Just because he is getting 4000 NDR's an hour still doesn't indicate that he is an open relay. It simply means that someone spamming his domain name is trying to brute-force the spam through in mass quantities (probably ~50,000 at a time) by appending every combination they can think of, to the left of his domain name (e.g., [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], etc.).
-----Original Message----- From: Bailey, Matthew [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 06, 2004 6:54 AM To: Exchange Discussions Subject: RE: getting heaps of spams Are you dealing with Spam received in the Inbox of your users or 4000 NDRs per hour? The answer to this question will really tell you what you need to do. If you are receiving 4000 messages per hour in your user's mailboxes then you REALLY need a Spam filtering solution (we use SurfControl's product and love it). If your postmaster mailbox is filled with 4000 NDR's, then you need to close the open relay. (and still consider getting a spam filtering product). My $0.02, - Matt -----Original Message----- From: Jees [mailto:[EMAIL PROTECTED] Sent: Monday, January 05, 2004 7:16 PM To: Exchange Discussions Subject: RE: getting heaps of spams Ed, thanks for your response. Getting spams on my exchange is a daily retual to me, however, not as much as 4000 or more spam emails withing the hour. Last time, when i had such a high volume of spam, we had a look at \\exchange server\tracking.log and figured out that one of the exchange server within the enterprise had open for relaying. I can't remember now how we worked it out then, but probably experienced heaps of entries from the spamming exchange server. Hope i am making sense. --- "Ed Crowley [MVP]" <[EMAIL PROTECTED]> wrote: > You can be completely relay secure yet get bombarded > with spam. All > Exchange servers will let spam through. Looking at > the Internet headers of > each message will show the stamps of the servers > which handled the message. > > Ed Crowley MCSE+Internet MVP > Freelance E-Mail Philosopher > Protecting the world from PSTs and Bricked Backups!T > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Jees > Sent: Sunday, January 04, 2004 5:21 PM > To: Exchange Discussions > Subject: getting heaps of spams > > i have exchange 5.5 sp4 running on win 2k sp4. We > have number of exchanges > around the globe that has trusts between them. > > I am currently getting tens of thausands of spam > email, however my exchange > is tested and has no relying problem. I am expecting > one of the exchange > servers within the global enterprise is open to > relying. > > Can someone tell me how i can check which exchange > server letting all these > spam email to drain to my server? > > thank you all in advance > > __________________________________ > Do you Yahoo!? > Find out what made the Top Yahoo! Searches of 2003 > http://search.yahoo.com/top2003 > > _________________________________________________________________ > List posting FAQ: > http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang > =english > To unsubscribe: > mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > > _________________________________________________________________ > List posting FAQ: > http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english > To unsubscribe: > mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] __________________________________ Do you Yahoo!? Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes http://hotjobs.sweepstakes.yahoo.com/signingbonus _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
