RE: Open Relay/Spamcop
But can't the same thing be said for frequent forced changes to passwords? Perhaps even more so? Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Randal, Phil Sent: Friday, December 19, 2003 2:14 AM To: Exchange Discussions Subject: RE: Open Relay/Spamcop strong passwords = post-it(tm) notes on monitors = weak passwords ;-) Merry Christmas everyone, Phil - Phil Randal Network Engineer Herefordshire Council Hereford, UK -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ed Crowley [MVP] Sent: 18 December 2003 21:32 To: Exchange Discussions Subject: RE: Open Relay/Spamcop Strong passwords mean much more than forced changes. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fretz Sent: Thursday, December 18, 2003 8:49 AM To: Exchange Discussions Subject: RE: Open Relay/Spamcop I agree with Ben. My Exchange 2000 box at my last company was setup to allow realaying after sucessfuly authentication because I had POP3 clients at other offices that had no other SMTP gateway. Disabling the Guest account and forcing the users to change passwords every 30 days kept our risk at a minimum. We got tagged as a relay once, but forcing user password changes on the spot fixed the problem. Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 10:48 AM To: Exchange Discussions Subject: RE: Open Relay/Spamcop I still think you are smoking crack on this, Greg. I have never seen a properly configured Exchange 2000 server relay UNLESS a user account was compromised, or the guest account was enabled. I've tested it and tested again, and never found Exchange to relay with those settings. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Greg Deckler [mailto:[EMAIL PROTECTED] Posted At: Thursday, December 18, 2003 11:37 AM Posted To: Exchange (Swynk) Conversation: Open Relay/Spamcop Subject: RE: Open Relay/Spamcop Hey, thanks for the confirmation. People have told me that I am smoking crack and that the Exchange servers were horribly misconfigured. It's nice to know that I am not smoking crack. I concur with greg ... our server had those settings and we were being used as a relay ... turned off Allow all computers which successfully authenticate to relay, regardless of the list above. and that stopped it ... Mike -Original Message- From: Greg Deckler [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 11:17 AM To: Exchange Discussions Subject: Re: Open Relay/Spamcop This may or may not be the problem, but I have seen spammers able to relay off an Exchange server if the following configuration applies: 1. If Anonymous access is turned on. SMTP Virtual Server properties, Access page, Authentication. 2. And, Allow all computers which successfully authenticate to relay, regardless of the list above. is checked. SMTP Virtual Server properties, Access page, Relay. Hello All and Happy Holidays! =20 I have a colleague whos Exchange 2000 server is being reported as Open Relay by spamcop for the past month. I have tested his relay by=20 setting up a POP account in Outlook, putting the server that is being=20 reported as Open relay as my Outgoing SMTP server. =3D20 =20 When I try to send a message using Outlook, I get a return message that 550 5.7.1 Unable to relay. I am relieved that it could not relay. That is good, however, why then is spamcop still reporting it to be=20 open relay? =3D20 =20 I have checked (over the phone) all his Virtual SMTP Server settings=20 to verify correct configuration. Everything seems to be checked or=20 unchecked as recommended by Microsoft. =20 We have Stopped/Started Services for SMTP =20 The Exchange 2000 server is behind a NAT and I have looked into the=20 possibility of this. I have been out on the spamcop site and for the=20 life of me cannot find a way to make them check the server again to=20 see if it is closed relay like ORDB does. =3D20 =20 Any ideas or comments =3D20 =20 =20 =20 Samantha Bridges Communications Technician Macomb Intermediate School District 44001 Garfield Road Clinton Township MI 48038-1100 (586) 228-3300 =20 [EMAIL PROTECTED] http://www.misd.net =20
RE: Open Relay/Spamcop
And what? Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Deckler Sent: Thursday, December 18, 2003 9:18 PM To: Exchange Discussions Subject: RE: Open Relay/Spamcop And... Rest assured that this topic has been discussed by us vendor whores. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Deckler Sent: Thursday, December 18, 2003 11:19 AM To: Exchange Discussions Subject: RE: Open Relay/Spamcop _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Open Relay/Spamcop
strong passwords = post-it(tm) notes on monitors = weak passwords ;-) Merry Christmas everyone, Phil - Phil Randal Network Engineer Herefordshire Council Hereford, UK -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ed Crowley [MVP] Sent: 18 December 2003 21:32 To: Exchange Discussions Subject: RE: Open Relay/Spamcop Strong passwords mean much more than forced changes. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fretz Sent: Thursday, December 18, 2003 8:49 AM To: Exchange Discussions Subject: RE: Open Relay/Spamcop I agree with Ben. My Exchange 2000 box at my last company was setup to allow realaying after sucessfuly authentication because I had POP3 clients at other offices that had no other SMTP gateway. Disabling the Guest account and forcing the users to change passwords every 30 days kept our risk at a minimum. We got tagged as a relay once, but forcing user password changes on the spot fixed the problem. Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 10:48 AM To: Exchange Discussions Subject: RE: Open Relay/Spamcop I still think you are smoking crack on this, Greg. I have never seen a properly configured Exchange 2000 server relay UNLESS a user account was compromised, or the guest account was enabled. I've tested it and tested again, and never found Exchange to relay with those settings. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Greg Deckler [mailto:[EMAIL PROTECTED] Posted At: Thursday, December 18, 2003 11:37 AM Posted To: Exchange (Swynk) Conversation: Open Relay/Spamcop Subject: RE: Open Relay/Spamcop Hey, thanks for the confirmation. People have told me that I am smoking crack and that the Exchange servers were horribly misconfigured. It's nice to know that I am not smoking crack. I concur with greg ... our server had those settings and we were being used as a relay ... turned off Allow all computers which successfully authenticate to relay, regardless of the list above. and that stopped it ... Mike -Original Message- From: Greg Deckler [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 11:17 AM To: Exchange Discussions Subject: Re: Open Relay/Spamcop This may or may not be the problem, but I have seen spammers able to relay off an Exchange server if the following configuration applies: 1. If Anonymous access is turned on. SMTP Virtual Server properties, Access page, Authentication. 2. And, Allow all computers which successfully authenticate to relay, regardless of the list above. is checked. SMTP Virtual Server properties, Access page, Relay. Hello All and Happy Holidays! =20 I have a colleague whos Exchange 2000 server is being reported as Open Relay by spamcop for the past month. I have tested his relay by=20 setting up a POP account in Outlook, putting the server that is being=20 reported as Open relay as my Outgoing SMTP server. =3D20 =20 When I try to send a message using Outlook, I get a return message that 550 5.7.1 Unable to relay. I am relieved that it could not relay. That is good, however, why then is spamcop still reporting it to be=20 open relay? =3D20 =20 I have checked (over the phone) all his Virtual SMTP Server settings=20 to verify correct configuration. Everything seems to be checked or=20 unchecked as recommended by Microsoft. =20 We have Stopped/Started Services for SMTP =20 The Exchange 2000 server is behind a NAT and I have looked into the=20 possibility of this. I have been out on the spamcop site and for the=20 life of me cannot find a way to make them check the server again to=20 see if it is closed relay like ORDB does. =3D20 =20 Any ideas or comments =3D20 =20 =20 =20 Samantha Bridges Communications Technician Macomb Intermediate School District 44001 Garfield Road Clinton Township MI 48038-1100 (586) 228-3300 =20 [EMAIL PROTECTED] http://www.misd.net =20 =20 CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain=20 confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended=20 recipient, please contact the sender by reply email and destroy all=20
Re: Open Relay/Spamcop
The Exchange 2000 server is behind a NAT and I have looked into the possibility of this. I have been out on the spamcop site and for the life of me cannot find a way to make them check the server again to see if it is closed relay like ORDB does. Any ideas or comments http://www.sbsfaq.com/ click on http://www.sbsfaq.com/news/getArticle.asp?MessageID=1A447390AA6611CD9BC800AA002FC45A0900E049B559A334DD479C5D360FB473600B00018718F401C41B681A9640A459B27C5FF7E684B1E57203path=News/Mail Relaying - new ways they are getting through your security I think this might apply to versions other then SBS too. You're sure they don't run a proxy server of any kind? Or any other service that is capable of sending mail? B. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Open Relay/Spamcop
Hello All and Happy Holidays! I have a colleague whos Exchange 2000 server is being reported as Open Relay by spamcop for the past month. I have tested his relay by setting up a POP account in Outlook, putting the server that is being reported as Open relay as my Outgoing SMTP server. When I try to send a message using Outlook, I get a return message that 550 5.7.1 Unable to relay. I am relieved that it could not relay. That is good, however, why then is spamcop still reporting it to be open relay? I have checked (over the phone) all his Virtual SMTP Server settings to verify correct configuration. Everything seems to be checked or unchecked as recommended by Microsoft. We have Stopped/Started Services for SMTP The Exchange 2000 server is behind a NAT and I have looked into the possibility of this. I have been out on the spamcop site and for the life of me cannot find a way to make them check the server again to see if it is closed relay like ORDB does. Any ideas or comments Samantha Bridges Communications Technician Macomb Intermediate School District 44001 Garfield Road Clinton Township MI 48038-1100 (586) 228-3300 [EMAIL PROTECTED] http://www.misd.net CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Open Relay/Spamcop
Try checking with http://www.abuse.net/relay.html Cheers, Phil - Phil Randal Network Engineer Herefordshire Council Hereford, UK -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Bridges, Samantha Sent: 18 December 2003 15:59 To: Exchange Discussions Subject: Open Relay/Spamcop Hello All and Happy Holidays! I have a colleague whos Exchange 2000 server is being reported as Open Relay by spamcop for the past month. I have tested his relay by setting up a POP account in Outlook, putting the server that is being reported as Open relay as my Outgoing SMTP server. When I try to send a message using Outlook, I get a return message that 550 5.7.1 Unable to relay. I am relieved that it could not relay. That is good, however, why then is spamcop still reporting it to be open relay? I have checked (over the phone) all his Virtual SMTP Server settings to verify correct configuration. Everything seems to be checked or unchecked as recommended by Microsoft. We have Stopped/Started Services for SMTP The Exchange 2000 server is behind a NAT and I have looked into the possibility of this. I have been out on the spamcop site and for the life of me cannot find a way to make them check the server again to see if it is closed relay like ORDB does. Any ideas or comments Samantha Bridges Communications Technician Macomb Intermediate School District 44001 Garfield Road Clinton Township MI 48038-1100 (586) 228-3300 [EMAIL PROTECTED] http://www.misd.net CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Open Relay/Spamcop
I concur with greg ... our server had those settings and we were being used as a relay ... turned off Allow all computers which successfully authenticate to relay, regardless of the list above. and that stopped it ... Mike -Original Message- From: Greg Deckler [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 11:17 AM To: Exchange Discussions Subject: Re: Open Relay/Spamcop This may or may not be the problem, but I have seen spammers able to relay off an Exchange server if the following configuration applies: 1. If Anonymous access is turned on. SMTP Virtual Server properties, Access page, Authentication. 2. And, Allow all computers which successfully authenticate to relay, regardless of the list above. is checked. SMTP Virtual Server properties, Access page, Relay. Hello All and Happy Holidays! I have a colleague whos Exchange 2000 server is being reported as Open Relay by spamcop for the past month. I have tested his relay by setting up a POP account in Outlook, putting the server that is being reported as Open relay as my Outgoing SMTP server. =20 When I try to send a message using Outlook, I get a return message that 550 5.7.1 Unable to relay. I am relieved that it could not relay. That is good, however, why then is spamcop still reporting it to be open relay? =20 I have checked (over the phone) all his Virtual SMTP Server settings to verify correct configuration. Everything seems to be checked or unchecked as recommended by Microsoft. We have Stopped/Started Services for SMTP The Exchange 2000 server is behind a NAT and I have looked into the possibility of this. I have been out on the spamcop site and for the life of me cannot find a way to make them check the server again to see if it is closed relay like ORDB does. =20 Any ideas or comments =20 Samantha Bridges Communications Technician Macomb Intermediate School District 44001 Garfield Road Clinton Township MI 48038-1100 (586) 228-3300 [EMAIL PROTECTED] http://www.misd.net CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. =20 _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Open Relay/Spamcop
Hey, thanks for the confirmation. People have told me that I am smoking crack and that the Exchange servers were horribly misconfigured. It's nice to know that I am not smoking crack. I concur with greg ... our server had those settings and we were being used as a relay ... turned off Allow all computers which successfully authenticate to relay, regardless of the list above. and that stopped it ... Mike -Original Message- From: Greg Deckler [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 11:17 AM To: Exchange Discussions Subject: Re: Open Relay/Spamcop This may or may not be the problem, but I have seen spammers able to relay off an Exchange server if the following configuration applies: 1. If Anonymous access is turned on. SMTP Virtual Server properties, Access page, Authentication. 2. And, Allow all computers which successfully authenticate to relay, regardless of the list above. is checked. SMTP Virtual Server properties, Access page, Relay. Hello All and Happy Holidays! =20 I have a colleague whos Exchange 2000 server is being reported as Open Relay by spamcop for the past month. I have tested his relay by=20 setting up a POP account in Outlook, putting the server that is being=20 reported as Open relay as my Outgoing SMTP server. =3D20 =20 When I try to send a message using Outlook, I get a return message that 550 5.7.1 Unable to relay. I am relieved that it could not relay. That is good, however, why then is spamcop still reporting it to be=20 open relay? =3D20 =20 I have checked (over the phone) all his Virtual SMTP Server settings=20 to verify correct configuration. Everything seems to be checked or=20 unchecked as recommended by Microsoft. =20 We have Stopped/Started Services for SMTP =20 The Exchange 2000 server is behind a NAT and I have looked into the=20 possibility of this. I have been out on the spamcop site and for the=20 life of me cannot find a way to make them check the server again to=20 see if it is closed relay like ORDB does. =3D20 =20 Any ideas or comments =3D20 =20 =20 =20 Samantha Bridges Communications Technician Macomb Intermediate School District 44001 Garfield Road Clinton Township MI 48038-1100 (586) 228-3300 =20 [EMAIL PROTECTED] http://www.misd.net =20 =20 CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain=20 confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended=20 recipient, please contact the sender by reply email and destroy all=20 copies of the original message. =20 =3D20 _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=3Dexchangetext_mode=3D= lang=3Denglish To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Open Relay/Spamcop
I'm gonna comment on this one again. This type of vulnerability should only be an issue if your Guest account is enabled. You HAVE to leave anonymous access on if you want other mail systems to communicate with you. If you have POP3 and/or IMAP clients, you must leave the box checked to allow all computers which successfully relay I have never seen a case where the server truly was an open relay with these settings. If your configuration was like this, than likely what happened is one of your accounts was compromised. Exchange WILL NOT relay with those settings unless you successfully authenticate, such as you do when you specify that the outgoing smtp server requires authentication. Also, if this is the case, it is NOT a case where you were an open relay, it is a case where an account was compromised and allowed to relay off the server. Configuring user accounts with strong passwords, and configuring them to lock out after x number of unsuccessful logins should mitigate any risk of SMTP Auth attacks, aside from a user revealing their password. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Wohlgemuth, Mike [mailto:[EMAIL PROTECTED] Posted At: Thursday, December 18, 2003 11:23 AM Posted To: Exchange (Swynk) Conversation: Open Relay/Spamcop Subject: RE: Open Relay/Spamcop I concur with greg ... our server had those settings and we were being used as a relay ... turned off Allow all computers which successfully authenticate to relay, regardless of the list above. and that stopped it ... Mike -Original Message- From: Greg Deckler [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 11:17 AM To: Exchange Discussions Subject: Re: Open Relay/Spamcop This may or may not be the problem, but I have seen spammers able to relay off an Exchange server if the following configuration applies: 1. If Anonymous access is turned on. SMTP Virtual Server properties, Access page, Authentication. 2. And, Allow all computers which successfully authenticate to relay, regardless of the list above. is checked. SMTP Virtual Server properties, Access page, Relay. Hello All and Happy Holidays! I have a colleague whos Exchange 2000 server is being reported as Open Relay by spamcop for the past month. I have tested his relay by setting up a POP account in Outlook, putting the server that is being reported as Open relay as my Outgoing SMTP server. =20 When I try to send a message using Outlook, I get a return message that 550 5.7.1 Unable to relay. I am relieved that it could not relay. That is good, however, why then is spamcop still reporting it to be open relay? =20 I have checked (over the phone) all his Virtual SMTP Server settings to verify correct configuration. Everything seems to be checked or unchecked as recommended by Microsoft. We have Stopped/Started Services for SMTP The Exchange 2000 server is behind a NAT and I have looked into the possibility of this. I have been out on the spamcop site and for the life of me cannot find a way to make them check the server again to see if it is closed relay like ORDB does. =20 Any ideas or comments =20 Samantha Bridges Communications Technician Macomb Intermediate School District 44001 Garfield Road Clinton Township MI 48038-1100 (586) 228-3300 [EMAIL PROTECTED] http://www.misd.net CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. =20 _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Open Relay/Spamcop
I still think you are smoking crack on this, Greg. I have never seen a properly configured Exchange 2000 server relay UNLESS a user account was compromised, or the guest account was enabled. I've tested it and tested again, and never found Exchange to relay with those settings. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Greg Deckler [mailto:[EMAIL PROTECTED] Posted At: Thursday, December 18, 2003 11:37 AM Posted To: Exchange (Swynk) Conversation: Open Relay/Spamcop Subject: RE: Open Relay/Spamcop Hey, thanks for the confirmation. People have told me that I am smoking crack and that the Exchange servers were horribly misconfigured. It's nice to know that I am not smoking crack. I concur with greg ... our server had those settings and we were being used as a relay ... turned off Allow all computers which successfully authenticate to relay, regardless of the list above. and that stopped it ... Mike -Original Message- From: Greg Deckler [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 11:17 AM To: Exchange Discussions Subject: Re: Open Relay/Spamcop This may or may not be the problem, but I have seen spammers able to relay off an Exchange server if the following configuration applies: 1. If Anonymous access is turned on. SMTP Virtual Server properties, Access page, Authentication. 2. And, Allow all computers which successfully authenticate to relay, regardless of the list above. is checked. SMTP Virtual Server properties, Access page, Relay. Hello All and Happy Holidays! =20 I have a colleague whos Exchange 2000 server is being reported as Open Relay by spamcop for the past month. I have tested his relay by=20 setting up a POP account in Outlook, putting the server that is being=20 reported as Open relay as my Outgoing SMTP server. =3D20 =20 When I try to send a message using Outlook, I get a return message that 550 5.7.1 Unable to relay. I am relieved that it could not relay. That is good, however, why then is spamcop still reporting it to be=20 open relay? =3D20 =20 I have checked (over the phone) all his Virtual SMTP Server settings=20 to verify correct configuration. Everything seems to be checked or=20 unchecked as recommended by Microsoft. =20 We have Stopped/Started Services for SMTP =20 The Exchange 2000 server is behind a NAT and I have looked into the=20 possibility of this. I have been out on the spamcop site and for the=20 life of me cannot find a way to make them check the server again to=20 see if it is closed relay like ORDB does. =3D20 =20 Any ideas or comments =3D20 =20 =20 =20 Samantha Bridges Communications Technician Macomb Intermediate School District 44001 Garfield Road Clinton Township MI 48038-1100 (586) 228-3300 =20 [EMAIL PROTECTED] http://www.misd.net =20 =20 CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain=20 confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended=20 recipient, please contact the sender by reply email and destroy all=20 copies of the original message. =20 =3D20 _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=3Dexchangetext_mo de=3D= lang=3Denglish To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Open Relay/Spamcop
However, I would welcome any information that proves me otherwise. i.e. configure these settings, with the guest account disabled, and prove that it actually will relay - not authenticated relay, that doesn't count. If it is authenticated relay, it is because a password was compromised. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Ben Winzenz Posted At: Thursday, December 18, 2003 11:48 AM Posted To: Exchange (Swynk) Conversation: Open Relay/Spamcop Subject: RE: Open Relay/Spamcop I still think you are smoking crack on this, Greg. I have never seen a properly configured Exchange 2000 server relay UNLESS a user account was compromised, or the guest account was enabled. I've tested it and tested again, and never found Exchange to relay with those settings. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Greg Deckler [mailto:[EMAIL PROTECTED] Posted At: Thursday, December 18, 2003 11:37 AM Posted To: Exchange (Swynk) Conversation: Open Relay/Spamcop Subject: RE: Open Relay/Spamcop Hey, thanks for the confirmation. People have told me that I am smoking crack and that the Exchange servers were horribly misconfigured. It's nice to know that I am not smoking crack. I concur with greg ... our server had those settings and we were being used as a relay ... turned off Allow all computers which successfully authenticate to relay, regardless of the list above. and that stopped it ... Mike -Original Message- From: Greg Deckler [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 11:17 AM To: Exchange Discussions Subject: Re: Open Relay/Spamcop This may or may not be the problem, but I have seen spammers able to relay off an Exchange server if the following configuration applies: 1. If Anonymous access is turned on. SMTP Virtual Server properties, Access page, Authentication. 2. And, Allow all computers which successfully authenticate to relay, regardless of the list above. is checked. SMTP Virtual Server properties, Access page, Relay. Hello All and Happy Holidays! =20 I have a colleague whos Exchange 2000 server is being reported as Open Relay by spamcop for the past month. I have tested his relay by=20 setting up a POP account in Outlook, putting the server that is being=20 reported as Open relay as my Outgoing SMTP server. =3D20 =20 When I try to send a message using Outlook, I get a return message that 550 5.7.1 Unable to relay. I am relieved that it could not relay. That is good, however, why then is spamcop still reporting it to be=20 open relay? =3D20 =20 I have checked (over the phone) all his Virtual SMTP Server settings=20 to verify correct configuration. Everything seems to be checked or=20 unchecked as recommended by Microsoft. =20 We have Stopped/Started Services for SMTP =20 The Exchange 2000 server is behind a NAT and I have looked into the=20 possibility of this. I have been out on the spamcop site and for the=20 life of me cannot find a way to make them check the server again to=20 see if it is closed relay like ORDB does. =3D20 =20 Any ideas or comments =3D20 =20 =20 =20 Samantha Bridges Communications Technician Macomb Intermediate School District 44001 Garfield Road Clinton Township MI 48038-1100 (586) 228-3300 =20 [EMAIL PROTECTED] http://www.misd.net =20 =20 CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain=20 confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended=20 recipient, please contact the sender by reply email and destroy all=20 copies of the original message. =20 =3D20 _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=3Dexchangetext_mo de=3D= lang=3Denglish To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting
