It's the testing one. Not the one that puts people on the list
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Winzenz Sent: Thursday, June 26, 2003 12:01 PM To: Exchange Discussions Subject: RE: Not Open Relay, but... <boggle> You tested someone else's domain at abuse.net without permission? You do realize that if it would have failed other tests, they get put on RBL's? Not a move I would have made. Yikes. - Ben Winzenz Network Engineer Gardner & White (317) 581-1580 ext 418 ----Original Message----- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Posted At: Thursday, June 26, 2003 12:19 PM Posted To: Exchange (Swynk) Conversation: Not Open Relay, but... Subject: RE: Not Open Relay, but... I tested it using abuse.net's relay test. It looks like your good for not being an open relay. So my opinion is that you just have a spammer who's trying to mine for address in your company. From what I understand, there's a new program going around the spammer world, that bruteforce guesses e-mail address and collects the NDR's from that domain to determine what's legit and what isn't. My advise would be for you to trace back the IP address he's using and put it in your host.deny file. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Woods, Tony Sent: Thursday, June 26, 2003 9:58 AM To: Exchange Discussions Subject: RE: Not Open Relay, but... Importance: High I've tested via telnet and from home using Outlook Express and it always replies with 550 so I think I'm good there. Just the amount of mail is insane. I came in this morning at there's over 10,000 in the IMS Queue. I guess eventually it will slow down... Thanks to all. Cheers, Tony -----Original Message----- From: Dave Mills [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 5:28 PM To: Exchange Discussions Subject: Re: Not Open Relay, but... For #3, what you are seeing is spammer trying to find valid addresses @dfg.com by simply guessing addresses and trying them, your best bet would be to turn off the notification on your IMS for "E-mail address could not be found". For #2, yes they will sit in the queue until they are delivered or just time out. For #1, are you sure you're not an open relay? See http://www.msexchange.org/tutorials/Preventing_Third_Party_Relaying_In_M S_Ex change_Server_55.html. - Dave ----- Original Message ----- From: "Woods, Tony" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Wednesday, June 25, 2003 5:00 PM Subject: RE: Not Open Relay, but... > Hi John, > > Is this in response to my question #3? If so, does everyone receive > over 2000 messages every hour in the 'Admin' mailbox with a subject > line of > 'Notification: Inbound Mail Failure"? I understand getting some but over > 2000 an hour? Each of these messages is addressed to [EMAIL PROTECTED] or > whatever. It's just random letters in front of the domain name @dfg.com and > there's just a ton of them. Thanks for any ideas, all. > > Cheers, > Tony > > -----Original Message----- > From: John Strongosky [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 25, 2003 3:46 PM > To: Exchange Discussions > Subject: RE: Not Open Relay, but... > > > NDR's (non-delivery reports) from spammer's probably. > > -----Original Message----- > From: Woods, Tony [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 25, 2003 3:23 PM > To: Exchange Discussions > Subject: Not Open Relay, but... > > > Hello, > > NT 4 SP6a and Exchange 5.5 SP4. Domain in question is DFG.com > > I've just taken over a site's Exchange server and have noticed > something strange. It's been sometime since I had to play with > Exchange this deep but > the Queues on my IMS keep filling up with 1000's of emails. We're not > an Open Relay that I can tell (I've tested) but there's just a ton of 'Outbound > Message Awaiting Delivery' with originator <> and Destination Host of > different .com's. There is a ton of Inbound Mail Failures in the > 'Admin' mailbox for delivery failures as well. My three questions are: > > 1) Are these messages that are trying to relay but failing? > > 2) If so, are they just going to sit in the Queue for the default > time? > > 3) For the Inbound Mail Failures, a lot of them are going to bogus > addresses like [EMAIL PROTECTED] or [EMAIL PROTECTED] Where are these all > coming from? > > Thanks in advance. > > Cheers, > Tony > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang > =english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang > =english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang =english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
