Open relay issues

Thu, 04 Sep 2003 20:26:18 -0700 

Okay, I'm still looking through the archives and stuff, but it's late, so I'll post 
this before I call it a night.
 
Client has a server that suddenly shuts down.
 
I reboot and troubleshoot, to find literally TENS OF THOUSANDS of items in the badmail 
folder. All dated within the last two or three days. The server had shut down because 
the drive ran out of space.
 
So I clear that up and start nosing around......
 
I check for open relay (telnet), and can't find any problem. I start to think maybe 
this is a SoBig.F issue, until I read some of the NDRs.
 
Within fifteen minutes, badmail starts to accumulate again. I look further, and see a 
connection in the OPEN SESSIONS section of System Manager. I kill the connection after 
jotting down some details. Queues are just jammed full of crap - Viagra ads, etc.
I clear this out again, along with badmail, and start watching. Sure enough, a short 
time later, someone from the same IP subnet connects and it starts all over.
I look through a ton of articles on open relay, and everything checks out. Then, I run 
this test: http://tools.appriver.com/openrelay.php 
<http://tools.appriver.com/openrelay.php>  which basically tries to relay using 
various combinations of addressing formats.
Test #14 fails
Test #16 fails
Test #28 fails
#14 uses a rcpt to format of 
RCPT TO: <"[EMAIL PROTECTED]"> 
Notice the quotes.
#16 uses
RCPT TO: <"relaytest%appriver.com"> 
Notice the quotes and the %
#28 uses
RCPT TO: <appriver.com!relaytest> 
notice the format there.
 
I manually tried each on via telnet against the server. Sure enough, the server 
doesn't complain. But every one bounces back with an NDR complaining about the 
recipient address. So my belief is that they're attempting one (or more) of these 
methods, and all of them are bouncing, causing the badmail problem.
 
My question is, how do I close this hole? Server is Win2k SBS SP4, E2k SP3. Connection 
is firewalled T1.
 
Any help would be greatly appreciated. Thanks!
[EMAIL 
PROTECTED])j�%��\�o܂&��r�+)���z��r���^�٨u�Z���X��:.�˛���m隊[h��y�\���z[,�)�r����Z����Zvh��+-i٢��2�G(

Reply via email to