RE: Open Relay/Spamcop
I agree with Ben. My Exchange 2000 box at my last company was setup to allow realaying after sucessfuly authentication because I had POP3 clients at other offices that had no other SMTP gateway. Disabling the Guest account and forcing the users to change passwords every 30 days kept our risk at a minimum. We got tagged as a relay once, but forcing user password changes on the spot fixed the problem. Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 10:48 AM To: Exchange Discussions Subject: RE: Open Relay/Spamcop I still think you are smoking crack on this, Greg. I have never seen a properly configured Exchange 2000 server relay UNLESS a user account was compromised, or the guest account was enabled. I've tested it and tested again, and never found Exchange to relay with those settings. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Greg Deckler [mailto:[EMAIL PROTECTED] Posted At: Thursday, December 18, 2003 11:37 AM Posted To: Exchange (Swynk) Conversation: Open Relay/Spamcop Subject: RE: Open Relay/Spamcop Hey, thanks for the confirmation. People have told me that I am smoking crack and that the Exchange servers were horribly misconfigured. It's nice to know that I am not smoking crack. I concur with greg ... our server had those settings and we were being used as a relay ... turned off Allow all computers which successfully authenticate to relay, regardless of the list above. and that stopped it ... Mike -Original Message- From: Greg Deckler [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 11:17 AM To: Exchange Discussions Subject: Re: Open Relay/Spamcop This may or may not be the problem, but I have seen spammers able to relay off an Exchange server if the following configuration applies: 1. If Anonymous access is turned on. SMTP Virtual Server properties, Access page, Authentication. 2. And, Allow all computers which successfully authenticate to relay, regardless of the list above. is checked. SMTP Virtual Server properties, Access page, Relay. Hello All and Happy Holidays! =20 I have a colleague whos Exchange 2000 server is being reported as Open Relay by spamcop for the past month. I have tested his relay by=20 setting up a POP account in Outlook, putting the server that is being=20 reported as Open relay as my Outgoing SMTP server. =3D20 =20 When I try to send a message using Outlook, I get a return message that 550 5.7.1 Unable to relay. I am relieved that it could not relay. That is good, however, why then is spamcop still reporting it to be=20 open relay? =3D20 =20 I have checked (over the phone) all his Virtual SMTP Server settings=20 to verify correct configuration. Everything seems to be checked or=20 unchecked as recommended by Microsoft. =20 We have Stopped/Started Services for SMTP =20 The Exchange 2000 server is behind a NAT and I have looked into the=20 possibility of this. I have been out on the spamcop site and for the=20 life of me cannot find a way to make them check the server again to=20 see if it is closed relay like ORDB does. =3D20 =20 Any ideas or comments =3D20 =20 =20 =20 Samantha Bridges Communications Technician Macomb Intermediate School District 44001 Garfield Road Clinton Township MI 48038-1100 (586) 228-3300 =20 [EMAIL PROTECTED] http://www.misd.net =20 =20 CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain=20 confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended=20 recipient, please contact the sender by reply email and destroy all=20 copies of the original message. =20 =3D20 _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=3Dexchangetext_mo de=3D= lang=3Denglish To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe
RE: Open Relay/Spamcop
What do you get when you telnet into the server and try to send mail to a bogus address? Hello All and Happy Holidays! =20 I have a colleague whos Exchange 2000 server is being reported as Open Relay by spamcop for the past month. I have tested his relay by=20 setting up a POP account in Outlook, putting the server that is being=20 reported as Open relay as my Outgoing SMTP server. =3D20 =20 When I try to send a message using Outlook, I get a return message that 550 5.7.1 Unable to relay. I am relieved that it could not relay. That is good, however, why then is spamcop still reporting it to be=20 open relay? =3D20 =20 I have checked (over the phone) all his Virtual SMTP Server settings=20 to verify correct configuration. Everything seems to be checked or=20 unchecked as recommended by Microsoft. =20 We have Stopped/Started Services for SMTP =20 The Exchange 2000 server is behind a NAT and I have looked into the=20 possibility of this. I have been out on the spamcop site and for the=20 life of me cannot find a way to make them check the server again to=20 see if it is closed relay like ORDB does. =3D20 =20 Any ideas or comments =3D20 =20 =20 =20 Samantha Bridges Communications Technician Macomb Intermediate School District 44001 Garfield Road Clinton Township MI 48038-1100 (586) 228-3300 =20 [EMAIL PROTECTED] http://www.misd.net =20 =20 CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain=20 confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended=20 recipient, please contact the sender by reply email and destroy all=20 copies of the original message. =20 =3D20 _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=3Dexchangetext_mo de=3D= lang=3Denglish To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Open Relay/Spamcop
This may very well be the case. I cannot say one way or another. When I have seen this, it has always been the case that I am there fixing something else and happen upon this problem, fix it and move on. I DO know that I have seen it on boxes where the Guest account is disabled, but that does not rule out the possibility that some other account was compromised. However, I would welcome any information that proves me otherwise. i.e. configure these settings, with the guest account disabled, and prove that it actually will relay - not authenticated relay, that doesn't count. If it is authenticated relay, it is because a password was compromised.=20 Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Ben Winzenz=20 Posted At: Thursday, December 18, 2003 11:48 AM Posted To: Exchange (Swynk) Conversation: Open Relay/Spamcop Subject: RE: Open Relay/Spamcop I still think you are smoking crack on this, Greg. I have never seen a properly configured Exchange 2000 server relay UNLESS a user account was compromised, or the guest account was enabled. I've tested it and tested again, and never found Exchange to relay with those settings.=20 Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Greg Deckler [mailto:[EMAIL PROTECTED] Posted At: Thursday, December 18, 2003 11:37 AM Posted To: Exchange (Swynk) Conversation: Open Relay/Spamcop Subject: RE: Open Relay/Spamcop Hey, thanks for the confirmation. People have told me that I am smoking crack and that the Exchange servers were horribly misconfigured. It's nice to know that I am not smoking crack. I concur with greg ... our server had those settings and we were being used as a relay ... turned off Allow all computers which successfully authenticate to relay, regardless of the list above. and that stopped it ... =20 Mike =20 =20 =20 -Original Message- From: Greg Deckler [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 11:17 AM To: Exchange Discussions Subject: Re: Open Relay/Spamcop =20 =20 This may or may not be the problem, but I have seen spammers able to=20 relay off an Exchange server if the following configuration applies: =20 1. If Anonymous access is turned on. SMTP Virtual Server properties, Access page, Authentication. 2. And, Allow all computers which=20 successfully authenticate to relay, regardless of the list above. is=20 checked. SMTP Virtual Server properties, Access page, Relay. =20 =20 =20 Hello All and Happy Holidays! =3D20 I have a colleague whos Exchange 2000 server is being reported as=20 Open =20 Relay by spamcop for the past month. I have tested his relay = by=3D20 setting up a POP account in Outlook, putting the server that is=20 being=3D20 reported as Open relay as my Outgoing SMTP server. = =3D3D20=20 =3D20 When I try to send a message using Outlook, I get a return=20 message that 550 5.7.1 Unable to relay. I am relieved that it could not relay. That is good, however, why then is spamcop still reporting it to=20 be=3D20 open relay? =3D3D20 =3D20 I have checked (over the phone) = all his Virtual SMTP Server settings=3D20 to verify correct configuration. =20 Everything seems to be checked or=3D20 unchecked as recommended = by Microsoft. =3D20 We have Stopped/Started Services for SMTP =3D20 The Exchange 2000=20 server is behind a NAT and I have looked into the=3D20 possibility = of=20 this. I have been out on the spamcop site and for the=3D20 life of = me cannot find a way to make them check the server again to=3D20 see if = it is closed relay like ORDB does. =3D3D20 =3D20 Any ideas or=20 comments =3D3D20 =3D20 =3D20 =3D20 Samantha Bridges = Communications=20 Technician Macomb Intermediate School District 44001 Garfield Road Clinton Township MI 48038-1100 (586) 228-3300 =3D20 [EMAIL PROTECTED] http://www.misd.net =3D20 =3D20 CONFIDENTIALITY NOTICE: This email message, including any=20 attachments, =20 is for the sole use of the intended recipient(s) and may = contain=3D20=20 confidential and privileged information. Any unauthorized review,=20 use, =20 disclosure or distribution is prohibited. If you are not the=20 intended=3D20 recipient, please contact the sender by reply email = and=20 destroy all=3D20 copies of the original message. =3D20 =3D3D20 =20 _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: = http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=3D3Dexchangetext_mo de=3D3D=3D lang=3D3Denglish To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED
RE: Open Relay/Spamcop
Exchange WILL relay for authenticated users (by default), and it doesn't have to be the guest account (though that is a common attack). Have you left your Administrator account named Administrator? Do you leak user IDs to the outside world? Web pages? Email addresses? IM aliases? Backups run under the user ID backup? Dictionary password attack. Spammers have lots of patience. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Deckler Sent: Thursday, December 18, 2003 12:11 PM To: Exchange Discussions Subject: RE: Open Relay/Spamcop This may very well be the case. I cannot say one way or another. When I have seen this, it has always been the case that I am there fixing something else and happen upon this problem, fix it and move on. I DO know that I have seen it on boxes where the Guest account is disabled, but that does not rule out the possibility that some other account was compromised. However, I would welcome any information that proves me otherwise. i.e. configure these settings, with the guest account disabled, and prove that it actually will relay - not authenticated relay, that doesn't count. If it is authenticated relay, it is because a password was compromised.=20 Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Ben Winzenz=20 Posted At: Thursday, December 18, 2003 11:48 AM Posted To: Exchange (Swynk) Conversation: Open Relay/Spamcop Subject: RE: Open Relay/Spamcop I still think you are smoking crack on this, Greg. I have never seen a properly configured Exchange 2000 server relay UNLESS a user account was compromised, or the guest account was enabled. I've tested it and tested again, and never found Exchange to relay with those settings.=20 Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Greg Deckler [mailto:[EMAIL PROTECTED] Posted At: Thursday, December 18, 2003 11:37 AM Posted To: Exchange (Swynk) Conversation: Open Relay/Spamcop Subject: RE: Open Relay/Spamcop Hey, thanks for the confirmation. People have told me that I am smoking crack and that the Exchange servers were horribly misconfigured. It's nice to know that I am not smoking crack. I concur with greg ... our server had those settings and we were being used as a relay ... turned off Allow all computers which successfully authenticate to relay, regardless of the list above. and that stopped it ... =20 Mike =20 =20 =20 -Original Message- From: Greg Deckler [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 11:17 AM To: Exchange Discussions Subject: Re: Open Relay/Spamcop =20 =20 This may or may not be the problem, but I have seen spammers able to=20 relay off an Exchange server if the following configuration applies: =20 1. If Anonymous access is turned on. SMTP Virtual Server properties, Access page, Authentication. 2. And, Allow all computers which=20 successfully authenticate to relay, regardless of the list above. is=20 checked. SMTP Virtual Server properties, Access page, Relay. =20 =20 =20 Hello All and Happy Holidays! =3D20 I have a colleague whos Exchange 2000 server is being reported as=20 Open =20 Relay by spamcop for the past month. I have tested his relay = by=3D20 setting up a POP account in Outlook, putting the server that is=20 being=3D20 reported as Open relay as my Outgoing SMTP server. = =3D3D20=20 =3D20 When I try to send a message using Outlook, I get a return=20 message that 550 5.7.1 Unable to relay. I am relieved that it could not relay. That is good, however, why then is spamcop still reporting it to=20 be=3D20 open relay? =3D3D20 =3D20 I have checked (over the phone) = all his Virtual SMTP Server settings=3D20 to verify correct configuration. =20 Everything seems to be checked or=3D20 unchecked as recommended = by Microsoft. =3D20 We have Stopped/Started Services for SMTP =3D20 The Exchange 2000=20 server is behind a NAT and I have looked into the=3D20 possibility = of=20 this. I have been out on the spamcop site and for the=3D20 life of = me cannot find a way to make them check the server again to=3D20 see if = it is closed relay like ORDB does. =3D3D20 =3D20 Any ideas or=20 comments =3D3D20 =3D20 =3D20 =3D20 Samantha Bridges = Communications=20 Technician Macomb Intermediate School District 44001 Garfield Road Clinton Township MI 48038-1100 (586) 228-3300 =3D20 [EMAIL PROTECTED] http://www.misd.net =3D20 =3D20 CONFIDENTIALITY NOTICE: This email message, including any=20 attachments, =20 is for the sole use of the intended recipient(s) and may = contain=3D20=20 confidential and privileged information. Any unauthorized review,=20 use, =20
RE: Open Relay/Spamcop
I seem to recall that there was a bug (fixed in sp3 maybe?) where if an SMTP packet had a forged source address of 127.0.0.1, SMTP would relay it regardless of relay settings. I may be misremembering the details. Also, no even half-way correctly firewall would let this type of packet in. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Winzenz Sent: Thursday, December 18, 2003 11:51 AM To: Exchange Discussions Subject: RE: Open Relay/Spamcop However, I would welcome any information that proves me otherwise. i.e. configure these settings, with the guest account disabled, and prove that it actually will relay - not authenticated relay, that doesn't count. If it is authenticated relay, it is because a password was compromised. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Ben Winzenz Posted At: Thursday, December 18, 2003 11:48 AM Posted To: Exchange (Swynk) Conversation: Open Relay/Spamcop Subject: RE: Open Relay/Spamcop I still think you are smoking crack on this, Greg. I have never seen a properly configured Exchange 2000 server relay UNLESS a user account was compromised, or the guest account was enabled. I've tested it and tested again, and never found Exchange to relay with those settings. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Greg Deckler [mailto:[EMAIL PROTECTED] Posted At: Thursday, December 18, 2003 11:37 AM Posted To: Exchange (Swynk) Conversation: Open Relay/Spamcop Subject: RE: Open Relay/Spamcop Hey, thanks for the confirmation. People have told me that I am smoking crack and that the Exchange servers were horribly misconfigured. It's nice to know that I am not smoking crack. I concur with greg ... our server had those settings and we were being used as a relay ... turned off Allow all computers which successfully authenticate to relay, regardless of the list above. and that stopped it ... Mike -Original Message- From: Greg Deckler [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 11:17 AM To: Exchange Discussions Subject: Re: Open Relay/Spamcop This may or may not be the problem, but I have seen spammers able to relay off an Exchange server if the following configuration applies: 1. If Anonymous access is turned on. SMTP Virtual Server properties, Access page, Authentication. 2. And, Allow all computers which successfully authenticate to relay, regardless of the list above. is checked. SMTP Virtual Server properties, Access page, Relay. Hello All and Happy Holidays! =20 I have a colleague whos Exchange 2000 server is being reported as Open Relay by spamcop for the past month. I have tested his relay by=20 setting up a POP account in Outlook, putting the server that is being=20 reported as Open relay as my Outgoing SMTP server. =3D20 =20 When I try to send a message using Outlook, I get a return message that 550 5.7.1 Unable to relay. I am relieved that it could not relay. That is good, however, why then is spamcop still reporting it to be=20 open relay? =3D20 =20 I have checked (over the phone) all his Virtual SMTP Server settings=20 to verify correct configuration. Everything seems to be checked or=20 unchecked as recommended by Microsoft. =20 We have Stopped/Started Services for SMTP =20 The Exchange 2000 server is behind a NAT and I have looked into the=20 possibility of this. I have been out on the spamcop site and for the=20 life of me cannot find a way to make them check the server again to=20 see if it is closed relay like ORDB does. =3D20 =20 Any ideas or comments =3D20 =20 =20 =20 Samantha Bridges Communications Technician Macomb Intermediate School District 44001 Garfield Road Clinton Township MI 48038-1100 (586) 228-3300 =20 [EMAIL PROTECTED] http://www.misd.net =20 =20 CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain=20 confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended=20 recipient, please contact the sender by reply email and destroy all=20 copies of the original message. =20 =3D20 _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=3Dexchangetext_mo de=3D= lang=3Denglish To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english
RE: Open Relay/Spamcop
But that is my point. I know Exchange relays for authenticated users by default. It is turned on to allow POP3/SMTP and IMAP accounts the ability to send using your Exchange server as the outgoing server. However, it won't relay for a spammer UNLESS an account has been compromised, at which point someone has in essence hacked your system. If you set up your environment correctly, the ONLY way an account will get compromised is if someone leaks their password. Dictionary attacks won't work because the account will get locked out after 3 attempts, and it is awfully hard to dictionary guess a complex password in 3 tries :-) Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Ken Cornetet [mailto:[EMAIL PROTECTED] Posted At: Thursday, December 18, 2003 12:18 PM Posted To: Exchange (Swynk) Conversation: Open Relay/Spamcop Subject: RE: Open Relay/Spamcop Exchange WILL relay for authenticated users (by default), and it doesn't have to be the guest account (though that is a common attack). Have you left your Administrator account named Administrator? Do you leak user IDs to the outside world? Web pages? Email addresses? IM aliases? Backups run under the user ID backup? Dictionary password attack. Spammers have lots of patience. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Deckler Sent: Thursday, December 18, 2003 12:11 PM To: Exchange Discussions Subject: RE: Open Relay/Spamcop This may very well be the case. I cannot say one way or another. When I have seen this, it has always been the case that I am there fixing something else and happen upon this problem, fix it and move on. I DO know that I have seen it on boxes where the Guest account is disabled, but that does not rule out the possibility that some other account was compromised. However, I would welcome any information that proves me otherwise. i.e. configure these settings, with the guest account disabled, and prove that it actually will relay - not authenticated relay, that doesn't count. If it is authenticated relay, it is because a password was compromised.=20 Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Ben Winzenz=20 Posted At: Thursday, December 18, 2003 11:48 AM Posted To: Exchange (Swynk) Conversation: Open Relay/Spamcop Subject: RE: Open Relay/Spamcop I still think you are smoking crack on this, Greg. I have never seen a properly configured Exchange 2000 server relay UNLESS a user account was compromised, or the guest account was enabled. I've tested it and tested again, and never found Exchange to relay with those settings.=20 Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Greg Deckler [mailto:[EMAIL PROTECTED] Posted At: Thursday, December 18, 2003 11:37 AM Posted To: Exchange (Swynk) Conversation: Open Relay/Spamcop Subject: RE: Open Relay/Spamcop Hey, thanks for the confirmation. People have told me that I am smoking crack and that the Exchange servers were horribly misconfigured. It's nice to know that I am not smoking crack. I concur with greg ... our server had those settings and we were being used as a relay ... turned off Allow all computers which successfully authenticate to relay, regardless of the list above. and that stopped it ... =20 Mike =20 =20 =20 -Original Message- From: Greg Deckler [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 11:17 AM To: Exchange Discussions Subject: Re: Open Relay/Spamcop =20 =20 This may or may not be the problem, but I have seen spammers able to=20 relay off an Exchange server if the following configuration applies: =20 1. If Anonymous access is turned on. SMTP Virtual Server properties, Access page, Authentication. 2. And, Allow all computers which=20 successfully authenticate to relay, regardless of the list above. is=20 checked. SMTP Virtual Server properties, Access page, Relay. =20 =20 =20 Hello All and Happy Holidays! =3D20 I have a colleague whos Exchange 2000 server is being reported as=20 Open =20 Relay by spamcop for the past month. I have tested his relay = by=3D20 setting up a POP account in Outlook, putting the server that is=20 being=3D20 reported as Open relay as my Outgoing SMTP server. = =3D3D20=20 =3D20 When I try to send a message using Outlook, I get a return=20 message that 550 5.7.1 Unable to relay. I am relieved that it could not relay. That is good, however, why then is spamcop still reporting it to=20 be=3D20 open relay? =3D3D20 =3D20 I have checked (over the phone) = all his Virtual SMTP Server settings=3D20 to verify correct configuration. =20 Everything seems to be checked or=3D20 unchecked as recommended = by Microsoft. =3D20 We
RE: Open Relay/Spamcop
