You may be relaying spam even though all of the popular tests say you relay safe. How? Spammers are getting pretty darned clever and have noticed that Microsoft SMTP will allow relaying from authenticated users regardless of the "relay" settings. I've tried turning off the "allow authenticated users to relay" check box, but something appears to be turning it back on. All of the Exchange docs I've seen claim that it has to be checked. Why? I don't need authenticated users relaying mail...
Anyway, KB article 324958 has a procedure for cleaning up and for checking if you are being used for authenticated relaying. -----Original Message----- From: Louanne Fournier [mailto:[EMAIL PROTECTED] Sent: Monday, October 06, 2003 1:08 PM To: Exchange Discussions Subject: RE: Am I relaying I have all bad mail forwarded to my address. This morning when I arrived I saw 18000 messages in my badmail folder. These were all going to external addresses and were coming from external addresses. I was getting the ndrs in my badmail folder. If I am not relaying why would they attempt to send so many. Wouldn't they see I was not relaying and not try to send through me? My immediate thought when I saw this was I must have some how been hacked and they figured out a way to relay. How can I look at these messages to determine if they have been delivered? I can look at the options of the message and get the message ID and then track through message tracking but not sure if this is the best method. Louanne Fournier, CCNA, MCSE Technical Analyst (905) 319-8378 Ext. 240 FAX (905) 319-8397 www.nexterna.com NEXTERNA E-MAIL CONFIDENTIALITY NOTICE This transmission is intended to be strictly confidential. If you are not the intended recipient of this message, you may not disclose, print, copy or disseminate this information. If you have received this in error, please reply and notify the sender (only) and delete the message. Unauthorized interception of this e-mail is a violation of federal criminal law. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ed Crowley Sent: Monday, October 06, 2003 1:44 PM To: Exchange Discussions Subject: RE: Am I relaying It appears that you are relay secure. 220 exch01.canada.nexterna.com Microsoft ESMTP MAIL Service, Version: 5.0.2195.5 329 ready at Mon, 6 Oct 2003 13:41:45 -0400 helo ejc2.pacbell.net 250 exch01.canada.nexterna.com Hello [216.103.85.85] mail from:[EMAIL PROTECTED] 250 2.1.0 [EMAIL PROTECTED] OK rcpt to:[EMAIL PROTECTED] 550 5.7.1 Unable to relay for [EMAIL PROTECTED] quit 221 2.0.0 exch01.canada.nexterna.com Service closing transmission channel Connection to host lost. C:\Documents and Settings\EJC2> Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Louanne Fournier Sent: Monday, October 06, 2003 10:36 AM To: Exchange Discussions Subject: RE: Am I relaying Mine? Nexterna.com. Louanne Fournier, CCNA, MCSE Technical Analyst (905) 319-8378 Ext. 240 FAX (905) 319-8397 www.nexterna.com NEXTERNA E-MAIL CONFIDENTIALITY NOTICE This transmission is intended to be strictly confidential. If you are not the intended recipient of this message, you may not disclose, print, copy or disseminate this information. If you have received this in error, please reply and notify the sender (only) and delete the message. Unauthorized interception of this e-mail is a violation of federal criminal law. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ed Crowley Sent: Monday, October 06, 2003 1:31 PM To: Exchange Discussions Subject: RE: Am I relaying What domain? Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Louanne Fournier Sent: Monday, October 06, 2003 10:23 AM To: Exchange Discussions Subject: RE: Am I relaying I am sure I am going to sound like an idiot here...but...how do I check if it was delivered or not? Should I use message tracking? Louanne Fournier, CCNA, MCSE Technical Analyst (905) 319-8378 Ext. 240 FAX (905) 319-8397 www.nexterna.com NEXTERNA E-MAIL CONFIDENTIALITY NOTICE This transmission is intended to be strictly confidential. If you are not the intended recipient of this message, you may not disclose, print, copy or disseminate this information. If you have received this in error, please reply and notify the sender (only) and delete the message. Unauthorized interception of this e-mail is a violation of federal criminal law. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy David Sent: Monday, October 06, 2003 12:37 PM To: Exchange Discussions Subject: Re: Am I relaying Are the test messages actually delivered? Exchange appears to fail tests 6 and 7 of those online tests. The key is to whether the mail is actually delivered and if it generates a NDR. ----- Original Message ----- From: "Louanne Fournier" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Monday, October 06, 2003 12:03 PM Subject: FW: Am I relaying Louanne Fournier, CCNA, MCSE Technical Analyst (905) 319-8378 Ext. 240 FAX (905) 319-8397 www.nexterna.com NEXTERNA E-MAIL CONFIDENTIALITY NOTICE This transmission is intended to be strictly confidential. If you are not the intended recipient of this message, you may not disclose, print, copy or disseminate this information. If you have received this in error, please reply and notify the sender (only) and delete the message. Unauthorized interception of this e-mail is a violation of federal criminal law. ________________________________________ From: Louanne Fournier Sent: Monday, October 06, 2003 11:59 AM To: 'Exchange Discussions' Subject: Am I relaying I recently was testing whether my server was relaying with an external tester. I received the test results and most said relaying not allowed etc. But I also saw this in the results. I have followed instructions on making sure you are not relaying in Exchange. How can I troubleshoot this to see what settings are allowing the relay. -> MAIL FROM: <[EMAIL PROTECTED]> <- 250 2.1.0 [EMAIL PROTECTED] OK -> RCPT TO: <"[EMAIL PROTECTED]"> <- 250 2.1.5 "[EMAIL PROTECTED]"@nexterna.com -> DATA <- 354 Start mail input; end with <CRLF>.<CRLF> -> Sending test data (Relaying the e-mail) . <- 250 2.6.0 <[EMAIL PROTECTED]> Queued mail for delivery -> RSET <- 250 2.0.0 Resetting -> MAIL FROM: <[EMAIL PROTECTED]> <- 250 2.1.0 [EMAIL PROTECTED] OK -> RCPT TO: <"nobody%msv.dk"> <- 250 2.1.5 "nobody%msv.dk"@nexterna.com -> DATA <- 354 Start mail input; end with <CRLF>.<CRLF> -> Sending test data (Relaying the e-mail) . <- 250 2.6.0 <[EMAIL PROTECTED]> Queued mail for delivery -> RSET <- 250 2.0.0 Resetting Louanne [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
