That probably was the case because someone guessed a username/password combination and they were able to successfully authenticate and relay mail.
Sincerely, Andrey Fyodorov, Exchange MVP Systems Engineer Messaging and Collaboration Spherion -----Original Message----- From: Wohlgemuth, Mike [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 11:23 AM To: Exchange Discussions Subject: RE: Open Relay/Spamcop I concur with greg ... our server had those settings and we were being used as a relay ... turned off "Allow all computers which successfully authenticate to relay, regardless of the list above." and that stopped it ... Mike -----Original Message----- From: Greg Deckler [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 11:17 AM To: Exchange Discussions Subject: Re: Open Relay/Spamcop This may or may not be the problem, but I have seen spammers able to relay off an Exchange server if the following configuration applies: 1. If "Anonymous access" is turned on. SMTP Virtual Server properties, Access page, Authentication. 2. And, "Allow all computers which successfully authenticate to relay, regardless of the list above." is checked. SMTP Virtual Server properties, Access page, Relay. > Hello All and Happy Holidays! > > I have a colleague whos Exchange 2000 server is being reported as Open > Relay by spamcop for the past month. I have tested his relay by > setting up a POP account in Outlook, putting the server that is being > reported as Open relay as my Outgoing SMTP server. =20 > > When I try to send a message using Outlook, I get a return message that > 550 5.7.1 Unable to relay. I am relieved that it could not relay. > That is good, however, why then is spamcop still reporting it to be > open relay? =20 > > I have checked (over the phone) all his Virtual SMTP Server settings > to verify correct configuration. Everything seems to be "checked" or > "unchecked" as recommended by Microsoft. > > We have Stopped/Started Services for SMTP > > The Exchange 2000 server is behind a NAT and I have looked into the > possibility of this. I have been out on the spamcop site and for the > life of me cannot find a way to make them check the server again to > see if it is closed relay like ORDB does. =20 > > Any ideas or comments???? =20 > > > > Samantha Bridges > Communications Technician > Macomb Intermediate School District > 44001 Garfield Road > Clinton Township MI 48038-1100 > (586) 228-3300 > > [EMAIL PROTECTED] > http://www.misd.net > > > CONFIDENTIALITY NOTICE: This email message, including any attachments, > is for the sole use of the intended recipient(s) and may contain > confidential and privileged information. Any unauthorized review, use, > disclosure or distribution is prohibited. If you are not the intended > recipient, please contact the sender by reply email and destroy all > copies of the original message. > > =20 _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=& lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=& lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]