Please post if you recall the article. I'll dig around and see if I can find it. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Ken Cornetet [mailto:[EMAIL PROTECTED] Posted At: Thursday, December 18, 2003 12:23 PM Posted To: Exchange (Swynk) Conversation: Open Relay/Spamcop Subject: RE: Open Relay/Spamcop I seem to recall that there was a bug (fixed in sp3 maybe?) where if an SMTP packet had a forged source address of 127.0.0.1, SMTP would relay it regardless of relay settings. I may be misremembering the details. Also, no even half-way correctly firewall would let this type of packet in. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Winzenz Sent: Thursday, December 18, 2003 11:51 AM To: Exchange Discussions Subject: RE: Open Relay/Spamcop However, I would welcome any information that proves me otherwise. i.e. configure these settings, with the guest account disabled, and prove that it actually will relay - not authenticated relay, that doesn't count. If it is authenticated relay, it is because a password was compromised. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Ben Winzenz Posted At: Thursday, December 18, 2003 11:48 AM Posted To: Exchange (Swynk) Conversation: Open Relay/Spamcop Subject: RE: Open Relay/Spamcop I still think you are smoking crack on this, Greg. I have never seen a properly configured Exchange 2000 server relay UNLESS a user account was compromised, or the guest account was enabled. I've tested it and tested again, and never found Exchange to relay with those settings. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Greg Deckler [mailto:[EMAIL PROTECTED] Posted At: Thursday, December 18, 2003 11:37 AM Posted To: Exchange (Swynk) Conversation: Open Relay/Spamcop Subject: RE: Open Relay/Spamcop Hey, thanks for the confirmation. People have told me that I am smoking crack and that the Exchange servers were horribly misconfigured. It's nice to know that I am not smoking crack. I concur with greg ... our server had those settings and we were being used as a relay ... turned off Allow all computers which successfully authenticate to relay, regardless of the list above. and that stopped it ... Mike -Original Message- From: Greg Deckler [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 11:17 AM To: Exchange Discussions Subject: Re: Open Relay/Spamcop This may or may not be the problem, but I have seen spammers able to relay off an Exchange server if the following configuration applies: 1. If Anonymous access is turned on. SMTP Virtual Server properties, Access page, Authentication. 2. And, Allow all computers which successfully authenticate to relay, regardless of the list above. is checked. SMTP Virtual Server properties, Access page, Relay. Hello All and Happy Holidays! =20 I have a colleague whos Exchange 2000 server is being reported as Open Relay by spamcop for the past month. I have tested his relay by=20 setting up a POP account in Outlook, putting the server that is being=20 reported as Open relay as my Outgoing SMTP server. =3D20 =20 When I try to send a message using Outlook, I get a return message that 550 5.7.1 Unable to relay. I am relieved that it could not relay. That is good, however, why then is spamcop still reporting it to be=20 open relay? =3D20 =20 I have checked (over the phone) all his Virtual SMTP Server settings=20 to verify correct configuration. Everything seems to be checked or=20 unchecked as recommended by Microsoft. =20 We have Stopped/Started Services for SMTP =20 The Exchange 2000 server is behind a NAT and I have looked into the=20 possibility of this. I have been out on the spamcop site and for the=20 life of me cannot find a way to make them check the server again to=20 see if it is closed relay like ORDB does. =3D20 =20 Any ideas or comments =3D20 =20 =20 =20 Samantha Bridges Communications Technician Macomb Intermediate School District 44001 Garfield Road Clinton Township MI 48038-1100 (586) 228-3300 =20 [EMAIL PROTECTED] http://www.misd.net =20 =20 CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain=20 confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended=20 recipient, please contact the sender by reply email and destroy all=20 copies of the original message. =20 =3D20 _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter
RE: Open Relay/Spamcop
One of the reasons I like SpamCop (and actually use it myself) is because you can look up the actual reason a box is on the list: http://www.spamcop.net/bl.shtml Put the IP address in and it will show an example of exactly why they're listed. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Bridges, Samantha [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 10:59 AM To: Exchange Discussions Subject: Open Relay/Spamcop Hello All and Happy Holidays! I have a colleague whos Exchange 2000 server is being reported as Open Relay by spamcop for the past month. I have tested his relay by setting up a POP account in Outlook, putting the server that is being reported as Open relay as my Outgoing SMTP server. When I try to send a message using Outlook, I get a return message that 550 5.7.1 Unable to relay. I am relieved that it could not relay. That is good, however, why then is spamcop still reporting it to be open relay? I have checked (over the phone) all his Virtual SMTP Server settings to verify correct configuration. Everything seems to be checked or unchecked as recommended by Microsoft. We have Stopped/Started Services for SMTP The Exchange 2000 server is behind a NAT and I have looked into the possibility of this. I have been out on the spamcop site and for the life of me cannot find a way to make them check the server again to see if it is closed relay like ORDB does. Any ideas or comments Samantha Bridges Communications Technician Macomb Intermediate School District 44001 Garfield Road Clinton Township MI 48038-1100 (586) 228-3300 [EMAIL PROTECTED] http://www.misd.net CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Open Relay/Spamcop
Looking at http://openrbl.org/#dodgy ip address is also very revealing. Cheers, Phil - Phil Randal Network Engineer Herefordshire Council Hereford, UK -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Roger Seielstad Sent: 18 December 2003 17:50 To: Exchange Discussions Subject: RE: Open Relay/Spamcop One of the reasons I like SpamCop (and actually use it myself) is because you can look up the actual reason a box is on the list: http://www.spamcop.net/bl.shtml Put the IP address in and it will show an example of exactly why they're listed. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Bridges, Samantha [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 10:59 AM To: Exchange Discussions Subject: Open Relay/Spamcop Hello All and Happy Holidays! I have a colleague whos Exchange 2000 server is being reported as Open Relay by spamcop for the past month. I have tested his relay by setting up a POP account in Outlook, putting the server that is being reported as Open relay as my Outgoing SMTP server. When I try to send a message using Outlook, I get a return message that 550 5.7.1 Unable to relay. I am relieved that it could not relay. That is good, however, why then is spamcop still reporting it to be open relay? I have checked (over the phone) all his Virtual SMTP Server settings to verify correct configuration. Everything seems to be checked or unchecked as recommended by Microsoft. We have Stopped/Started Services for SMTP The Exchange 2000 server is behind a NAT and I have looked into the possibility of this. I have been out on the spamcop site and for the life of me cannot find a way to make them check the server again to see if it is closed relay like ORDB does. Any ideas or comments Samantha Bridges Communications Technician Macomb Intermediate School District 44001 Garfield Road Clinton Township MI 48038-1100 (586) 228-3300 [EMAIL PROTECTED] http://www.misd.net CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Open Relay/Spamcop
But the point is that if you're listed on Spamcop, they'll tell you EXACTLY why. None of the other RBL's I've seen do that. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Randal, Phil [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 12:52 PM To: Exchange Discussions Subject: RE: Open Relay/Spamcop Looking at http://openrbl.org/#dodgy ip address is also very revealing. Cheers, Phil - Phil Randal Network Engineer Herefordshire Council Hereford, UK -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Roger Seielstad Sent: 18 December 2003 17:50 To: Exchange Discussions Subject: RE: Open Relay/Spamcop One of the reasons I like SpamCop (and actually use it myself) is because you can look up the actual reason a box is on the list: http://www.spamcop.net/bl.shtml Put the IP address in and it will show an example of exactly why they're listed. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Bridges, Samantha [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 10:59 AM To: Exchange Discussions Subject: Open Relay/Spamcop Hello All and Happy Holidays! I have a colleague whos Exchange 2000 server is being reported as Open Relay by spamcop for the past month. I have tested his relay by setting up a POP account in Outlook, putting the server that is being reported as Open relay as my Outgoing SMTP server. When I try to send a message using Outlook, I get a return message that 550 5.7.1 Unable to relay. I am relieved that it could not relay. That is good, however, why then is spamcop still reporting it to be open relay? I have checked (over the phone) all his Virtual SMTP Server settings to verify correct configuration. Everything seems to be checked or unchecked as recommended by Microsoft. We have Stopped/Started Services for SMTP The Exchange 2000 server is behind a NAT and I have looked into the possibility of this. I have been out on the spamcop site and for the life of me cannot find a way to make them check the server again to see if it is closed relay like ORDB does. Any ideas or comments Samantha Bridges Communications Technician Macomb Intermediate School District 44001 Garfield Road Clinton Township MI 48038-1100 (586) 228-3300 [EMAIL PROTECTED] http://www.misd.net CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Open Relay/Spamcop
Uhm A ham sandwich? Maybe a limp fish? -Original Message- From: Candee Vaglica [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 11:59 AM To: Exchange Discussions Subject: RE: Open Relay/Spamcop What do you get when you telnet into the server and try to send mail to a bogus address? Hello All and Happy Holidays! =20 I have a colleague whos Exchange 2000 server is being reported as Open Relay by spamcop for the past month. I have tested his relay by=20 setting up a POP account in Outlook, putting the server that is being=20 reported as Open relay as my Outgoing SMTP server. =3D20 =20 When I try to send a message using Outlook, I get a return message that 550 5.7.1 Unable to relay. I am relieved that it could not relay. That is good, however, why then is spamcop still reporting it to be=20 open relay? =3D20 =20 I have checked (over the phone) all his Virtual SMTP Server settings=20 to verify correct configuration. Everything seems to be checked or=20 unchecked as recommended by Microsoft. =20 We have Stopped/Started Services for SMTP =20 The Exchange 2000 server is behind a NAT and I have looked into the=20 possibility of this. I have been out on the spamcop site and for the=20 life of me cannot find a way to make them check the server again to=20 see if it is closed relay like ORDB does. =3D20 =20 Any ideas or comments =3D20 =20 =20 =20 Samantha Bridges Communications Technician Macomb Intermediate School District 44001 Garfield Road Clinton Township MI 48038-1100 (586) 228-3300 =20 [EMAIL PROTECTED] http://www.misd.net =20 =20 CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain=20 confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended=20 recipient, please contact the sender by reply email and destroy all=20 copies of the original message. =20 =3D20 _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=3Dexchangetext_mo de=3D= lang=3Denglish To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Open Relay/Spamcop
It is possible that a user account was compromised ... but here is the scenario I had and what worked to fix it ... Setup: Win2K sp4; Exch 2k sp3 ; 5000 pop3/imap/mapi/http users on a closed user group (noted through ips in the relay tab ...) ; guest account disabled; SMTP Virtual Server Properties/Access Tab/Relay ... Allow all computers which successfully authenticate to relay, regardless of the list above. was checked ... Issue: My cues were huge; relaying may not have been going on (I did have a couple of external complaints that I was allowing relaying; but never made it on a list --- whew), but we were accepting the mail and then processing it internally; it was becoming a performance issue this internal processing is alluded to at http://support.microsoft.com/default.aspx?scid=kb;EN-US;304897 ... then we were getting our own NDR's back ... etc .. Solution: Unchecked SMTP Virtual Server Properties/Access Tab/Relay ... Allow all computers which successfully authenticate to relay, regardless of the list above. ... all the relaying (or attempt at it stopped) Comment: BTW, for external servers to communicate with you, it is the SMTP Virtual Server Properties/Access Tab/Authentication/Anonymous Access tab that must be checked P.S.: I tell users they can still pop their mail from outside our closed user group; but they must use their ISP's SMTP relay for sending mail or use OWA ... Mike -Original Message- From: Ken Cornetet [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 12:18 PM To: Exchange Discussions Subject: RE: Open Relay/Spamcop Exchange WILL relay for authenticated users (by default), and it doesn't have to be the guest account (though that is a common attack). Have you left your Administrator account named Administrator? Do you leak user IDs to the outside world? Web pages? Email addresses? IM aliases? Backups run under the user ID backup? Dictionary password attack. Spammers have lots of patience. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Deckler Sent: Thursday, December 18, 2003 12:11 PM To: Exchange Discussions Subject: RE: Open Relay/Spamcop This may very well be the case. I cannot say one way or another. When I have seen this, it has always been the case that I am there fixing something else and happen upon this problem, fix it and move on. I DO know that I have seen it on boxes where the Guest account is disabled, but that does not rule out the possibility that some other account was compromised. However, I would welcome any information that proves me otherwise. i.e. configure these settings, with the guest account disabled, and prove that it actually will relay - not authenticated relay, that doesn't count. If it is authenticated relay, it is because a password was compromised.=20 Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Ben Winzenz=20 Posted At: Thursday, December 18, 2003 11:48 AM Posted To: Exchange (Swynk) Conversation: Open Relay/Spamcop Subject: RE: Open Relay/Spamcop I still think you are smoking crack on this, Greg. I have never seen a properly configured Exchange 2000 server relay UNLESS a user account was compromised, or the guest account was enabled. I've tested it and tested again, and never found Exchange to relay with those settings.=20 Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Greg Deckler [mailto:[EMAIL PROTECTED] Posted At: Thursday, December 18, 2003 11:37 AM Posted To: Exchange (Swynk) Conversation: Open Relay/Spamcop Subject: RE: Open Relay/Spamcop Hey, thanks for the confirmation. People have told me that I am smoking crack and that the Exchange servers were horribly misconfigured. It's nice to know that I am not smoking crack. I concur with greg ... our server had those settings and we were being used as a relay ... turned off Allow all computers which successfully authenticate to relay, regardless of the list above. and that stopped it ... =20 Mike =20 =20 =20 -Original Message- From: Greg Deckler [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 11:17 AM To: Exchange Discussions Subject: Re: Open Relay/Spamcop =20 =20 This may or may not be the problem, but I have seen spammers able to=20 relay off an Exchange server if the following configuration applies: =20 1. If Anonymous access is turned on. SMTP Virtual Server properties, Access page, Authentication. 2. And, Allow all computers which=20 successfully authenticate to relay, regardless of the list above. is=20 checked. SMTP Virtual Server properties, Access page, Relay. =20 =20 =20 Hello All and Happy Holidays! =3D20 I have a colleague whos Exchange 2000 server is being reported as=20 Open =20 Relay by spamcop for the past month. I have
RE: Open Relay/Spamcop
I'm right there with you on this one. Since I do not know for an absolute FACT one way or the other it may indeed be the case that a guest account was used or that an account was compromised. And God forbid that I even merely hint or suggest that this is a problem with Microsoft's software or in any way a design flaw, etc. because we all know that storm that would cause. But, that being said, I would like to implore to the MVP gods on this list that they might possibly want to maybe suggest to Microsoft that they take a look at this for no other reason than to at least modify the wording on the check boxes. I mean Anonymous Authentication allowed and Allow computers which successfully authenticate... on the surface seems to indicate that yes, you can anonymously authenticate and relay messages, which I cannot imagine would ever really be very useful to anyone except a spammer. I mean, change the wording or add a checkbox to specifically allow, not allow relaying by anonymous authentication. Who knows, I don't want to start another freaking firestorm about how much I hate Microsoft, yadda, yadda. I guess my point is that it is OBVIOUSLY an issue specifically in a lot of small 1-50 person shops that use a single Exchange server for everything. This is where I have come in and seen it as a problem. There are exactly the people that don't generally have qualified IT help, thus because the default configuration seems to allow this kind of relaying issue it is a feature of the product that is adding to the overall spam problem on the Internet. Maybe the MVP gods and Microsoft care, maybe not, but I want to be absolutely clear that I do not care one iota, because if I did everyone would just tell me how stupid and ignorant and a wife beater I am. So, I don't care and please do not mistakenly believe that I care. God help us all if an MVP reads this, thinks I care and starts another massive thread of pointless arguing. It is possible that a user account was compromised ... but here is the scenario I had and what worked to fix it ... Setup: Win2K sp4; Exch 2k sp3 ; 5000 pop3/imap/mapi/http users on a closed user group (noted through ips in the relay tab ...) ; guest account disabled; SMTP Virtual Server Properties/Access Tab/Relay ... Allow all computers which successfully authenticate to relay, regardless of the list above. was checked ... Issue: My cues were huge; relaying may not have been going on (I did have a couple of external complaints that I was allowing relaying; but never made it on a list --- whew), but we were accepting the mail and then processing it internally; it was becoming a performance issue this internal processing is alluded to at http://support.microsoft.com/default.aspx?scid=3Dkb;EN-US;304897 ... = then we were getting our own NDR's back ... etc .. Solution: Unchecked SMTP Virtual Server Properties/Access Tab/Relay ... Allow all computers which successfully authenticate to relay, regardless of the list above. ... all the relaying (or attempt at it stopped) Comment: BTW, for external servers to communicate with you, it is the SMTP Virtual Server Properties/Access Tab/Authentication/Anonymous Access tab that must be checked P.S.: I tell users they can still pop their mail from outside our closed user group; but they must use their ISP's SMTP relay for sending mail or use OWA ... Mike -Original Message- From: Ken Cornetet [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 12:18 PM To: Exchange Discussions Subject: RE: Open Relay/Spamcop Exchange WILL relay for authenticated users (by default), and it doesn't have to be the guest account (though that is a common attack). Have you left your Administrator account named Administrator? Do you leak user IDs to the outside world? Web pages? Email addresses? IM aliases? Backups run under the user ID backup? Dictionary password attack. Spammers have lots of patience. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Deckler Sent: Thursday, December 18, 2003 12:11 PM To: Exchange Discussions Subject: RE: Open Relay/Spamcop This may very well be the case. I cannot say one way or another. When I have seen this, it has always been the case that I am there fixing something else and happen upon this problem, fix it and move on. I DO know that I have seen it on boxes where the Guest account is disabled, but that does not rule out the possibility that some other account was compromised. However, I would welcome any information that proves me otherwise. i.e. configure these settings, with the guest account disabled, and=20 prove that it actually will relay - not authenticated relay, that=20 doesn't count. If it is authenticated relay, it is because a password was compromised.=3D20 =20 =20 Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 =20 =20
RE: Open Relay/Spamcop
Me thinks thou dost protest t much!!! :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Deckler Posted At: Thursday, December 18, 2003 1:19 PM Posted To: Exchange Discussion Conversation: Open Relay/Spamcop Subject: RE: Open Relay/Spamcop I'm right there with you on this one. Since I do not know for an absolute FACT one way or the other it may indeed be the case that a guest account was used or that an account was compromised. And God forbid that I even merely hint or suggest that this is a problem with Microsoft's software or in any way a design flaw, etc. because we all know that storm that would cause. But, that being said, I would like to implore to the MVP gods on this list that they might possibly want to maybe suggest to Microsoft that they take a look at this for no other reason than to at least modify the wording on the check boxes. I mean Anonymous Authentication allowed and Allow computers which successfully authenticate... on the surface seems to indicate that yes, you can anonymously authenticate and relay messages, which I cannot imagine would ever really be very useful to anyone except a spammer. I mean, change the wording or add a checkbox to specifically allow, not allow relaying by anonymous authentication. Who knows, I don't want to start another freaking firestorm about how much I hate Microsoft, yadda, yadda. I guess my point is that it is OBVIOUSLY an issue specifically in a lot of small 1-50 person shops that use a single Exchange server for everything. This is where I have come in and seen it as a problem. There are exactly the people that don't generally have qualified IT help, thus because the default configuration seems to allow this kind of relaying issue it is a feature of the product that is adding to the overall spam problem on the Internet. Maybe the MVP gods and Microsoft care, maybe not, but I want to be absolutely clear that I do not care one iota, because if I did everyone would just tell me how stupid and ignorant and a wife beater I am. So, I don't care and please do not mistakenly believe that I care. God help us all if an MVP reads this, thinks I care and starts another massive thread of pointless arguing. It is possible that a user account was compromised ... but here is the scenario I had and what worked to fix it ... Setup: Win2K sp4; Exch 2k sp3 ; 5000 pop3/imap/mapi/http users on a closed user group (noted through ips in the relay tab ...) ; guest account disabled; SMTP Virtual Server Properties/Access Tab/Relay ... Allow all computers which successfully authenticate to relay, regardless of the list above. was checked ... Issue: My cues were huge; relaying may not have been going on (I did have a couple of external complaints that I was allowing relaying; but never made it on a list --- whew), but we were accepting the mail and then processing it internally; it was becoming a performance issue this internal processing is alluded to at http://support.microsoft.com/default.aspx?scid=3Dkb;EN-US;304897 ... = then we were getting our own NDR's back ... etc .. Solution: Unchecked SMTP Virtual Server Properties/Access Tab/Relay ... Allow all computers which successfully authenticate to relay, regardless of the list above. ... all the relaying (or attempt at it stopped) Comment: BTW, for external servers to communicate with you, it is the SMTP Virtual Server Properties/Access Tab/Authentication/Anonymous Access tab that must be checked P.S.: I tell users they can still pop their mail from outside our closed user group; but they must use their ISP's SMTP relay for sending mail or use OWA ... Mike -Original Message- From: Ken Cornetet [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 12:18 PM To: Exchange Discussions Subject: RE: Open Relay/Spamcop Exchange WILL relay for authenticated users (by default), and it doesn't have to be the guest account (though that is a common attack). Have you left your Administrator account named Administrator? Do you leak user IDs to the outside world? Web pages? Email addresses? IM aliases? Backups run under the user ID backup? Dictionary password attack. Spammers have lots of patience. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Deckler Sent: Thursday, December 18, 2003 12:11 PM To: Exchange Discussions Subject: RE: Open Relay/Spamcop This may very well be the case. I cannot say one way or another. When I have seen this, it has always been the case that I am there fixing something else and happen upon this problem, fix it and move on. I DO know that I have seen it on boxes where the Guest account is disabled, but that does not rule out the possibility that some other account was compromised. However, I would welcome any information that proves me otherwise. i.e. configure
RE: Open Relay/Spamcop
