Hello everyone,
I am a newbie and wanted to ask here how I can get a newly installed mail server (exchange 2019) under control. It is currently sending and receiving so tightly that the CPU is at 100 %. Memory and network are also very busy.
I have a Sophos XG106 firewall in front of it.
How can I get the problem under control?
Hello,
This looks like an open relay - i.e. your Exchange server is a spam slinger. Please check the receive connectors with the following Powershell command:
get-ReceiveConnector | Get-ADPermission -User "NT-AUTHORITY\ANONYMOUS-ANMELDUNG" | ft Identity,extendedrights -AutoSize
whether the SMTP Connector for the Internet (port 25) has the following rights (ExtendedRights):
1) ms-Exch-SMTP-Accept-Any-Recipient
2) ms-Exch-SMTP-Accept-Authoritative-Domain-Sender
The first right turns your Exchange into an Open Relay. The second enables external mails under your mail domain (an Exchange mailbox) to be delivered to an Exchange mailbox. The sender therefore pretends to be an Exchange mailbox user. Delete both rights for the Internet / SMTP Connector:
Get-ReceiveConnector "" | remove-ADPermission -User "NT-AUTHORITY\ANONYMOUS-ANMELDUNG" -ExtendedRights ms-Exch-SMTP-Accept-Any-Recipient,ms-Exch-SMTP-Accept-Authoritative-Domain-Sender
Then you can use MXToolBox check whether there is an open relay (SMTP test). Also check via "Blacklist Check" whether your server is being yellow-listed as a spam slinger. Is the Exchange Mail Server connected directly to the Internet or is there an MTA in front of it for spam filtering? If not, then my recommendation would be to put an MTA in front of it. You can also book a spam filter as a cloud service from various providers.
@exsus Thanks for the good advice, I will try it out in the coming days. The Exchange runs as HyperV on a physical server and I have a Sophos XG 106 firewall in front of it. I want to activate the greylist on this.
