004 ) in Source ( MSExchangeTransport ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: 1, 1, from, helo, 571 from IP Address We do not relay from you. ,HELO Domain_Name.com You will find mail stuck in the Remote Delivery queue to a remote domain, and the event log does not give you any details on the remote domain name. If you telnet to the remote domain on port 25, you will find that the connection is dropped immediately with the same error in the above event log entry: 571 from IP Address We do not relay from you.

Date: Date
Source: MSExchangeTransport
Time: Time
Category: (3)
Type: Warning
Event ID: 4001
User: N/A
Computer: Computer_Name
Description: Message delivery to the remote domain ‘Mail.Example.Com’ failed. The error message is ‘An SMTP protocol error occurred’. , MAIL, 550 Mail from dial-up rejected; see http://mail-abuse.org/dul/enduser.htm or contact Example helpdesk at. Data: 0000: d7 02 04 c0

Date: Date
Source: MSExchangeTransport
Time: Time
Category: (3)
Type: Warning
Event ID: 4001
User: N/A
Computer: Computer_Name
Description: Message delivery to the remote domain ‘Mail.Example.Com’ failed. The error message is ‘An SMTP protocol error occurred’. , MAIL, 550 5.7.1 Mail from Ip_Address refused by blackhole site dialups.mail-abuse.org. Data: 0000: d7 02 04 c0

An email administrator can resolve this open mail relay issue by returning the mail server to its non-open mail relay server status by reconfiguring the mail server settings. After that step, then an administrator will need to contact other Exchange server administrators to get their newly reconfigured mail server removed from the block lists.

If an administrator wishes to prevent other upstream hosts from forwarding email to their server then in the configuration settings they can check the checkbox, “Allow upstream relay hosts only”. Authenticated relays should still work in this situation.