That probably was the case because someone guessed a username/password combination and they were able to successfully authenticate and relay mail. Sincerely, Andrey Fyodorov, Exchange MVP Systems Engineer Messaging and Collaboration Spherion -Original Message- From: Wohlgemuth, Mike [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 11:23 AM To: Exchange Discussions Subject: RE: Open Relay/Spamcop I concur with greg ... our server had those settings and we were being used as a relay ... turned off Allow all computers which successfully authenticate to relay, regardless of the list above. and that stopped it ... Mike -Original Message- From: Greg Deckler [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 11:17 AM To: Exchange Discussions Subject: Re: Open Relay/Spamcop This may or may not be the problem, but I have seen spammers able to relay off an Exchange server if the following configuration applies: 1. If Anonymous access is turned on. SMTP Virtual Server properties, Access page, Authentication. 2. And, Allow all computers which successfully authenticate to relay, regardless of the list above. is checked. SMTP Virtual Server properties, Access page, Relay. Hello All and Happy Holidays! I have a colleague whos Exchange 2000 server is being reported as Open Relay by spamcop for the past month. I have tested his relay by setting up a POP account in Outlook, putting the server that is being reported as Open relay as my Outgoing SMTP server. =20 When I try to send a message using Outlook, I get a return message that 550 5.7.1 Unable to relay. I am relieved that it could not relay. That is good, however, why then is spamcop still reporting it to be open relay? =20 I have checked (over the phone) all his Virtual SMTP Server settings to verify correct configuration. Everything seems to be checked or unchecked as recommended by Microsoft. We have Stopped/Started Services for SMTP The Exchange 2000 server is behind a NAT and I have looked into the possibility of this. I have been out on the spamcop site and for the life of me cannot find a way to make them check the server again to see if it is closed relay like ORDB does. =20 Any ideas or comments =20 Samantha Bridges Communications Technician Macomb Intermediate School District 44001 Garfield Road Clinton Township MI 48038-1100 (586) 228-3300 [EMAIL PROTECTED] http://www.misd.net CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. =20 _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Open Relay/Spamcop
Usually something simple like a Webmaster account with password password is a target of spammers. Sincerely, Andrey Fyodorov, Exchange MVP Systems Engineer Messaging and Collaboration Spherion -Original Message- From: Eric Fretz [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 11:49 AM To: Exchange Discussions Subject: RE: Open Relay/Spamcop I agree with Ben. My Exchange 2000 box at my last company was setup to allow realaying after sucessfuly authentication because I had POP3 clients at other offices that had no other SMTP gateway. Disabling the Guest account and forcing the users to change passwords every 30 days kept our risk at a minimum. We got tagged as a relay once, but forcing user password changes on the spot fixed the problem. Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 10:48 AM To: Exchange Discussions Subject: RE: Open Relay/Spamcop I still think you are smoking crack on this, Greg. I have never seen a properly configured Exchange 2000 server relay UNLESS a user account was compromised, or the guest account was enabled. I've tested it and tested again, and never found Exchange to relay with those settings. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Greg Deckler [mailto:[EMAIL PROTECTED] Posted At: Thursday, December 18, 2003 11:37 AM Posted To: Exchange (Swynk) Conversation: Open Relay/Spamcop Subject: RE: Open Relay/Spamcop Hey, thanks for the confirmation. People have told me that I am smoking crack and that the Exchange servers were horribly misconfigured. It's nice to know that I am not smoking crack. I concur with greg ... our server had those settings and we were being used as a relay ... turned off Allow all computers which successfully authenticate to relay, regardless of the list above. and that stopped it ... Mike -Original Message- From: Greg Deckler [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 11:17 AM To: Exchange Discussions Subject: Re: Open Relay/Spamcop This may or may not be the problem, but I have seen spammers able to relay off an Exchange server if the following configuration applies: 1. If Anonymous access is turned on. SMTP Virtual Server properties, Access page, Authentication. 2. And, Allow all computers which successfully authenticate to relay, regardless of the list above. is checked. SMTP Virtual Server properties, Access page, Relay. Hello All and Happy Holidays! =20 I have a colleague whos Exchange 2000 server is being reported as Open Relay by spamcop for the past month. I have tested his relay by=20 setting up a POP account in Outlook, putting the server that is being=20 reported as Open relay as my Outgoing SMTP server. =3D20 =20 When I try to send a message using Outlook, I get a return message that 550 5.7.1 Unable to relay. I am relieved that it could not relay. That is good, however, why then is spamcop still reporting it to be=20 open relay? =3D20 =20 I have checked (over the phone) all his Virtual SMTP Server settings=20 to verify correct configuration. Everything seems to be checked or=20 unchecked as recommended by Microsoft. =20 We have Stopped/Started Services for SMTP =20 The Exchange 2000 server is behind a NAT and I have looked into the=20 possibility of this. I have been out on the spamcop site and for the=20 life of me cannot find a way to make them check the server again to=20 see if it is closed relay like ORDB does. =3D20 =20 Any ideas or comments =3D20 =20 =20 =20 Samantha Bridges Communications Technician Macomb Intermediate School District 44001 Garfield Road Clinton Township MI 48038-1100 (586) 228-3300 =20 [EMAIL PROTECTED] http://www.misd.net =20 =20 CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain=20 confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended=20 recipient, please contact the sender by reply email and destroy all=20 copies of the original message. =20 =3D20 _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=3Dexchangetext_mo de=3D= lang=3Denglish To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter
RE: Open Relay/Spamcop
Well, I'm certainly glad we aren't resorting to any of them thar unprofessional personal attacks. That would be just terrible. Jim H -Original Message- From: Greg Deckler [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 2:19 PM To: Exchange Discussions Subject: RE: Open Relay/Spamcop I'm right there with you on this one. Since I do not know for an absolute FACT one way or the other it may indeed be the case that a guest account was used or that an account was compromised. And God forbid that I even merely hint or suggest that this is a problem with Microsoft's software or in any way a design flaw, etc. because we all know that storm that would cause. But, that being said, I would like to implore to the MVP gods on this list that they might possibly want to maybe suggest to Microsoft that they take a look at this for no other reason than to at least modify the wording on the check boxes. I mean Anonymous Authentication allowed and Allow computers which successfully authenticate... on the surface seems to indicate that yes, you can anonymously authenticate and relay messages, which I cannot imagine would ever really be very useful to anyone except a spammer. I mean, change the wording or add a checkbox to specifically allow, not allow relaying by anonymous authentication. Who knows, I don't want to start another freaking firestorm about how much I hate Microsoft, yadda, yadda. I guess my point is that it is OBVIOUSLY an issue specifically in a lot of small 1-50 person shops that use a single Exchange server for everything. This is where I have come in and seen it as a problem. There are exactly the people that don't generally have qualified IT help, thus because the default configuration seems to allow this kind of relaying issue it is a feature of the product that is adding to the overall spam problem on the Internet. Maybe the MVP gods and Microsoft care, maybe not, but I want to be absolutely clear that I do not care one iota, because if I did everyone would just tell me how stupid and ignorant and a wife beater I am. So, I don't care and please do not mistakenly believe that I care. God help us all if an MVP reads this, thinks I care and starts another massive thread of pointless arguing. It is possible that a user account was compromised ... but here is the scenario I had and what worked to fix it ... Setup: Win2K sp4; Exch 2k sp3 ; 5000 pop3/imap/mapi/http users on a closed user group (noted through ips in the relay tab ...) ; guest account disabled; SMTP Virtual Server Properties/Access Tab/Relay ... Allow all computers which successfully authenticate to relay, regardless of the list above. was checked ... Issue: My cues were huge; relaying may not have been going on (I did have a couple of external complaints that I was allowing relaying; but never made it on a list --- whew), but we were accepting the mail and then processing it internally; it was becoming a performance issue this internal processing is alluded to at http://support.microsoft.com/default.aspx?scid=3Dkb;EN-US;304897 ... = then we were getting our own NDR's back ... etc .. Solution: Unchecked SMTP Virtual Server Properties/Access Tab/Relay ... Allow all computers which successfully authenticate to relay, regardless of the list above. ... all the relaying (or attempt at it stopped) Comment: BTW, for external servers to communicate with you, it is the SMTP Virtual Server Properties/Access Tab/Authentication/Anonymous Access tab that must be checked P.S.: I tell users they can still pop their mail from outside our closed user group; but they must use their ISP's SMTP relay for sending mail or use OWA ... Mike -Original Message- From: Ken Cornetet [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 12:18 PM To: Exchange Discussions Subject: RE: Open Relay/Spamcop Exchange WILL relay for authenticated users (by default), and it doesn't have to be the guest account (though that is a common attack). Have you left your Administrator account named Administrator? Do you leak user IDs to the outside world? Web pages? Email addresses? IM aliases? Backups run under the user ID backup? Dictionary password attack. Spammers have lots of patience. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Deckler Sent: Thursday, December 18, 2003 12:11 PM To: Exchange Discussions Subject: RE: Open Relay/Spamcop This may very well be the case. I cannot say one way or another. When I have seen this, it has always been the case that I am there fixing something else and happen upon this problem, fix it and move on. I DO know that I have seen it on boxes where the Guest account is disabled, but that does not rule out the possibility that some other account was compromised. However, I would welcome any information that proves me otherwise. i.e
RE: Open Relay/Spamcop
I think Anonymous Access (not Anonymous Authentication Allowed) and Allow computers which successfully authenticate to relay settings belong in different contexts. One context is about *simply being able to connect to the SMTP virtual server*, the other context is about being able to relay. I think you are extrapolating too much. Somehow it never dawned on me to merge these two contexts. Maybe because I had seen similar setting in many other SMTP server packages before. Sincerely, Andrey Fyodorov, Exchange MVP Systems Engineer Messaging and Collaboration Spherion P.S. if you turn off Anonymous Access, expect to never receive any mail from the Internet. -Original Message- From: Greg Deckler [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 2:19 PM To: Exchange Discussions Subject: RE: Open Relay/Spamcop I'm right there with you on this one. Since I do not know for an absolute FACT one way or the other it may indeed be the case that a guest account was used or that an account was compromised. And God forbid that I even merely hint or suggest that this is a problem with Microsoft's software or in any way a design flaw, etc. because we all know that storm that would cause. But, that being said, I would like to implore to the MVP gods on this list that they might possibly want to maybe suggest to Microsoft that they take a look at this for no other reason than to at least modify the wording on the check boxes. I mean Anonymous Authentication allowed and Allow computers which successfully authenticate... on the surface seems to indicate that yes, you can anonymously authenticate and relay messages, which I cannot imagine would ever really be very useful to anyone except a spammer. I mean, change the wording or add a checkbox to specifically allow, not allow relaying by anonymous authentication. Who knows, I don't want to start another freaking firestorm about how much I hate Microsoft, yadda, yadda. I guess my point is that it is OBVIOUSLY an issue specifically in a lot of small 1-50 person shops that use a single Exchange server for everything. This is where I have come in and seen it as a problem. There are exactly the people that don't generally have qualified IT help, thus because the default configuration seems to allow this kind of relaying issue it is a feature of the product that is adding to the overall spam problem on the Internet. Maybe the MVP gods and Microsoft care, maybe not, but I want to be absolutely clear that I do not care one iota, because if I did everyone would just tell me how stupid and ignorant and a wife beater I am. So, I don't care and please do not mistakenly believe that I care. God help us all if an MVP reads this, thinks I care and starts another massive thread of pointless arguing. It is possible that a user account was compromised ... but here is the scenario I had and what worked to fix it ... Setup: Win2K sp4; Exch 2k sp3 ; 5000 pop3/imap/mapi/http users on a closed user group (noted through ips in the relay tab ...) ; guest account disabled; SMTP Virtual Server Properties/Access Tab/Relay ... Allow all computers which successfully authenticate to relay, regardless of the list above. was checked ... Issue: My cues were huge; relaying may not have been going on (I did have a couple of external complaints that I was allowing relaying; but never made it on a list --- whew), but we were accepting the mail and then processing it internally; it was becoming a performance issue this internal processing is alluded to at http://support.microsoft.com/default.aspx?scid=3Dkb;EN-US;304897 ... = then we were getting our own NDR's back ... etc .. Solution: Unchecked SMTP Virtual Server Properties/Access Tab/Relay ... Allow all computers which successfully authenticate to relay, regardless of the list above. ... all the relaying (or attempt at it stopped) Comment: BTW, for external servers to communicate with you, it is the SMTP Virtual Server Properties/Access Tab/Authentication/Anonymous Access tab that must be checked P.S.: I tell users they can still pop their mail from outside our closed user group; but they must use their ISP's SMTP relay for sending mail or use OWA ... Mike -Original Message- From: Ken Cornetet [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 12:18 PM To: Exchange Discussions Subject: RE: Open Relay/Spamcop Exchange WILL relay for authenticated users (by default), and it doesn't have to be the guest account (though that is a common attack). Have you left your Administrator account named Administrator? Do you leak user IDs to the outside world? Web pages? Email addresses? IM aliases? Backups run under the user ID backup? Dictionary password attack. Spammers have lots of patience. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Deckler Sent: Thursday, December 18, 2003 12:11 PM
RE: Open Relay/Spamcop
Not in this thread, anyway. The authentication hole exists when someone hacks a password. If you need to allow authentication, you should consider doing this with a virtual server that is not exposed to the Internet. If you do expose your SMTP to the Internet with authentication, you should, at a minimum, restrict the accounts that can use it, force the use of SSL, and enforce strong password policies. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Deckler Sent: Thursday, December 18, 2003 8:37 AM To: Exchange Discussions Subject: RE: Open Relay/Spamcop Hey, thanks for the confirmation. People have told me that I am smoking crack and that the Exchange servers were horribly misconfigured. It's nice to know that I am not smoking crack. I concur with greg ... our server had those settings and we were being used as a relay ... turned off Allow all computers which successfully authenticate to relay, regardless of the list above. and that stopped it ... Mike -Original Message- From: Greg Deckler [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 11:17 AM To: Exchange Discussions Subject: Re: Open Relay/Spamcop This may or may not be the problem, but I have seen spammers able to relay off an Exchange server if the following configuration applies: 1. If Anonymous access is turned on. SMTP Virtual Server properties, Access page, Authentication. 2. And, Allow all computers which successfully authenticate to relay, regardless of the list above. is checked. SMTP Virtual Server properties, Access page, Relay. Hello All and Happy Holidays! =20 I have a colleague whos Exchange 2000 server is being reported as Open Relay by spamcop for the past month. I have tested his relay by=20 setting up a POP account in Outlook, putting the server that is being=20 reported as Open relay as my Outgoing SMTP server. =3D20 =20 When I try to send a message using Outlook, I get a return message that 550 5.7.1 Unable to relay. I am relieved that it could not relay. That is good, however, why then is spamcop still reporting it to be=20 open relay? =3D20 =20 I have checked (over the phone) all his Virtual SMTP Server settings=20 to verify correct configuration. Everything seems to be checked or=20 unchecked as recommended by Microsoft. =20 We have Stopped/Started Services for SMTP =20 The Exchange 2000 server is behind a NAT and I have looked into the=20 possibility of this. I have been out on the spamcop site and for the=20 life of me cannot find a way to make them check the server again to=20 see if it is closed relay like ORDB does. =3D20 =20 Any ideas or comments =3D20 =20 =20 =20 Samantha Bridges Communications Technician Macomb Intermediate School District 44001 Garfield Road Clinton Township MI 48038-1100 (586) 228-3300 =20 [EMAIL PROTECTED] http://www.misd.net =20 =20 CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain=20 confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended=20 recipient, please contact the sender by reply email and destroy all=20 copies of the original message. =20 =3D20 _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=3Dexchangetext_mo de=3D= lang=3Denglish To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Open Relay/Spamcop
Strong passwords mean much more than forced changes. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fretz Sent: Thursday, December 18, 2003 8:49 AM To: Exchange Discussions Subject: RE: Open Relay/Spamcop I agree with Ben. My Exchange 2000 box at my last company was setup to allow realaying after sucessfuly authentication because I had POP3 clients at other offices that had no other SMTP gateway. Disabling the Guest account and forcing the users to change passwords every 30 days kept our risk at a minimum. We got tagged as a relay once, but forcing user password changes on the spot fixed the problem. Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 10:48 AM To: Exchange Discussions Subject: RE: Open Relay/Spamcop I still think you are smoking crack on this, Greg. I have never seen a properly configured Exchange 2000 server relay UNLESS a user account was compromised, or the guest account was enabled. I've tested it and tested again, and never found Exchange to relay with those settings. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Greg Deckler [mailto:[EMAIL PROTECTED] Posted At: Thursday, December 18, 2003 11:37 AM Posted To: Exchange (Swynk) Conversation: Open Relay/Spamcop Subject: RE: Open Relay/Spamcop Hey, thanks for the confirmation. People have told me that I am smoking crack and that the Exchange servers were horribly misconfigured. It's nice to know that I am not smoking crack. I concur with greg ... our server had those settings and we were being used as a relay ... turned off Allow all computers which successfully authenticate to relay, regardless of the list above. and that stopped it ... Mike -Original Message- From: Greg Deckler [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 11:17 AM To: Exchange Discussions Subject: Re: Open Relay/Spamcop This may or may not be the problem, but I have seen spammers able to relay off an Exchange server if the following configuration applies: 1. If Anonymous access is turned on. SMTP Virtual Server properties, Access page, Authentication. 2. And, Allow all computers which successfully authenticate to relay, regardless of the list above. is checked. SMTP Virtual Server properties, Access page, Relay. Hello All and Happy Holidays! =20 I have a colleague whos Exchange 2000 server is being reported as Open Relay by spamcop for the past month. I have tested his relay by=20 setting up a POP account in Outlook, putting the server that is being=20 reported as Open relay as my Outgoing SMTP server. =3D20 =20 When I try to send a message using Outlook, I get a return message that 550 5.7.1 Unable to relay. I am relieved that it could not relay. That is good, however, why then is spamcop still reporting it to be=20 open relay? =3D20 =20 I have checked (over the phone) all his Virtual SMTP Server settings=20 to verify correct configuration. Everything seems to be checked or=20 unchecked as recommended by Microsoft. =20 We have Stopped/Started Services for SMTP =20 The Exchange 2000 server is behind a NAT and I have looked into the=20 possibility of this. I have been out on the spamcop site and for the=20 life of me cannot find a way to make them check the server again to=20 see if it is closed relay like ORDB does. =3D20 =20 Any ideas or comments =3D20 =20 =20 =20 Samantha Bridges Communications Technician Macomb Intermediate School District 44001 Garfield Road Clinton Township MI 48038-1100 (586) 228-3300 =20 [EMAIL PROTECTED] http://www.misd.net =20 =20 CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain=20 confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended=20 recipient, please contact the sender by reply email and destroy all=20 copies of the original message. =20 =3D20 _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=3Dexchangetext_mo de=3D= lang=3Denglish To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter
RE: Open Relay/Spamcop
Weak passwords. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Winzenz Sent: Thursday, December 18, 2003 8:51 AM To: Exchange Discussions Subject: RE: Open Relay/Spamcop However, I would welcome any information that proves me otherwise. i.e. configure these settings, with the guest account disabled, and prove that it actually will relay - not authenticated relay, that doesn't count. If it is authenticated relay, it is because a password was compromised. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Ben Winzenz Posted At: Thursday, December 18, 2003 11:48 AM Posted To: Exchange (Swynk) Conversation: Open Relay/Spamcop Subject: RE: Open Relay/Spamcop I still think you are smoking crack on this, Greg. I have never seen a properly configured Exchange 2000 server relay UNLESS a user account was compromised, or the guest account was enabled. I've tested it and tested again, and never found Exchange to relay with those settings. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Greg Deckler [mailto:[EMAIL PROTECTED] Posted At: Thursday, December 18, 2003 11:37 AM Posted To: Exchange (Swynk) Conversation: Open Relay/Spamcop Subject: RE: Open Relay/Spamcop Hey, thanks for the confirmation. People have told me that I am smoking crack and that the Exchange servers were horribly misconfigured. It's nice to know that I am not smoking crack. I concur with greg ... our server had those settings and we were being used as a relay ... turned off Allow all computers which successfully authenticate to relay, regardless of the list above. and that stopped it ... Mike -Original Message- From: Greg Deckler [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 11:17 AM To: Exchange Discussions Subject: Re: Open Relay/Spamcop This may or may not be the problem, but I have seen spammers able to relay off an Exchange server if the following configuration applies: 1. If Anonymous access is turned on. SMTP Virtual Server properties, Access page, Authentication. 2. And, Allow all computers which successfully authenticate to relay, regardless of the list above. is checked. SMTP Virtual Server properties, Access page, Relay. Hello All and Happy Holidays! =20 I have a colleague whos Exchange 2000 server is being reported as Open Relay by spamcop for the past month. I have tested his relay by=20 setting up a POP account in Outlook, putting the server that is being=20 reported as Open relay as my Outgoing SMTP server. =3D20 =20 When I try to send a message using Outlook, I get a return message that 550 5.7.1 Unable to relay. I am relieved that it could not relay. That is good, however, why then is spamcop still reporting it to be=20 open relay? =3D20 =20 I have checked (over the phone) all his Virtual SMTP Server settings=20 to verify correct configuration. Everything seems to be checked or=20 unchecked as recommended by Microsoft. =20 We have Stopped/Started Services for SMTP =20 The Exchange 2000 server is behind a NAT and I have looked into the=20 possibility of this. I have been out on the spamcop site and for the=20 life of me cannot find a way to make them check the server again to=20 see if it is closed relay like ORDB does. =3D20 =20 Any ideas or comments =3D20 =20 =20 =20 Samantha Bridges Communications Technician Macomb Intermediate School District 44001 Garfield Road Clinton Township MI 48038-1100 (586) 228-3300 =20 [EMAIL PROTECTED] http://www.misd.net =20 =20 CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain=20 confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended=20 recipient, please contact the sender by reply email and destroy all=20 copies of the original message. =20 =3D20 _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=3Dexchangetext_mo de=3D= lang=3Denglish To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List
