Usually something simple like a Webmaster account with "password" password is a target of spammers.
Sincerely, Andrey Fyodorov, Exchange MVP Systems Engineer Messaging and Collaboration Spherion -----Original Message----- From: Eric Fretz [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 11:49 AM To: Exchange Discussions Subject: RE: Open Relay/Spamcop I agree with Ben. My Exchange 2000 box at my last company was setup to allow realaying after sucessfuly authentication because I had POP3 clients at other offices that had no other SMTP gateway. Disabling the Guest account and forcing the users to change passwords every 30 days kept our risk at a minimum. We got tagged as a relay once, but forcing user password changes on the spot fixed the problem. Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -----Original Message----- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 10:48 AM To: Exchange Discussions Subject: RE: Open Relay/Spamcop I still think you are smoking crack on this, Greg. I have never seen a properly configured Exchange 2000 server relay UNLESS a user account was compromised, or the guest account was enabled. I've tested it and tested again, and never found Exchange to relay with those settings. Ben Winzenz Network Engineer Gardner & White (317) 581-1580 ext 418 -----Original Message----- From: Greg Deckler [mailto:[EMAIL PROTECTED] Posted At: Thursday, December 18, 2003 11:37 AM Posted To: Exchange (Swynk) Conversation: Open Relay/Spamcop Subject: RE: Open Relay/Spamcop Hey, thanks for the confirmation. People have told me that I am smoking crack and that the Exchange servers were horribly misconfigured. It's nice to know that I am not smoking crack. > I concur with greg ... our server had those settings and we were being > used as a relay ... turned off "Allow all computers which successfully > authenticate to relay, regardless of the list above." and that stopped > it ... > > Mike > > > > -----Original Message----- > From: Greg Deckler [mailto:[EMAIL PROTECTED] > Sent: Thursday, December 18, 2003 11:17 AM > To: Exchange Discussions > Subject: Re: Open Relay/Spamcop > > > This may or may not be the problem, but I have seen spammers able to > relay off an Exchange server if the following configuration applies: > > 1. If "Anonymous access" is turned on. SMTP Virtual Server properties, > Access page, Authentication. 2. And, "Allow all computers which > successfully authenticate to relay, regardless of the list above." is > checked. SMTP Virtual Server properties, Access page, Relay. > > > > > Hello All and Happy Holidays! > >=20 > > I have a colleague whos Exchange 2000 server is being reported as > >Open > > > Relay by spamcop for the past month. I have tested his relay by=20 > >setting up a POP account in Outlook, putting the server that is > >being=20 reported as Open relay as my Outgoing SMTP server. =3D20 > >=20 When I try to send a message using Outlook, I get a return > >message > that > > 550 5.7.1 Unable to relay. I am relieved that it could not relay. > > That is good, however, why then is spamcop still reporting it to > >be=20 open relay? =3D20 =20 I have checked (over the phone) all his > >Virtual SMTP Server settings=20 to verify correct configuration. > >Everything seems to be "checked" or=20 "unchecked" as recommended by > >Microsoft. > >=20 > > We have Stopped/Started Services for SMTP =20 The Exchange 2000 > >server is behind a NAT and I have looked into the=20 possibility of > >this. I have been out on the spamcop site and for the=20 life of me > >cannot find a way to make them check the server again to=20 see if > >it is closed relay like ORDB does. =3D20 =20 Any ideas or > >comments???? =3D20 =20 =20 =20 Samantha Bridges Communications > >Technician Macomb Intermediate School District > > 44001 Garfield Road > > Clinton Township MI 48038-1100 > > (586) 228-3300 > >=20 > > [EMAIL PROTECTED] > > http://www.misd.net > >=20 > >=20 > > CONFIDENTIALITY NOTICE: This email message, including any > >attachments, > > > is for the sole use of the intended recipient(s) and may contain=20 > > confidential and privileged information. Any unauthorized review, > > use, > > > disclosure or distribution is prohibited. If you are not the > >intended=20 recipient, please contact the sender by reply email and > >destroy all=20 copies of the original message. > >=20 > > =3D20 > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=3Dexchange&text_mo > de=3D= > & > lang=3Denglish > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