RE: Open Relay/Spamcop
Rest assured that this topic has been discussed by us vendor whores. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Deckler Sent: Thursday, December 18, 2003 11:19 AM To: Exchange Discussions Subject: RE: Open Relay/Spamcop I'm right there with you on this one. Since I do not know for an absolute FACT one way or the other it may indeed be the case that a guest account was used or that an account was compromised. And God forbid that I even merely hint or suggest that this is a problem with Microsoft's software or in any way a design flaw, etc. because we all know that storm that would cause. But, that being said, I would like to implore to the MVP gods on this list that they might possibly want to maybe suggest to Microsoft that they take a look at this for no other reason than to at least modify the wording on the check boxes. I mean Anonymous Authentication allowed and Allow computers which successfully authenticate... on the surface seems to indicate that yes, you can anonymously authenticate and relay messages, which I cannot imagine would ever really be very useful to anyone except a spammer. I mean, change the wording or add a checkbox to specifically allow, not allow relaying by anonymous authentication. Who knows, I don't want to start another freaking firestorm about how much I hate Microsoft, yadda, yadda. I guess my point is that it is OBVIOUSLY an issue specifically in a lot of small 1-50 person shops that use a single Exchange server for everything. This is where I have come in and seen it as a problem. There are exactly the people that don't generally have qualified IT help, thus because the default configuration seems to allow this kind of relaying issue it is a feature of the product that is adding to the overall spam problem on the Internet. Maybe the MVP gods and Microsoft care, maybe not, but I want to be absolutely clear that I do not care one iota, because if I did everyone would just tell me how stupid and ignorant and a wife beater I am. So, I don't care and please do not mistakenly believe that I care. God help us all if an MVP reads this, thinks I care and starts another massive thread of pointless arguing. It is possible that a user account was compromised ... but here is the scenario I had and what worked to fix it ... Setup: Win2K sp4; Exch 2k sp3 ; 5000 pop3/imap/mapi/http users on a closed user group (noted through ips in the relay tab ...) ; guest account disabled; SMTP Virtual Server Properties/Access Tab/Relay ... Allow all computers which successfully authenticate to relay, regardless of the list above. was checked ... Issue: My cues were huge; relaying may not have been going on (I did have a couple of external complaints that I was allowing relaying; but never made it on a list --- whew), but we were accepting the mail and then processing it internally; it was becoming a performance issue this internal processing is alluded to at http://support.microsoft.com/default.aspx?scid=3Dkb;EN-US;304897 ... = then we were getting our own NDR's back ... etc .. Solution: Unchecked SMTP Virtual Server Properties/Access Tab/Relay ... Allow all computers which successfully authenticate to relay, regardless of the list above. ... all the relaying (or attempt at it stopped) Comment: BTW, for external servers to communicate with you, it is the SMTP Virtual Server Properties/Access Tab/Authentication/Anonymous Access tab that must be checked P.S.: I tell users they can still pop their mail from outside our closed user group; but they must use their ISP's SMTP relay for sending mail or use OWA ... Mike -Original Message- From: Ken Cornetet [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 12:18 PM To: Exchange Discussions Subject: RE: Open Relay/Spamcop Exchange WILL relay for authenticated users (by default), and it doesn't have to be the guest account (though that is a common attack). Have you left your Administrator account named Administrator? Do you leak user IDs to the outside world? Web pages? Email addresses? IM aliases? Backups run under the user ID backup? Dictionary password attack. Spammers have lots of patience. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Deckler Sent: Thursday, December 18, 2003 12:11 PM To: Exchange Discussions Subject: RE: Open Relay/Spamcop This may very well be the case. I cannot say one way or another. When I have seen this, it has always been the case that I am there fixing something else and happen upon this problem, fix it and move on. I DO know that I have seen it on boxes where the Guest account is disabled, but that does not rule out the possibility that some other account was compromised. However
RE: Open Relay/Spamcop
talking dirty like that just gets me pumped up for the weekend ... yum ... thanks for all the input (all puns intended that relate to vendor whores) Mike -Original Message- From: Ed Crowley [MVP] [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 4:35 PM To: Exchange Discussions Subject: RE: Open Relay/Spamcop Rest assured that this topic has been discussed by us vendor whores. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Deckler Sent: Thursday, December 18, 2003 11:19 AM To: Exchange Discussions Subject: RE: Open Relay/Spamcop I'm right there with you on this one. Since I do not know for an absolute FACT one way or the other it may indeed be the case that a guest account was used or that an account was compromised. And God forbid that I even merely hint or suggest that this is a problem with Microsoft's software or in any way a design flaw, etc. because we all know that storm that would cause. But, that being said, I would like to implore to the MVP gods on this list that they might possibly want to maybe suggest to Microsoft that they take a look at this for no other reason than to at least modify the wording on the check boxes. I mean Anonymous Authentication allowed and Allow computers which successfully authenticate... on the surface seems to indicate that yes, you can anonymously authenticate and relay messages, which I cannot imagine would ever really be very useful to anyone except a spammer. I mean, change the wording or add a checkbox to specifically allow, not allow relaying by anonymous authentication. Who knows, I don't want to start another freaking firestorm about how much I hate Microsoft, yadda, yadda. I guess my point is that it is OBVIOUSLY an issue specifically in a lot of small 1-50 person shops that use a single Exchange server for everything. This is where I have come in and seen it as a problem. There are exactly the people that don't generally have qualified IT help, thus because the default configuration seems to allow this kind of relaying issue it is a feature of the product that is adding to the overall spam problem on the Internet. Maybe the MVP gods and Microsoft care, maybe not, but I want to be absolutely clear that I do not care one iota, because if I did everyone would just tell me how stupid and ignorant and a wife beater I am. So, I don't care and please do not mistakenly believe that I care. God help us all if an MVP reads this, thinks I care and starts another massive thread of pointless arguing. It is possible that a user account was compromised ... but here is the scenario I had and what worked to fix it ... Setup: Win2K sp4; Exch 2k sp3 ; 5000 pop3/imap/mapi/http users on a closed user group (noted through ips in the relay tab ...) ; guest account disabled; SMTP Virtual Server Properties/Access Tab/Relay ... Allow all computers which successfully authenticate to relay, regardless of the list above. was checked ... Issue: My cues were huge; relaying may not have been going on (I did have a couple of external complaints that I was allowing relaying; but never made it on a list --- whew), but we were accepting the mail and then processing it internally; it was becoming a performance issue this internal processing is alluded to at http://support.microsoft.com/default.aspx?scid=3Dkb;EN-US;304897 ... = then we were getting our own NDR's back ... etc .. Solution: Unchecked SMTP Virtual Server Properties/Access Tab/Relay ... Allow all computers which successfully authenticate to relay, regardless of the list above. ... all the relaying (or attempt at it stopped) Comment: BTW, for external servers to communicate with you, it is the SMTP Virtual Server Properties/Access Tab/Authentication/Anonymous Access tab that must be checked P.S.: I tell users they can still pop their mail from outside our closed user group; but they must use their ISP's SMTP relay for sending mail or use OWA ... Mike -Original Message- From: Ken Cornetet [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 12:18 PM To: Exchange Discussions Subject: RE: Open Relay/Spamcop Exchange WILL relay for authenticated users (by default), and it doesn't have to be the guest account (though that is a common attack). Have you left your Administrator account named Administrator? Do you leak user IDs to the outside world? Web pages? Email addresses? IM aliases? Backups run under the user ID backup? Dictionary password attack. Spammers have lots of patience. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Deckler Sent: Thursday, December 18, 2003 12:11 PM To: Exchange Discussions Subject: RE: Open Relay/Spamcop This may very well be the case. I cannot say one way
RE: Open Relay/Spamcop
Excuse me, I have to go yell at the posters over in the IPCop mailing list. They keep mailing to the list, even though I haven't read it in weeks! Of all the nerve. Jim H -Original Message- From: Wohlgemuth, Mike [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 5:19 PM To: Exchange Discussions Subject: RE: Open Relay/Spamcop talking dirty like that just gets me pumped up for the weekend ... yum ... thanks for all the input (all puns intended that relate to vendor whores) Mike -Original Message- From: Ed Crowley [MVP] [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 4:35 PM To: Exchange Discussions Subject: RE: Open Relay/Spamcop Rest assured that this topic has been discussed by us vendor whores. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Deckler Sent: Thursday, December 18, 2003 11:19 AM To: Exchange Discussions Subject: RE: Open Relay/Spamcop I'm right there with you on this one. Since I do not know for an absolute FACT one way or the other it may indeed be the case that a guest account was used or that an account was compromised. And God forbid that I even merely hint or suggest that this is a problem with Microsoft's software or in any way a design flaw, etc. because we all know that storm that would cause. But, that being said, I would like to implore to the MVP gods on this list that they might possibly want to maybe suggest to Microsoft that they take a look at this for no other reason than to at least modify the wording on the check boxes. I mean Anonymous Authentication allowed and Allow computers which successfully authenticate... on the surface seems to indicate that yes, you can anonymously authenticate and relay messages, which I cannot imagine would ever really be very useful to anyone except a spammer. I mean, change the wording or add a checkbox to specifically allow, not allow relaying by anonymous authentication. Who knows, I don't want to start another freaking firestorm about how much I hate Microsoft, yadda, yadda. I guess my point is that it is OBVIOUSLY an issue specifically in a lot of small 1-50 person shops that use a single Exchange server for everything. This is where I have come in and seen it as a problem. There are exactly the people that don't generally have qualified IT help, thus because the default configuration seems to allow this kind of relaying issue it is a feature of the product that is adding to the overall spam problem on the Internet. Maybe the MVP gods and Microsoft care, maybe not, but I want to be absolutely clear that I do not care one iota, because if I did everyone would just tell me how stupid and ignorant and a wife beater I am. So, I don't care and please do not mistakenly believe that I care. God help us all if an MVP reads this, thinks I care and starts another massive thread of pointless arguing. It is possible that a user account was compromised ... but here is the scenario I had and what worked to fix it ... Setup: Win2K sp4; Exch 2k sp3 ; 5000 pop3/imap/mapi/http users on a closed user group (noted through ips in the relay tab ...) ; guest account disabled; SMTP Virtual Server Properties/Access Tab/Relay ... Allow all computers which successfully authenticate to relay, regardless of the list above. was checked ... Issue: My cues were huge; relaying may not have been going on (I did have a couple of external complaints that I was allowing relaying; but never made it on a list --- whew), but we were accepting the mail and then processing it internally; it was becoming a performance issue this internal processing is alluded to at http://support.microsoft.com/default.aspx?scid=3Dkb;EN-US;304897 ... = then we were getting our own NDR's back ... etc .. Solution: Unchecked SMTP Virtual Server Properties/Access Tab/Relay ... Allow all computers which successfully authenticate to relay, regardless of the list above. ... all the relaying (or attempt at it stopped) Comment: BTW, for external servers to communicate with you, it is the SMTP Virtual Server Properties/Access Tab/Authentication/Anonymous Access tab that must be checked P.S.: I tell users they can still pop their mail from outside our closed user group; but they must use their ISP's SMTP relay for sending mail or use OWA ... Mike -Original Message- From: Ken Cornetet [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 12:18 PM To: Exchange Discussions Subject: RE: Open Relay/Spamcop Exchange WILL relay for authenticated users (by default), and it doesn't have to be the guest account (though that is a common attack). Have you left your Administrator account named Administrator? Do you leak user IDs to the outside world? Web pages? Email addresses? IM aliases? Backups run
RE: Open Relay/Spamcop
And... Rest assured that this topic has been discussed by us vendor whores. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Deckler Sent: Thursday, December 18, 2003 11:19 AM To: Exchange Discussions Subject: RE: Open Relay/Spamcop _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Re: Spam Clogging the IMC Queue -- Feigning Open Relay
Let me answer my own question. Those spammers were using authentication to logon to SMTP server of our Exchange. Once we saw what user account was being used and disabled it, problem went away. (Due to POP3 users, we have to allow routing thru authentication.) Jay Kulsh Please visit http://www.cancer-treatment.net - Original Message - From: Jay Kulsh To: Exchange Discussions Sent: Sunday, November 02, 2003 9:17 PM Subject: Spam Clogging the IMC Queue -- Feigning Open Relay Hi folks, We do not have open relay on our two Exchange servers (5.5 SP4) as tested by various tools. However in the queue of IMC, there are thousand of messages that have outside domains in both source and destination addresses. The addresses of originators are obviously computer generated with words like [EMAIL PROTECTED], [EMAIL PROTECTED] etc. We have no proof yet that any of these messages are actually delivered -- as if we were open realy -- to the destination domain but that is a possibility. Symantec techsupport stated that they are not aware of any virus or worm that can do this. If we are not allowing open-relay what is causing these messages to get to our IMC queue? Please help! Jay __ Jay Kulsh iLAN Pasadena, CA _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Re: Spam Clogging the IMC Queue -- Feigning Open Relay
Hi I had a similar problem as we have a lot of mobile users. Unfortunately the authentication seemed temperamental depending on which ISP you were using, so forced everybody to use the VPN and restricted routing to internal IP's only. I think that did the trick, but I wouldn't be surprised if the spammers find a way around it. Bye Ali - Original Message - From: Jay Kulsh [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, November 03, 2003 12:11 PM Subject: Re: Spam Clogging the IMC Queue -- Feigning Open Relay Let me answer my own question. Those spammers were using authentication to logon to SMTP server of our Exchange. Once we saw what user account was being used and disabled it, problem went away. (Due to POP3 users, we have to allow routing thru authentication.) Jay Kulsh Please visit http://www.cancer-treatment.net - Original Message - From: Jay Kulsh To: Exchange Discussions Sent: Sunday, November 02, 2003 9:17 PM Subject: Spam Clogging the IMC Queue -- Feigning Open Relay Hi folks, We do not have open relay on our two Exchange servers (5.5 SP4) as tested by various tools. However in the queue of IMC, there are thousand of messages that have outside domains in both source and destination addresses. The addresses of originators are obviously computer generated with words like [EMAIL PROTECTED], [EMAIL PROTECTED] etc. We have no proof yet that any of these messages are actually delivered -- as if we were open realy -- to the destination domain but that is a possibility. Symantec techsupport stated that they are not aware of any virus or worm that can do this. If we are not allowing open-relay what is causing these messages to get to our IMC queue? Please help! Jay __ Jay Kulsh iLAN Pasadena, CA _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Spam Clogging the IMC Queue -- Feigning Open Relay
Excuse me. Symantec said they weren't aware of any virus that can put dummy addresses in the To and From fields? I find that hard to believe since the Klez virus, among others, does this very thing and they are certainly aware of that virus. As for your original issue about the spam delete the messages that you know are spam and re-check your open relay situation. It sounds like there is a hole somewhere that you didn't plug. Check Q articles Q260973 Q265293 Q313395 Nate Couch EDS Messaging -- From: Jay Kulsh Reply To: Exchange Discussions Sent: Sunday, November 2, 2003 11:17 PM To: Exchange Discussions Subject: Spam Clogging the IMC Queue -- Feigning Open Relay Hi folks, We do not have open relay on our two Exchange servers (5.5 SP4) as tested by various tools. However in the queue of IMC, there are thousand of messages that have outside domains in both source and destination addresses. The addresses of originators are obviously computer generated with words like [EMAIL PROTECTED], [EMAIL PROTECTED] etc. We have no proof yet that any of these messages are actually delivered -- as if we were open realy -- to the destination domain but that is a possibility. Symantec techsupport stated that they are not aware of any virus or worm that can do this. If we are not allowing open-relay what is causing these messages to get to our IMC queue? Please help! Jay __ Jay Kulsh iLAN Pasadena, CA _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=la ng=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Spam Clogging the IMC Queue -- Feigning Open Relay
Hi folks, We do not have open relay on our two Exchange servers (5.5 SP4) as tested by various tools. However in the queue of IMC, there are thousand of messages that have outside domains in both source and destination addresses. The addresses of originators are obviously computer generated with words like [EMAIL PROTECTED], [EMAIL PROTECTED] etc. We have no proof yet that any of these messages are actually delivered -- as if we were open realy -- to the destination domain but that is a possibility. Symantec techsupport stated that they are not aware of any virus or worm that can do this. If we are not allowing open-relay what is causing these messages to get to our IMC queue? Please help! Jay __ Jay Kulsh iLAN Pasadena, CA _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Open relay issues
Okay, I'm still looking through the archives and stuff, but it's late, so I'll post this before I call it a night. Client has a server that suddenly shuts down. I reboot and troubleshoot, to find literally TENS OF THOUSANDS of items in the badmail folder. All dated within the last two or three days. The server had shut down because the drive ran out of space. So I clear that up and start nosing around.. I check for open relay (telnet), and can't find any problem. I start to think maybe this is a SoBig.F issue, until I read some of the NDRs. Within fifteen minutes, badmail starts to accumulate again. I look further, and see a connection in the OPEN SESSIONS section of System Manager. I kill the connection after jotting down some details. Queues are just jammed full of crap - Viagra ads, etc. I clear this out again, along with badmail, and start watching. Sure enough, a short time later, someone from the same IP subnet connects and it starts all over. I look through a ton of articles on open relay, and everything checks out. Then, I run this test: http://tools.appriver.com/openrelay.php http://tools.appriver.com/openrelay.php which basically tries to relay using various combinations of addressing formats. Test #14 fails Test #16 fails Test #28 fails #14 uses a rcpt to format of RCPT TO: [EMAIL PROTECTED] Notice the quotes. #16 uses RCPT TO: relaytest%appriver.com Notice the quotes and the % #28 uses RCPT TO: appriver.com!relaytest notice the format there. I manually tried each on via telnet against the server. Sure enough, the server doesn't complain. But every one bounces back with an NDR complaining about the recipient address. So my belief is that they're attempting one (or more) of these methods, and all of them are bouncing, causing the badmail problem. My question is, how do I close this hole? Server is Win2k SBS SP4, E2k SP3. Connection is firewalled T1. Any help would be greatly appreciated. Thanks! [EMAIL PROTECTED])j¹%Ë\¢oâùr®+)éíz·±r§ë^ÆuéZ§X¬ :.±Êâm[hæ¯yì\ ©àz[,Ã)ärÅÈZËZvh§+-iÌ2G(
Re: Open relay issues
Those aren't relay failures, there's nothing to fix. They are (exclusively I think) tests for other mail servers which at one point used to incorrectly relay mail formatted like that. Exchange does not. My server 'fails' the same tests. If you crank up logging on the SMTP conversation what addresses is the connecting IP address sending to? From: Pat Richard [EMAIL PROTECTED] Reply-To: Exchange Discussions [EMAIL PROTECTED] Date: Thu, 4 Sep 2003 23:25:10 -0400 To: Exchange Discussions [EMAIL PROTECTED] Subject: Open relay issues Okay, I'm still looking through the archives and stuff, but it's late, so I'll post this before I call it a night. Client has a server that suddenly shuts down. I reboot and troubleshoot, to find literally TENS OF THOUSANDS of items in the badmail folder. All dated within the last two or three days. The server had shut down because the drive ran out of space. So I clear that up and start nosing around.. I check for open relay (telnet), and can't find any problem. I start to think maybe this is a SoBig.F issue, until I read some of the NDRs. Within fifteen minutes, badmail starts to accumulate again. I look further, and see a connection in the OPEN SESSIONS section of System Manager. I kill the connection after jotting down some details. Queues are just jammed full of crap - Viagra ads, etc. I clear this out again, along with badmail, and start watching. Sure enough, a short time later, someone from the same IP subnet connects and it starts all over. I look through a ton of articles on open relay, and everything checks out. Then, I run this test: http://tools.appriver.com/openrelay.php http://tools.appriver.com/openrelay.php which basically tries to relay using various combinations of addressing formats. Test #14 fails Test #16 fails Test #28 fails #14 uses a rcpt to format of RCPT TO: [EMAIL PROTECTED] Notice the quotes. #16 uses RCPT TO: relaytest%appriver.com Notice the quotes and the % #28 uses RCPT TO: appriver.com!relaytest notice the format there. I manually tried each on via telnet against the server. Sure enough, the server doesn't complain. But every one bounces back with an NDR complaining about the recipient address. So my belief is that they're attempting one (or more) of these methods, and all of them are bouncing, causing the badmail problem. My question is, how do I close this hole? Server is Win2k SBS SP4, E2k SP3. Connection is firewalled T1. Any help would be greatly appreciated. Thanks! _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Not Open Relay, but...
That's not entirely correct. Go to the properties of your IMS / Connections tab and in the Message Filtering section, add @enterainmentmail.net...then stop/start you IMS service. It will then drop all e-mail from that domain. -Original Message- From: Dave Mills [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 5:02 PM To: Exchange Discussions Subject: Re: Not Open Relay, but... Your mail system is accepting a mail for an invalid address (i.e. [EMAIL PROTECTED]), and since it couldn't deliver it it's trying to send a message back to the sender telling them it couldn't deliver the message. But in this case, the spammer forged the sender address, so your mail server is sending you NDRs because it can't send the original NDR back to the spoofed address. Make sense? There's not much you can do with Exchange 5.5 to avoid this situation unless the spammer is using a single IP address that you can block from being able to send mail into your system. - Dave - Original Message - From: Woods, Tony [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Thursday, June 26, 2003 4:26 PM Subject: RE: Not Open Relay, but... Thanks. I've also cut down the Notifications to just 'Host not Found'. One of the NDR's looks like this A mail message could not be sent because the following host is unknown: smdv231.entertainmentmail.net The message that caused this notification was: To: [EMAIL PROTECTED] From: Subject: Undeliverable: Sales manager or Marketing dept - Is this is a Relay, shouldn't I not be accepting it in the first place? Thanks for all the insight so far... Cheers, Tony -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 1:30 PM To: Exchange Discussions Subject: RE: Not Open Relay, but... They're just using dfg.com. Don't bother your MX record. -Original Message- From: Woods, Tony [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 1:37 PM To: Exchange Discussions Subject: RE: Not Open Relay, but... Thanks, Jim. Just so I'm clear, it's not uncommon to have over 10,000 messages sitting in the IMS queue after 8hrs? I have another site where the IMS has hardly any messages sitting in there so this is why I am concerned. What if I changed the MX record's IP address, would that help slow it down a little or are they just using dfg.com? Cheers, Tony -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 10:10 AM To: Exchange Discussions Subject: RE: Not Open Relay, but... Tony, Open up the properties page of your IMS Connection, go to the Internet Mail tab and click on the Notifications... button. My guess would be that you have the Always send notifications when non-delivery reports are generated radio button clicked. If that is the case, select the second choice and uncheck the options that you don't want. I receive anywhere from 3,000 to 10,000 ndrs a day, from spammers trying to brute force their spam through the system. I track the NDRs to create a spreadsheet for management, showing them the exponential growth of spam and the load it is placing on the servers, in order to justify new servers. Jim -Original Message- From: Woods, Tony [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 9:58 AM To: Exchange Discussions Subject: RE: Not Open Relay, but... I've tested via telnet and from home using Outlook Express and it always replies with 550 so I think I'm good there. Just the amount of mail is insane. I came in this morning at there's over 10,000 in the IMS Queue. I guess eventually it will slow down... Thanks to all. Cheers, Tony -Original Message- From: Dave Mills [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 5:28 PM To: Exchange Discussions Subject: Re: Not Open Relay, but... For #3, what you are seeing is spammer trying to find valid addresses @dfg.com by simply guessing addresses and trying them, your best bet would be to turn off the notification on your IMS for E-mail address could not be found. For #2, yes they will sit in the queue until they are delivered or just time out. For #1, are you sure you're not an open relay? See http://www.msexchange.org/tutorials/Preventing_Third_Party_Relaying_In_MS_Ex change_Server_55.html. - Dave - Original Message - From: Woods, Tony [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 5:00 PM Subject: RE: Not Open Relay, but... Hi John, Is this in response to my question #3? If so, does everyone receive over 2000 messages every hour in the 'Admin' mailbox with a subject line of 'Notification: Inbound Mail Failure? I understand getting some but over 2000 an hour? Each of these messages is addressed
RE: Not Open Relay, but...
Oh well. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Winzenz Sent: Thursday, June 26, 2003 12:01 PM To: Exchange Discussions Subject: RE: Not Open Relay, but... boggle You tested someone else's domain at abuse.net without permission? You do realize that if it would have failed other tests, they get put on RBL's? Not a move I would have made. Yikes. - Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Posted At: Thursday, June 26, 2003 12:19 PM Posted To: Exchange (Swynk) Conversation: Not Open Relay, but... Subject: RE: Not Open Relay, but... I tested it using abuse.net's relay test. It looks like your good for not being an open relay. So my opinion is that you just have a spammer who's trying to mine for address in your company. From what I understand, there's a new program going around the spammer world, that bruteforce guesses e-mail address and collects the NDR's from that domain to determine what's legit and what isn't. My advise would be for you to trace back the IP address he's using and put it in your host.deny file. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Not Open Relay, but...
I highly recommend going to one of the sites like mailabuse.org and following their directions to verify that you're not an open relay BEFORE you get blacklisted. It can be a real pain to get off all the blacklists, and your users will scream bloody murder. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Open Relay Suggestions
I am using Interscan Virus wall as my incoming smtp server on port 25; which then forwards my mail to the Exchange IMC on port 6000. I have been testing against open relay testers and I always fail the one or two tests where they spam my domain name. I am assuming this is because Interscan cannot look up usernames to see if the mailbox is valid? For that matter I dont think Exchange 5.5's IMC does either? Anyway to close this last hole? Suggestions? I worked hard to get off all the RBL's the last mail admin had gotten us on . . . tia chris RSET 250 web3: Reset State MAIL FROM:[EMAIL PROTECTED] 250 [EMAIL PROTECTED]: Sender Ok RCPT TO:[EMAIL PROTECTED] 250 [EMAIL PROTECTED]: Recipient Ok _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Not Open Relay, but...
I've tested via telnet and from home using Outlook Express and it always replies with 550 so I think I'm good there. Just the amount of mail is insane. I came in this morning at there's over 10,000 in the IMS Queue. I guess eventually it will slow down... Thanks to all. Cheers, Tony -Original Message- From: Dave Mills [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 5:28 PM To: Exchange Discussions Subject: Re: Not Open Relay, but... For #3, what you are seeing is spammer trying to find valid addresses @dfg.com by simply guessing addresses and trying them, your best bet would be to turn off the notification on your IMS for E-mail address could not be found. For #2, yes they will sit in the queue until they are delivered or just time out. For #1, are you sure you're not an open relay? See http://www.msexchange.org/tutorials/Preventing_Third_Party_Relaying_In_MS_Ex change_Server_55.html. - Dave - Original Message - From: Woods, Tony [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 5:00 PM Subject: RE: Not Open Relay, but... Hi John, Is this in response to my question #3? If so, does everyone receive over 2000 messages every hour in the 'Admin' mailbox with a subject line of 'Notification: Inbound Mail Failure? I understand getting some but over 2000 an hour? Each of these messages is addressed to [EMAIL PROTECTED] or whatever. It's just random letters in front of the domain name @dfg.com and there's just a ton of them. Thanks for any ideas, all. Cheers, Tony -Original Message- From: John Strongosky [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 3:46 PM To: Exchange Discussions Subject: RE: Not Open Relay, but... NDR's (non-delivery reports) from spammer's probably. -Original Message- From: Woods, Tony [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 3:23 PM To: Exchange Discussions Subject: Not Open Relay, but... Hello, NT 4 SP6a and Exchange 5.5 SP4. Domain in question is DFG.com I've just taken over a site's Exchange server and have noticed something strange. It's been sometime since I had to play with Exchange this deep but the Queues on my IMS keep filling up with 1000's of emails. We're not an Open Relay that I can tell (I've tested) but there's just a ton of 'Outbound Message Awaiting Delivery' with originator and Destination Host of different .com's. There is a ton of Inbound Mail Failures in the 'Admin' mailbox for delivery failures as well. My three questions are: 1) Are these messages that are trying to relay but failing? 2) If so, are they just going to sit in the Queue for the default time? 3) For the Inbound Mail Failures, a lot of them are going to bogus addresses like [EMAIL PROTECTED] or [EMAIL PROTECTED] Where are these all coming from? Thanks in advance. Cheers, Tony _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Not Open Relay, but...
I tested it using abuse.net's relay test. It looks like your good for not being an open relay. So my opinion is that you just have a spammer who's trying to mine for address in your company. From what I understand, there's a new program going around the spammer world, that bruteforce guesses e-mail address and collects the NDR's from that domain to determine what's legit and what isn't. My advise would be for you to trace back the IP address he's using and put it in your host.deny file. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Woods, Tony Sent: Thursday, June 26, 2003 9:58 AM To: Exchange Discussions Subject: RE: Not Open Relay, but... Importance: High I've tested via telnet and from home using Outlook Express and it always replies with 550 so I think I'm good there. Just the amount of mail is insane. I came in this morning at there's over 10,000 in the IMS Queue. I guess eventually it will slow down... Thanks to all. Cheers, Tony -Original Message- From: Dave Mills [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 5:28 PM To: Exchange Discussions Subject: Re: Not Open Relay, but... For #3, what you are seeing is spammer trying to find valid addresses @dfg.com by simply guessing addresses and trying them, your best bet would be to turn off the notification on your IMS for E-mail address could not be found. For #2, yes they will sit in the queue until they are delivered or just time out. For #1, are you sure you're not an open relay? See http://www.msexchange.org/tutorials/Preventing_Third_Party_Relaying_In_M S_Ex change_Server_55.html. - Dave - Original Message - From: Woods, Tony [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 5:00 PM Subject: RE: Not Open Relay, but... Hi John, Is this in response to my question #3? If so, does everyone receive over 2000 messages every hour in the 'Admin' mailbox with a subject line of 'Notification: Inbound Mail Failure? I understand getting some but over 2000 an hour? Each of these messages is addressed to [EMAIL PROTECTED] or whatever. It's just random letters in front of the domain name @dfg.com and there's just a ton of them. Thanks for any ideas, all. Cheers, Tony -Original Message- From: John Strongosky [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 3:46 PM To: Exchange Discussions Subject: RE: Not Open Relay, but... NDR's (non-delivery reports) from spammer's probably. -Original Message- From: Woods, Tony [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 3:23 PM To: Exchange Discussions Subject: Not Open Relay, but... Hello, NT 4 SP6a and Exchange 5.5 SP4. Domain in question is DFG.com I've just taken over a site's Exchange server and have noticed something strange. It's been sometime since I had to play with Exchange this deep but the Queues on my IMS keep filling up with 1000's of emails. We're not an Open Relay that I can tell (I've tested) but there's just a ton of 'Outbound Message Awaiting Delivery' with originator and Destination Host of different .com's. There is a ton of Inbound Mail Failures in the 'Admin' mailbox for delivery failures as well. My three questions are: 1) Are these messages that are trying to relay but failing? 2) If so, are they just going to sit in the Queue for the default time? 3) For the Inbound Mail Failures, a lot of them are going to bogus addresses like [EMAIL PROTECTED] or [EMAIL PROTECTED] Where are these all coming from? Thanks in advance. Cheers, Tony _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED
RE: Not Open Relay, but...
Tony, Open up the properties page of your IMS Connection, go to the Internet Mail tab and click on the Notifications... button. My guess would be that you have the Always send notifications when non-delivery reports are generated radio button clicked. If that is the case, select the second choice and uncheck the options that you don't want. I receive anywhere from 3,000 to 10,000 ndrs a day, from spammers trying to brute force their spam through the system. I track the NDRs to create a spreadsheet for management, showing them the exponential growth of spam and the load it is placing on the servers, in order to justify new servers. Jim -Original Message- From: Woods, Tony [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 9:58 AM To: Exchange Discussions Subject: RE: Not Open Relay, but... I've tested via telnet and from home using Outlook Express and it always replies with 550 so I think I'm good there. Just the amount of mail is insane. I came in this morning at there's over 10,000 in the IMS Queue. I guess eventually it will slow down... Thanks to all. Cheers, Tony -Original Message- From: Dave Mills [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 5:28 PM To: Exchange Discussions Subject: Re: Not Open Relay, but... For #3, what you are seeing is spammer trying to find valid addresses @dfg.com by simply guessing addresses and trying them, your best bet would be to turn off the notification on your IMS for E-mail address could not be found. For #2, yes they will sit in the queue until they are delivered or just time out. For #1, are you sure you're not an open relay? See http://www.msexchange.org/tutorials/Preventing_Third_Party_Relaying_In_MS_Ex change_Server_55.html. - Dave - Original Message - From: Woods, Tony [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 5:00 PM Subject: RE: Not Open Relay, but... Hi John, Is this in response to my question #3? If so, does everyone receive over 2000 messages every hour in the 'Admin' mailbox with a subject line of 'Notification: Inbound Mail Failure? I understand getting some but over 2000 an hour? Each of these messages is addressed to [EMAIL PROTECTED] or whatever. It's just random letters in front of the domain name @dfg.com and there's just a ton of them. Thanks for any ideas, all. Cheers, Tony -Original Message- From: John Strongosky [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 3:46 PM To: Exchange Discussions Subject: RE: Not Open Relay, but... NDR's (non-delivery reports) from spammer's probably. -Original Message- From: Woods, Tony [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 3:23 PM To: Exchange Discussions Subject: Not Open Relay, but... Hello, NT 4 SP6a and Exchange 5.5 SP4. Domain in question is DFG.com I've just taken over a site's Exchange server and have noticed something strange. It's been sometime since I had to play with Exchange this deep but the Queues on my IMS keep filling up with 1000's of emails. We're not an Open Relay that I can tell (I've tested) but there's just a ton of 'Outbound Message Awaiting Delivery' with originator and Destination Host of different .com's. There is a ton of Inbound Mail Failures in the 'Admin' mailbox for delivery failures as well. My three questions are: 1) Are these messages that are trying to relay but failing? 2) If so, are they just going to sit in the Queue for the default time? 3) For the Inbound Mail Failures, a lot of them are going to bogus addresses like [EMAIL PROTECTED] or [EMAIL PROTECTED] Where are these all coming from? Thanks in advance. Cheers, Tony _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL
RE: Open Relay Suggestions
Those aren't holes. One can legitimately accept mail for those addresses and as long as it isn't relayed to the final destination the server is relay secure. The designers of those tests have implemented their testing criteria improperly. -Original Message- From: Chris H [mailto:[EMAIL PROTECTED] Posted At: Thursday, June 26, 2003 11:23 AM Posted To: swynk Conversation: Open Relay Suggestions Subject: Open Relay Suggestions I am using Interscan Virus wall as my incoming smtp server on port 25; which then forwards my mail to the Exchange IMC on port 6000. I have been testing against open relay testers and I always fail the one or two tests where they spam my domain name. I am assuming this is because Interscan cannot look up usernames to see if the mailbox is valid? For that matter I dont think Exchange 5.5's IMC does either? Anyway to close this last hole? Suggestions? I worked hard to get off all the RBL's the last mail admin had gotten us on . . . tia chris RSET 250 web3: Reset State MAIL FROM:[EMAIL PROTECTED] 250 [EMAIL PROTECTED]: Sender Ok RCPT TO:[EMAIL PROTECTED] 250 [EMAIL PROTECTED]: Recipient Ok _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Open Relay Suggestions
We used to use Netscape's mail server back when it was free for educational use. At the time, we did have a closed relay system, but since our server wouldn't respond with a 550, we got blacklisted. It took us quite a lot of effort to get the various Anti-relay sites to accept that we were a closed relay. -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 2:22 PM To: Exchange Discussions Subject: RE: Open Relay Suggestions Those aren't holes. One can legitimately accept mail for those addresses and as long as it isn't relayed to the final destination the server is relay secure. The designers of those tests have implemented their testing criteria improperly. -Original Message- From: Chris H [mailto:[EMAIL PROTECTED] Posted At: Thursday, June 26, 2003 11:23 AM Posted To: swynk Conversation: Open Relay Suggestions Subject: Open Relay Suggestions I am using Interscan Virus wall as my incoming smtp server on port 25; which then forwards my mail to the Exchange IMC on port 6000. I have been testing against open relay testers and I always fail the one or two tests where they spam my domain name. I am assuming this is because Interscan cannot look up usernames to see if the mailbox is valid? For that matter I dont think Exchange 5.5's IMC does either? Anyway to close this last hole? Suggestions? I worked hard to get off all the RBL's the last mail admin had gotten us on . . . tia chris RSET 250 web3: Reset State MAIL FROM:[EMAIL PROTECTED] 250 [EMAIL PROTECTED]: Sender Ok RCPT TO:[EMAIL PROTECTED] 250 [EMAIL PROTECTED]: Recipient Ok _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Not Open Relay, but...
boggle You tested someone else's domain at abuse.net without permission? You do realize that if it would have failed other tests, they get put on RBL's? Not a move I would have made. Yikes. - Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Posted At: Thursday, June 26, 2003 12:19 PM Posted To: Exchange (Swynk) Conversation: Not Open Relay, but... Subject: RE: Not Open Relay, but... I tested it using abuse.net's relay test. It looks like your good for not being an open relay. So my opinion is that you just have a spammer who's trying to mine for address in your company. From what I understand, there's a new program going around the spammer world, that bruteforce guesses e-mail address and collects the NDR's from that domain to determine what's legit and what isn't. My advise would be for you to trace back the IP address he's using and put it in your host.deny file. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Woods, Tony Sent: Thursday, June 26, 2003 9:58 AM To: Exchange Discussions Subject: RE: Not Open Relay, but... Importance: High I've tested via telnet and from home using Outlook Express and it always replies with 550 so I think I'm good there. Just the amount of mail is insane. I came in this morning at there's over 10,000 in the IMS Queue. I guess eventually it will slow down... Thanks to all. Cheers, Tony -Original Message- From: Dave Mills [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 5:28 PM To: Exchange Discussions Subject: Re: Not Open Relay, but... For #3, what you are seeing is spammer trying to find valid addresses @dfg.com by simply guessing addresses and trying them, your best bet would be to turn off the notification on your IMS for E-mail address could not be found. For #2, yes they will sit in the queue until they are delivered or just time out. For #1, are you sure you're not an open relay? See http://www.msexchange.org/tutorials/Preventing_Third_Party_Relaying_In_M S_Ex change_Server_55.html. - Dave - Original Message - From: Woods, Tony [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 5:00 PM Subject: RE: Not Open Relay, but... Hi John, Is this in response to my question #3? If so, does everyone receive over 2000 messages every hour in the 'Admin' mailbox with a subject line of 'Notification: Inbound Mail Failure? I understand getting some but over 2000 an hour? Each of these messages is addressed to [EMAIL PROTECTED] or whatever. It's just random letters in front of the domain name @dfg.com and there's just a ton of them. Thanks for any ideas, all. Cheers, Tony -Original Message- From: John Strongosky [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 3:46 PM To: Exchange Discussions Subject: RE: Not Open Relay, but... NDR's (non-delivery reports) from spammer's probably. -Original Message- From: Woods, Tony [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 3:23 PM To: Exchange Discussions Subject: Not Open Relay, but... Hello, NT 4 SP6a and Exchange 5.5 SP4. Domain in question is DFG.com I've just taken over a site's Exchange server and have noticed something strange. It's been sometime since I had to play with Exchange this deep but the Queues on my IMS keep filling up with 1000's of emails. We're not an Open Relay that I can tell (I've tested) but there's just a ton of 'Outbound Message Awaiting Delivery' with originator and Destination Host of different .com's. There is a ton of Inbound Mail Failures in the 'Admin' mailbox for delivery failures as well. My three questions are: 1) Are these messages that are trying to relay but failing? 2) If so, are they just going to sit in the Queue for the default time? 3) For the Inbound Mail Failures, a lot of them are going to bogus addresses like [EMAIL PROTECTED] or [EMAIL PROTECTED] Where are these all coming from? Thanks in advance. Cheers, Tony _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter
RE: Not Open Relay, but...
It's the testing one. Not the one that puts people on the list -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Winzenz Sent: Thursday, June 26, 2003 12:01 PM To: Exchange Discussions Subject: RE: Not Open Relay, but... boggle You tested someone else's domain at abuse.net without permission? You do realize that if it would have failed other tests, they get put on RBL's? Not a move I would have made. Yikes. - Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Posted At: Thursday, June 26, 2003 12:19 PM Posted To: Exchange (Swynk) Conversation: Not Open Relay, but... Subject: RE: Not Open Relay, but... I tested it using abuse.net's relay test. It looks like your good for not being an open relay. So my opinion is that you just have a spammer who's trying to mine for address in your company. From what I understand, there's a new program going around the spammer world, that bruteforce guesses e-mail address and collects the NDR's from that domain to determine what's legit and what isn't. My advise would be for you to trace back the IP address he's using and put it in your host.deny file. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Woods, Tony Sent: Thursday, June 26, 2003 9:58 AM To: Exchange Discussions Subject: RE: Not Open Relay, but... Importance: High I've tested via telnet and from home using Outlook Express and it always replies with 550 so I think I'm good there. Just the amount of mail is insane. I came in this morning at there's over 10,000 in the IMS Queue. I guess eventually it will slow down... Thanks to all. Cheers, Tony -Original Message- From: Dave Mills [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 5:28 PM To: Exchange Discussions Subject: Re: Not Open Relay, but... For #3, what you are seeing is spammer trying to find valid addresses @dfg.com by simply guessing addresses and trying them, your best bet would be to turn off the notification on your IMS for E-mail address could not be found. For #2, yes they will sit in the queue until they are delivered or just time out. For #1, are you sure you're not an open relay? See http://www.msexchange.org/tutorials/Preventing_Third_Party_Relaying_In_M S_Ex change_Server_55.html. - Dave - Original Message - From: Woods, Tony [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 5:00 PM Subject: RE: Not Open Relay, but... Hi John, Is this in response to my question #3? If so, does everyone receive over 2000 messages every hour in the 'Admin' mailbox with a subject line of 'Notification: Inbound Mail Failure? I understand getting some but over 2000 an hour? Each of these messages is addressed to [EMAIL PROTECTED] or whatever. It's just random letters in front of the domain name @dfg.com and there's just a ton of them. Thanks for any ideas, all. Cheers, Tony -Original Message- From: John Strongosky [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 3:46 PM To: Exchange Discussions Subject: RE: Not Open Relay, but... NDR's (non-delivery reports) from spammer's probably. -Original Message- From: Woods, Tony [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 3:23 PM To: Exchange Discussions Subject: Not Open Relay, but... Hello, NT 4 SP6a and Exchange 5.5 SP4. Domain in question is DFG.com I've just taken over a site's Exchange server and have noticed something strange. It's been sometime since I had to play with Exchange this deep but the Queues on my IMS keep filling up with 1000's of emails. We're not an Open Relay that I can tell (I've tested) but there's just a ton of 'Outbound Message Awaiting Delivery' with originator and Destination Host of different .com's. There is a ton of Inbound Mail Failures in the 'Admin' mailbox for delivery failures as well. My three questions are: 1) Are these messages that are trying to relay but failing? 2) If so, are they just going to sit in the Queue for the default time? 3) For the Inbound Mail Failures, a lot of them are going to bogus addresses like [EMAIL PROTECTED] or [EMAIL PROTECTED] Where are these all coming from? Thanks in advance. Cheers, Tony _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto
RE: Not Open Relay, but...
It's still not something I would have done. If you are going to test someone else's domain that you don't own, then you really ought to manually test it. If you are using a 3rd party tool, then you don't have any control over whether they send domain names that fail the relay tests to RBL's. - Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Posted At: Thursday, June 26, 2003 2:04 PM Posted To: Exchange (Swynk) Conversation: Not Open Relay, but... Subject: RE: Not Open Relay, but... It's the testing one. Not the one that puts people on the list -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Winzenz Sent: Thursday, June 26, 2003 12:01 PM To: Exchange Discussions Subject: RE: Not Open Relay, but... boggle You tested someone else's domain at abuse.net without permission? You do realize that if it would have failed other tests, they get put on RBL's? Not a move I would have made. Yikes. - Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Posted At: Thursday, June 26, 2003 12:19 PM Posted To: Exchange (Swynk) Conversation: Not Open Relay, but... Subject: RE: Not Open Relay, but... I tested it using abuse.net's relay test. It looks like your good for not being an open relay. So my opinion is that you just have a spammer who's trying to mine for address in your company. From what I understand, there's a new program going around the spammer world, that bruteforce guesses e-mail address and collects the NDR's from that domain to determine what's legit and what isn't. My advise would be for you to trace back the IP address he's using and put it in your host.deny file. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Woods, Tony Sent: Thursday, June 26, 2003 9:58 AM To: Exchange Discussions Subject: RE: Not Open Relay, but... Importance: High I've tested via telnet and from home using Outlook Express and it always replies with 550 so I think I'm good there. Just the amount of mail is insane. I came in this morning at there's over 10,000 in the IMS Queue. I guess eventually it will slow down... Thanks to all. Cheers, Tony -Original Message- From: Dave Mills [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 5:28 PM To: Exchange Discussions Subject: Re: Not Open Relay, but... For #3, what you are seeing is spammer trying to find valid addresses @dfg.com by simply guessing addresses and trying them, your best bet would be to turn off the notification on your IMS for E-mail address could not be found. For #2, yes they will sit in the queue until they are delivered or just time out. For #1, are you sure you're not an open relay? See http://www.msexchange.org/tutorials/Preventing_Third_Party_Relaying_In_M S_Ex change_Server_55.html. - Dave - Original Message - From: Woods, Tony [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 5:00 PM Subject: RE: Not Open Relay, but... Hi John, Is this in response to my question #3? If so, does everyone receive over 2000 messages every hour in the 'Admin' mailbox with a subject line of 'Notification: Inbound Mail Failure? I understand getting some but over 2000 an hour? Each of these messages is addressed to [EMAIL PROTECTED] or whatever. It's just random letters in front of the domain name @dfg.com and there's just a ton of them. Thanks for any ideas, all. Cheers, Tony -Original Message- From: John Strongosky [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 3:46 PM To: Exchange Discussions Subject: RE: Not Open Relay, but... NDR's (non-delivery reports) from spammer's probably. -Original Message- From: Woods, Tony [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 3:23 PM To: Exchange Discussions Subject: Not Open Relay, but... Hello, NT 4 SP6a and Exchange 5.5 SP4. Domain in question is DFG.com I've just taken over a site's Exchange server and have noticed something strange. It's been sometime since I had to play with Exchange this deep but the Queues on my IMS keep filling up with 1000's of emails. We're not an Open Relay that I can tell (I've tested) but there's just a ton of 'Outbound Message Awaiting Delivery' with originator and Destination Host of different .com's. There is a ton of Inbound Mail Failures in the 'Admin' mailbox for delivery failures as well. My three questions are: 1) Are these messages that are trying to relay but failing? 2) If so, are they just going to sit in the Queue for the default time? 3) For the Inbound Mail Failures, a lot of them are going to bogus addresses like [EMAIL PROTECTED] or [EMAIL PROTECTED] Where are these all coming from? Thanks in advance. Cheers, Tony
RE: Not Open Relay, but...
Thanks, Jim. Just so I'm clear, it's not uncommon to have over 10,000 messages sitting in the IMS queue after 8hrs? I have another site where the IMS has hardly any messages sitting in there so this is why I am concerned. What if I changed the MX record's IP address, would that help slow it down a little or are they just using dfg.com? Cheers, Tony -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 10:10 AM To: Exchange Discussions Subject: RE: Not Open Relay, but... Tony, Open up the properties page of your IMS Connection, go to the Internet Mail tab and click on the Notifications... button. My guess would be that you have the Always send notifications when non-delivery reports are generated radio button clicked. If that is the case, select the second choice and uncheck the options that you don't want. I receive anywhere from 3,000 to 10,000 ndrs a day, from spammers trying to brute force their spam through the system. I track the NDRs to create a spreadsheet for management, showing them the exponential growth of spam and the load it is placing on the servers, in order to justify new servers. Jim -Original Message- From: Woods, Tony [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 9:58 AM To: Exchange Discussions Subject: RE: Not Open Relay, but... I've tested via telnet and from home using Outlook Express and it always replies with 550 so I think I'm good there. Just the amount of mail is insane. I came in this morning at there's over 10,000 in the IMS Queue. I guess eventually it will slow down... Thanks to all. Cheers, Tony -Original Message- From: Dave Mills [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 5:28 PM To: Exchange Discussions Subject: Re: Not Open Relay, but... For #3, what you are seeing is spammer trying to find valid addresses @dfg.com by simply guessing addresses and trying them, your best bet would be to turn off the notification on your IMS for E-mail address could not be found. For #2, yes they will sit in the queue until they are delivered or just time out. For #1, are you sure you're not an open relay? See http://www.msexchange.org/tutorials/Preventing_Third_Party_Relaying_In_MS_Ex change_Server_55.html. - Dave - Original Message - From: Woods, Tony [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 5:00 PM Subject: RE: Not Open Relay, but... Hi John, Is this in response to my question #3? If so, does everyone receive over 2000 messages every hour in the 'Admin' mailbox with a subject line of 'Notification: Inbound Mail Failure? I understand getting some but over 2000 an hour? Each of these messages is addressed to [EMAIL PROTECTED] or whatever. It's just random letters in front of the domain name @dfg.com and there's just a ton of them. Thanks for any ideas, all. Cheers, Tony -Original Message- From: John Strongosky [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 3:46 PM To: Exchange Discussions Subject: RE: Not Open Relay, but... NDR's (non-delivery reports) from spammer's probably. -Original Message- From: Woods, Tony [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 3:23 PM To: Exchange Discussions Subject: Not Open Relay, but... Hello, NT 4 SP6a and Exchange 5.5 SP4. Domain in question is DFG.com I've just taken over a site's Exchange server and have noticed something strange. It's been sometime since I had to play with Exchange this deep but the Queues on my IMS keep filling up with 1000's of emails. We're not an Open Relay that I can tell (I've tested) but there's just a ton of 'Outbound Message Awaiting Delivery' with originator and Destination Host of different .com's. There is a ton of Inbound Mail Failures in the 'Admin' mailbox for delivery failures as well. My three questions are: 1) Are these messages that are trying to relay but failing? 2) If so, are they just going to sit in the Queue for the default time? 3) For the Inbound Mail Failures, a lot of them are going to bogus addresses like [EMAIL PROTECTED] or [EMAIL PROTECTED] Where are these all coming from? Thanks in advance. Cheers, Tony _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED
RE: Not Open Relay, but...
Your best solution is to find out the source of those messages, and then block the domain, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Woods, Tony Sent: Thursday, June 26, 2003 1:37 PM To: Exchange Discussions Subject: RE: Not Open Relay, but... Thanks, Jim. Just so I'm clear, it's not uncommon to have over 10,000 messages sitting in the IMS queue after 8hrs? I have another site where the IMS has hardly any messages sitting in there so this is why I am concerned. What if I changed the MX record's IP address, would that help slow it down a little or are they just using dfg.com? Cheers, Tony -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 10:10 AM To: Exchange Discussions Subject: RE: Not Open Relay, but... Tony, Open up the properties page of your IMS Connection, go to the Internet Mail tab and click on the Notifications... button. My guess would be that you have the Always send notifications when non-delivery reports are generated radio button clicked. If that is the case, select the second choice and uncheck the options that you don't want. I receive anywhere from 3,000 to 10,000 ndrs a day, from spammers trying to brute force their spam through the system. I track the NDRs to create a spreadsheet for management, showing them the exponential growth of spam and the load it is placing on the servers, in order to justify new servers. Jim -Original Message- From: Woods, Tony [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 9:58 AM To: Exchange Discussions Subject: RE: Not Open Relay, but... I've tested via telnet and from home using Outlook Express and it always replies with 550 so I think I'm good there. Just the amount of mail is insane. I came in this morning at there's over 10,000 in the IMS Queue. I guess eventually it will slow down... Thanks to all. Cheers, Tony -Original Message- From: Dave Mills [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 5:28 PM To: Exchange Discussions Subject: Re: Not Open Relay, but... For #3, what you are seeing is spammer trying to find valid addresses @dfg.com by simply guessing addresses and trying them, your best bet would be to turn off the notification on your IMS for E-mail address could not be found. For #2, yes they will sit in the queue until they are delivered or just time out. For #1, are you sure you're not an open relay? See http://www.msexchange.org/tutorials/Preventing_Third_Party_Relaying_In_M S_Ex change_Server_55.html. - Dave - Original Message - From: Woods, Tony [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 5:00 PM Subject: RE: Not Open Relay, but... Hi John, Is this in response to my question #3? If so, does everyone receive over 2000 messages every hour in the 'Admin' mailbox with a subject line of 'Notification: Inbound Mail Failure? I understand getting some but over 2000 an hour? Each of these messages is addressed to [EMAIL PROTECTED] or whatever. It's just random letters in front of the domain name @dfg.com and there's just a ton of them. Thanks for any ideas, all. Cheers, Tony -Original Message- From: John Strongosky [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 3:46 PM To: Exchange Discussions Subject: RE: Not Open Relay, but... NDR's (non-delivery reports) from spammer's probably. -Original Message- From: Woods, Tony [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 3:23 PM To: Exchange Discussions Subject: Not Open Relay, but... Hello, NT 4 SP6a and Exchange 5.5 SP4. Domain in question is DFG.com I've just taken over a site's Exchange server and have noticed something strange. It's been sometime since I had to play with Exchange this deep but the Queues on my IMS keep filling up with 1000's of emails. We're not an Open Relay that I can tell (I've tested) but there's just a ton of 'Outbound Message Awaiting Delivery' with originator and Destination Host of different .com's. There is a ton of Inbound Mail Failures in the 'Admin' mailbox for delivery failures as well. My three questions are: 1) Are these messages that are trying to relay but failing? 2) If so, are they just going to sit in the Queue for the default time? 3) For the Inbound Mail Failures, a lot of them are going to bogus addresses like [EMAIL PROTECTED] or [EMAIL PROTECTED] Where are these all coming from? Thanks in advance. Cheers, Tony _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http
RE: Not Open Relay, but...
H...well it would be for me, but then again, I'm not sure I have the qualifications to answer that question. We are a small company (and getting smaller by the day!) of roughly 600 people. If you're a big company, you may be getting significantly larger numbers of messages sitting in you IMS queue. Our current time-out period for attempting delivery is 72 hours. Until that time expires, they WILL sit in the IMS queue awaiting delivery. Then they will generate a non-delivery notification to your Admin mailbox. I would probably get a lot more of those sitting in my queue, if I didn't have so many spam domains in my block list. That and the fact that I delete them at least once a day. -Original Message- From: Woods, Tony [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 1:37 PM To: Exchange Discussions Subject: RE: Not Open Relay, but... Thanks, Jim. Just so I'm clear, it's not uncommon to have over 10,000 messages sitting in the IMS queue after 8hrs? I have another site where the IMS has hardly any messages sitting in there so this is why I am concerned. What if I changed the MX record's IP address, would that help slow it down a little or are they just using dfg.com? Cheers, Tony -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 10:10 AM To: Exchange Discussions Subject: RE: Not Open Relay, but... Tony, Open up the properties page of your IMS Connection, go to the Internet Mail tab and click on the Notifications... button. My guess would be that you have the Always send notifications when non-delivery reports are generated radio button clicked. If that is the case, select the second choice and uncheck the options that you don't want. I receive anywhere from 3,000 to 10,000 ndrs a day, from spammers trying to brute force their spam through the system. I track the NDRs to create a spreadsheet for management, showing them the exponential growth of spam and the load it is placing on the servers, in order to justify new servers. Jim -Original Message- From: Woods, Tony [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 9:58 AM To: Exchange Discussions Subject: RE: Not Open Relay, but... I've tested via telnet and from home using Outlook Express and it always replies with 550 so I think I'm good there. Just the amount of mail is insane. I came in this morning at there's over 10,000 in the IMS Queue. I guess eventually it will slow down... Thanks to all. Cheers, Tony -Original Message- From: Dave Mills [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 5:28 PM To: Exchange Discussions Subject: Re: Not Open Relay, but... For #3, what you are seeing is spammer trying to find valid addresses @dfg.com by simply guessing addresses and trying them, your best bet would be to turn off the notification on your IMS for E-mail address could not be found. For #2, yes they will sit in the queue until they are delivered or just time out. For #1, are you sure you're not an open relay? See http://www.msexchange.org/tutorials/Preventing_Third_Party_Relaying_In_MS_Ex change_Server_55.html. - Dave - Original Message - From: Woods, Tony [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 5:00 PM Subject: RE: Not Open Relay, but... Hi John, Is this in response to my question #3? If so, does everyone receive over 2000 messages every hour in the 'Admin' mailbox with a subject line of 'Notification: Inbound Mail Failure? I understand getting some but over 2000 an hour? Each of these messages is addressed to [EMAIL PROTECTED] or whatever. It's just random letters in front of the domain name @dfg.com and there's just a ton of them. Thanks for any ideas, all. Cheers, Tony -Original Message- From: John Strongosky [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 3:46 PM To: Exchange Discussions Subject: RE: Not Open Relay, but... NDR's (non-delivery reports) from spammer's probably. -Original Message- From: Woods, Tony [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 3:23 PM To: Exchange Discussions Subject: Not Open Relay, but... Hello, NT 4 SP6a and Exchange 5.5 SP4. Domain in question is DFG.com I've just taken over a site's Exchange server and have noticed something strange. It's been sometime since I had to play with Exchange this deep but the Queues on my IMS keep filling up with 1000's of emails. We're not an Open Relay that I can tell (I've tested) but there's just a ton of 'Outbound Message Awaiting Delivery' with originator and Destination Host of different .com's. There is a ton of Inbound Mail Failures in the 'Admin' mailbox for delivery failures as well. My three questions are: 1) Are these messages that are trying to relay but failing? 2) If so, are they just going to sit in the Queue for the default time? 3) For the Inbound Mail Failures, a lot
RE: Not Open Relay, but...
They're just using dfg.com. Don't bother your MX record. -Original Message- From: Woods, Tony [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 1:37 PM To: Exchange Discussions Subject: RE: Not Open Relay, but... Thanks, Jim. Just so I'm clear, it's not uncommon to have over 10,000 messages sitting in the IMS queue after 8hrs? I have another site where the IMS has hardly any messages sitting in there so this is why I am concerned. What if I changed the MX record's IP address, would that help slow it down a little or are they just using dfg.com? Cheers, Tony -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 10:10 AM To: Exchange Discussions Subject: RE: Not Open Relay, but... Tony, Open up the properties page of your IMS Connection, go to the Internet Mail tab and click on the Notifications... button. My guess would be that you have the Always send notifications when non-delivery reports are generated radio button clicked. If that is the case, select the second choice and uncheck the options that you don't want. I receive anywhere from 3,000 to 10,000 ndrs a day, from spammers trying to brute force their spam through the system. I track the NDRs to create a spreadsheet for management, showing them the exponential growth of spam and the load it is placing on the servers, in order to justify new servers. Jim -Original Message- From: Woods, Tony [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 9:58 AM To: Exchange Discussions Subject: RE: Not Open Relay, but... I've tested via telnet and from home using Outlook Express and it always replies with 550 so I think I'm good there. Just the amount of mail is insane. I came in this morning at there's over 10,000 in the IMS Queue. I guess eventually it will slow down... Thanks to all. Cheers, Tony -Original Message- From: Dave Mills [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 5:28 PM To: Exchange Discussions Subject: Re: Not Open Relay, but... For #3, what you are seeing is spammer trying to find valid addresses @dfg.com by simply guessing addresses and trying them, your best bet would be to turn off the notification on your IMS for E-mail address could not be found. For #2, yes they will sit in the queue until they are delivered or just time out. For #1, are you sure you're not an open relay? See http://www.msexchange.org/tutorials/Preventing_Third_Party_Relaying_In_MS_Ex change_Server_55.html. - Dave - Original Message - From: Woods, Tony [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 5:00 PM Subject: RE: Not Open Relay, but... Hi John, Is this in response to my question #3? If so, does everyone receive over 2000 messages every hour in the 'Admin' mailbox with a subject line of 'Notification: Inbound Mail Failure? I understand getting some but over 2000 an hour? Each of these messages is addressed to [EMAIL PROTECTED] or whatever. It's just random letters in front of the domain name @dfg.com and there's just a ton of them. Thanks for any ideas, all. Cheers, Tony -Original Message- From: John Strongosky [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 3:46 PM To: Exchange Discussions Subject: RE: Not Open Relay, but... NDR's (non-delivery reports) from spammer's probably. -Original Message- From: Woods, Tony [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 3:23 PM To: Exchange Discussions Subject: Not Open Relay, but... Hello, NT 4 SP6a and Exchange 5.5 SP4. Domain in question is DFG.com I've just taken over a site's Exchange server and have noticed something strange. It's been sometime since I had to play with Exchange this deep but the Queues on my IMS keep filling up with 1000's of emails. We're not an Open Relay that I can tell (I've tested) but there's just a ton of 'Outbound Message Awaiting Delivery' with originator and Destination Host of different .com's. There is a ton of Inbound Mail Failures in the 'Admin' mailbox for delivery failures as well. My three questions are: 1) Are these messages that are trying to relay but failing? 2) If so, are they just going to sit in the Queue for the default time? 3) For the Inbound Mail Failures, a lot of them are going to bogus addresses like [EMAIL PROTECTED] or [EMAIL PROTECTED] Where are these all coming from? Thanks in advance. Cheers, Tony _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm
RE: Not Open Relay, but...
Thanks. I've also cut down the Notifications to just 'Host not Found'. One of the NDR's looks like this A mail message could not be sent because the following host is unknown: smdv231.entertainmentmail.net The message that caused this notification was: To: [EMAIL PROTECTED] From: Subject: Undeliverable: Sales manager or Marketing dept - Is this is a Relay, shouldn't I not be accepting it in the first place? Thanks for all the insight so far... Cheers, Tony -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 1:30 PM To: Exchange Discussions Subject: RE: Not Open Relay, but... They're just using dfg.com. Don't bother your MX record. -Original Message- From: Woods, Tony [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 1:37 PM To: Exchange Discussions Subject: RE: Not Open Relay, but... Thanks, Jim. Just so I'm clear, it's not uncommon to have over 10,000 messages sitting in the IMS queue after 8hrs? I have another site where the IMS has hardly any messages sitting in there so this is why I am concerned. What if I changed the MX record's IP address, would that help slow it down a little or are they just using dfg.com? Cheers, Tony -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 10:10 AM To: Exchange Discussions Subject: RE: Not Open Relay, but... Tony, Open up the properties page of your IMS Connection, go to the Internet Mail tab and click on the Notifications... button. My guess would be that you have the Always send notifications when non-delivery reports are generated radio button clicked. If that is the case, select the second choice and uncheck the options that you don't want. I receive anywhere from 3,000 to 10,000 ndrs a day, from spammers trying to brute force their spam through the system. I track the NDRs to create a spreadsheet for management, showing them the exponential growth of spam and the load it is placing on the servers, in order to justify new servers. Jim -Original Message- From: Woods, Tony [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 9:58 AM To: Exchange Discussions Subject: RE: Not Open Relay, but... I've tested via telnet and from home using Outlook Express and it always replies with 550 so I think I'm good there. Just the amount of mail is insane. I came in this morning at there's over 10,000 in the IMS Queue. I guess eventually it will slow down... Thanks to all. Cheers, Tony -Original Message- From: Dave Mills [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 5:28 PM To: Exchange Discussions Subject: Re: Not Open Relay, but... For #3, what you are seeing is spammer trying to find valid addresses @dfg.com by simply guessing addresses and trying them, your best bet would be to turn off the notification on your IMS for E-mail address could not be found. For #2, yes they will sit in the queue until they are delivered or just time out. For #1, are you sure you're not an open relay? See http://www.msexchange.org/tutorials/Preventing_Third_Party_Relaying_In_MS_Ex change_Server_55.html. - Dave - Original Message - From: Woods, Tony [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 5:00 PM Subject: RE: Not Open Relay, but... Hi John, Is this in response to my question #3? If so, does everyone receive over 2000 messages every hour in the 'Admin' mailbox with a subject line of 'Notification: Inbound Mail Failure? I understand getting some but over 2000 an hour? Each of these messages is addressed to [EMAIL PROTECTED] or whatever. It's just random letters in front of the domain name @dfg.com and there's just a ton of them. Thanks for any ideas, all. Cheers, Tony -Original Message- From: John Strongosky [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 3:46 PM To: Exchange Discussions Subject: RE: Not Open Relay, but... NDR's (non-delivery reports) from spammer's probably. -Original Message- From: Woods, Tony [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 3:23 PM To: Exchange Discussions Subject: Not Open Relay, but... Hello, NT 4 SP6a and Exchange 5.5 SP4. Domain in question is DFG.com I've just taken over a site's Exchange server and have noticed something strange. It's been sometime since I had to play with Exchange this deep but the Queues on my IMS keep filling up with 1000's of emails. We're not an Open Relay that I can tell (I've tested) but there's just a ton of 'Outbound Message Awaiting Delivery' with originator and Destination Host of different .com's. There is a ton of Inbound Mail Failures in the 'Admin' mailbox for delivery failures as well. My three questions are: 1) Are these messages that are trying to relay but failing? 2) If so, are they just going to sit
Re: Not Open Relay, but...
Your mail system is accepting a mail for an invalid address (i.e. [EMAIL PROTECTED]), and since it couldn't deliver it it's trying to send a message back to the sender telling them it couldn't deliver the message. But in this case, the spammer forged the sender address, so your mail server is sending you NDRs because it can't send the original NDR back to the spoofed address. Make sense? There's not much you can do with Exchange 5.5 to avoid this situation unless the spammer is using a single IP address that you can block from being able to send mail into your system. - Dave - Original Message - From: Woods, Tony [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Thursday, June 26, 2003 4:26 PM Subject: RE: Not Open Relay, but... Thanks. I've also cut down the Notifications to just 'Host not Found'. One of the NDR's looks like this A mail message could not be sent because the following host is unknown: smdv231.entertainmentmail.net The message that caused this notification was: To: [EMAIL PROTECTED] From: Subject: Undeliverable: Sales manager or Marketing dept - Is this is a Relay, shouldn't I not be accepting it in the first place? Thanks for all the insight so far... Cheers, Tony -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 1:30 PM To: Exchange Discussions Subject: RE: Not Open Relay, but... They're just using dfg.com. Don't bother your MX record. -Original Message- From: Woods, Tony [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 1:37 PM To: Exchange Discussions Subject: RE: Not Open Relay, but... Thanks, Jim. Just so I'm clear, it's not uncommon to have over 10,000 messages sitting in the IMS queue after 8hrs? I have another site where the IMS has hardly any messages sitting in there so this is why I am concerned. What if I changed the MX record's IP address, would that help slow it down a little or are they just using dfg.com? Cheers, Tony -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 10:10 AM To: Exchange Discussions Subject: RE: Not Open Relay, but... Tony, Open up the properties page of your IMS Connection, go to the Internet Mail tab and click on the Notifications... button. My guess would be that you have the Always send notifications when non-delivery reports are generated radio button clicked. If that is the case, select the second choice and uncheck the options that you don't want. I receive anywhere from 3,000 to 10,000 ndrs a day, from spammers trying to brute force their spam through the system. I track the NDRs to create a spreadsheet for management, showing them the exponential growth of spam and the load it is placing on the servers, in order to justify new servers. Jim -Original Message- From: Woods, Tony [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 9:58 AM To: Exchange Discussions Subject: RE: Not Open Relay, but... I've tested via telnet and from home using Outlook Express and it always replies with 550 so I think I'm good there. Just the amount of mail is insane. I came in this morning at there's over 10,000 in the IMS Queue. I guess eventually it will slow down... Thanks to all. Cheers, Tony -Original Message- From: Dave Mills [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 5:28 PM To: Exchange Discussions Subject: Re: Not Open Relay, but... For #3, what you are seeing is spammer trying to find valid addresses @dfg.com by simply guessing addresses and trying them, your best bet would be to turn off the notification on your IMS for E-mail address could not be found. For #2, yes they will sit in the queue until they are delivered or just time out. For #1, are you sure you're not an open relay? See http://www.msexchange.org/tutorials/Preventing_Third_Party_Relaying_In_MS_Ex change_Server_55.html. - Dave - Original Message - From: Woods, Tony [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 5:00 PM Subject: RE: Not Open Relay, but... Hi John, Is this in response to my question #3? If so, does everyone receive over 2000 messages every hour in the 'Admin' mailbox with a subject line of 'Notification: Inbound Mail Failure? I understand getting some but over 2000 an hour? Each of these messages is addressed to [EMAIL PROTECTED] or whatever. It's just random letters in front of the domain name @dfg.com and there's just a ton of them. Thanks for any ideas, all. Cheers, Tony -Original Message- From: John Strongosky [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 3:46 PM To: Exchange Discussions Subject: RE: Not Open Relay, but... NDR's (non-delivery reports) from spammer's probably
RE: Not Open Relay, but...
Thanks, Dave. That's crystal clear. Cheers, Tony -Original Message- From: Dave Mills [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 4:02 PM To: Exchange Discussions Subject: Re: Not Open Relay, but... Your mail system is accepting a mail for an invalid address (i.e. [EMAIL PROTECTED]), and since it couldn't deliver it it's trying to send a message back to the sender telling them it couldn't deliver the message. But in this case, the spammer forged the sender address, so your mail server is sending you NDRs because it can't send the original NDR back to the spoofed address. Make sense? There's not much you can do with Exchange 5.5 to avoid this situation unless the spammer is using a single IP address that you can block from being able to send mail into your system. - Dave - Original Message - From: Woods, Tony [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Thursday, June 26, 2003 4:26 PM Subject: RE: Not Open Relay, but... Thanks. I've also cut down the Notifications to just 'Host not Found'. One of the NDR's looks like this A mail message could not be sent because the following host is unknown: smdv231.entertainmentmail.net The message that caused this notification was: To: [EMAIL PROTECTED] From: Subject: Undeliverable: Sales manager or Marketing dept - Is this is a Relay, shouldn't I not be accepting it in the first place? Thanks for all the insight so far... Cheers, Tony -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 1:30 PM To: Exchange Discussions Subject: RE: Not Open Relay, but... They're just using dfg.com. Don't bother your MX record. -Original Message- From: Woods, Tony [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 1:37 PM To: Exchange Discussions Subject: RE: Not Open Relay, but... Thanks, Jim. Just so I'm clear, it's not uncommon to have over 10,000 messages sitting in the IMS queue after 8hrs? I have another site where the IMS has hardly any messages sitting in there so this is why I am concerned. What if I changed the MX record's IP address, would that help slow it down a little or are they just using dfg.com? Cheers, Tony -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 10:10 AM To: Exchange Discussions Subject: RE: Not Open Relay, but... Tony, Open up the properties page of your IMS Connection, go to the Internet Mail tab and click on the Notifications... button. My guess would be that you have the Always send notifications when non-delivery reports are generated radio button clicked. If that is the case, select the second choice and uncheck the options that you don't want. I receive anywhere from 3,000 to 10,000 ndrs a day, from spammers trying to brute force their spam through the system. I track the NDRs to create a spreadsheet for management, showing them the exponential growth of spam and the load it is placing on the servers, in order to justify new servers. Jim -Original Message- From: Woods, Tony [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 9:58 AM To: Exchange Discussions Subject: RE: Not Open Relay, but... I've tested via telnet and from home using Outlook Express and it always replies with 550 so I think I'm good there. Just the amount of mail is insane. I came in this morning at there's over 10,000 in the IMS Queue. I guess eventually it will slow down... Thanks to all. Cheers, Tony -Original Message- From: Dave Mills [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 5:28 PM To: Exchange Discussions Subject: Re: Not Open Relay, but... For #3, what you are seeing is spammer trying to find valid addresses @dfg.com by simply guessing addresses and trying them, your best bet would be to turn off the notification on your IMS for E-mail address could not be found. For #2, yes they will sit in the queue until they are delivered or just time out. For #1, are you sure you're not an open relay? See http://www.msexchange.org/tutorials/Preventing_Third_Party_Relaying_In_MS_Ex change_Server_55.html. - Dave - Original Message - From: Woods, Tony [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 5:00 PM Subject: RE: Not Open Relay, but... Hi John, Is this in response to my question #3? If so, does everyone receive over 2000 messages every hour in the 'Admin' mailbox with a subject line of 'Notification: Inbound Mail Failure? I understand getting some but over 2000 an hour? Each of these messages is addressed to [EMAIL PROTECTED] or whatever. It's just random letters in front of the domain name @dfg.com and there's just a ton of them. Thanks for any ideas, all. Cheers, Tony
Not Open Relay, but...
Hello, NT 4 SP6a and Exchange 5.5 SP4. Domain in question is DFG.com I've just taken over a site's Exchange server and have noticed something strange. It's been sometime since I had to play with Exchange this deep but the Queues on my IMS keep filling up with 1000's of emails. We're not an Open Relay that I can tell (I've tested) but there's just a ton of 'Outbound Message Awaiting Delivery' with originator and Destination Host of different .com's. There is a ton of Inbound Mail Failures in the 'Admin' mailbox for delivery failures as well. My three questions are: 1) Are these messages that are trying to relay but failing? 2) If so, are they just going to sit in the Queue for the default time? 3) For the Inbound Mail Failures, a lot of them are going to bogus addresses like [EMAIL PROTECTED] or [EMAIL PROTECTED] Where are these all coming from? Thanks in advance. Cheers, Tony _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Not Open Relay, but...
NDR's (non-delivery reports) from spammer's probably. -Original Message- From: Woods, Tony [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 3:23 PM To: Exchange Discussions Subject: Not Open Relay, but... Hello, NT 4 SP6a and Exchange 5.5 SP4. Domain in question is DFG.com I've just taken over a site's Exchange server and have noticed something strange. It's been sometime since I had to play with Exchange this deep but the Queues on my IMS keep filling up with 1000's of emails. We're not an Open Relay that I can tell (I've tested) but there's just a ton of 'Outbound Message Awaiting Delivery' with originator and Destination Host of different .com's. There is a ton of Inbound Mail Failures in the 'Admin' mailbox for delivery failures as well. My three questions are: 1) Are these messages that are trying to relay but failing? 2) If so, are they just going to sit in the Queue for the default time? 3) For the Inbound Mail Failures, a lot of them are going to bogus addresses like [EMAIL PROTECTED] or [EMAIL PROTECTED] Where are these all coming from? Thanks in advance. Cheers, Tony _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Not Open Relay, but...
Hi John, Is this in response to my question #3? If so, does everyone receive over 2000 messages every hour in the 'Admin' mailbox with a subject line of 'Notification: Inbound Mail Failure? I understand getting some but over 2000 an hour? Each of these messages is addressed to [EMAIL PROTECTED] or whatever. It's just random letters in front of the domain name @dfg.com and there's just a ton of them. Thanks for any ideas, all. Cheers, Tony -Original Message- From: John Strongosky [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 3:46 PM To: Exchange Discussions Subject: RE: Not Open Relay, but... NDR's (non-delivery reports) from spammer's probably. -Original Message- From: Woods, Tony [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 3:23 PM To: Exchange Discussions Subject: Not Open Relay, but... Hello, NT 4 SP6a and Exchange 5.5 SP4. Domain in question is DFG.com I've just taken over a site's Exchange server and have noticed something strange. It's been sometime since I had to play with Exchange this deep but the Queues on my IMS keep filling up with 1000's of emails. We're not an Open Relay that I can tell (I've tested) but there's just a ton of 'Outbound Message Awaiting Delivery' with originator and Destination Host of different .com's. There is a ton of Inbound Mail Failures in the 'Admin' mailbox for delivery failures as well. My three questions are: 1) Are these messages that are trying to relay but failing? 2) If so, are they just going to sit in the Queue for the default time? 3) For the Inbound Mail Failures, a lot of them are going to bogus addresses like [EMAIL PROTECTED] or [EMAIL PROTECTED] Where are these all coming from? Thanks in advance. Cheers, Tony _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Re: Not Open Relay, but...
For #3, what you are seeing is spammer trying to find valid addresses @dfg.com by simply guessing addresses and trying them, your best bet would be to turn off the notification on your IMS for E-mail address could not be found. For #2, yes they will sit in the queue until they are delivered or just time out. For #1, are you sure you're not an open relay? See http://www.msexchange.org/tutorials/Preventing_Third_Party_Relaying_In_MS_Exchange_Server_55.html. - Dave - Original Message - From: Woods, Tony [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 5:00 PM Subject: RE: Not Open Relay, but... Hi John, Is this in response to my question #3? If so, does everyone receive over 2000 messages every hour in the 'Admin' mailbox with a subject line of 'Notification: Inbound Mail Failure? I understand getting some but over 2000 an hour? Each of these messages is addressed to [EMAIL PROTECTED] or whatever. It's just random letters in front of the domain name @dfg.com and there's just a ton of them. Thanks for any ideas, all. Cheers, Tony -Original Message- From: John Strongosky [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 3:46 PM To: Exchange Discussions Subject: RE: Not Open Relay, but... NDR's (non-delivery reports) from spammer's probably. -Original Message- From: Woods, Tony [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 3:23 PM To: Exchange Discussions Subject: Not Open Relay, but... Hello, NT 4 SP6a and Exchange 5.5 SP4. Domain in question is DFG.com I've just taken over a site's Exchange server and have noticed something strange. It's been sometime since I had to play with Exchange this deep but the Queues on my IMS keep filling up with 1000's of emails. We're not an Open Relay that I can tell (I've tested) but there's just a ton of 'Outbound Message Awaiting Delivery' with originator and Destination Host of different .com's. There is a ton of Inbound Mail Failures in the 'Admin' mailbox for delivery failures as well. My three questions are: 1) Are these messages that are trying to relay but failing? 2) If so, are they just going to sit in the Queue for the default time? 3) For the Inbound Mail Failures, a lot of them are going to bogus addresses like [EMAIL PROTECTED] or [EMAIL PROTECTED] Where are these all coming from? Thanks in advance. Cheers, Tony _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Not Open Relay, but...
1. Probably not. If your Exchange faces the Internet, it should reject the relay attempt during the RCPT TO: command, so the messages won't be accepted for delivery and therefore they won't be NDRed. 2. Yes. 3. If dfg.com is your domain then it's normal spam to automatically generated addresses. Ed Crowley MCSE+I MVP There are seldom good technological solutions to behavioral problems. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Woods, Tony Sent: Wednesday, June 25, 2003 3:23 PM To: Exchange Discussions Hello, NT 4 SP6a and Exchange 5.5 SP4. Domain in question is DFG.com I've just taken over a site's Exchange server and have noticed something strange. It's been sometime since I had to play with Exchange this deep but the Queues on my IMS keep filling up with 1000's of emails. We're not an Open Relay that I can tell (I've tested) but there's just a ton of 'Outbound Message Awaiting Delivery' with originator and Destination Host of different .com's. There is a ton of Inbound Mail Failures in the 'Admin' mailbox for delivery failures as well. My three questions are: 1) Are these messages that are trying to relay but failing? 2) If so, are they just going to sit in the Queue for the default time? 3) For the Inbound Mail Failures, a lot of them are going to bogus addresses like [EMAIL PROTECTED] or [EMAIL PROTECTED] Where are these all coming from? Thanks in advance. Cheers, Tony _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
How do I make sure my exchange server is not acting as an Open Relay?
When ever a recipient from my site trying to send an email to a recipient @aol.com. He/she will receive a message saying Delivery to the following recipients has been delayed. Then a few days later he/she will receive another message saying The following recipient(s) could not be reached: I finally talked to technical support at AOL and they are telling me that I have been put on the block domain list because AOL automatically check any IP that sends email to their domain and my IP is acting as An open relay, or also known as third-party relay. How do I stop this? What is the fix? Any comments or suggestion is truly appreciated. Thank you _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: How do I make sure my exchange server is not acting as an Open Relay?
I checked, and didn't see that you are running as an open relay. Perhaps the problem you are having is Reverse DNS? I know that AOL requires a Reverse DNS record if you want to talk to it. I had to add it into my records before they would talk to me :) Bob Sadler City of Leawood, KS, USA WAN/Internet Specialist 913-339-6700 x194 -Original Message- From: Romeo [mailto:[EMAIL PROTECTED] Sent: Friday, June 13, 2003 1:37 PM To: Exchange Discussions Subject: How do I make sure my exchange server is not acting as an Open Relay? When ever a recipient from my site trying to send an email to a recipient @aol.com. He/she will receive a message saying Delivery to the following recipients has been delayed. Then a few days later he/she will receive another message saying The following recipient(s) could not be reached: I finally talked to technical support at AOL and they are telling me that I have been put on the block domain list because AOL automatically check any IP that sends email to their domain and my IP is acting as An open relay, or also known as third-party relay. How do I stop this? What is the fix? Any comments or suggestion is truly appreciated. Thank you _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: How do I make sure my exchange server is not acting as an Open Relay?
Ditto on that. The same thing happened to my domain. John Parker, MCSE ---End of Line--- -Original Message- From: Bob Sadler [mailto:[EMAIL PROTECTED] Sent: Friday, June 13, 2003 2:35 PM To: Exchange Discussions Subject: RE: How do I make sure my exchange server is not acting as an Open Relay? I checked, and didn't see that you are running as an open relay. Perhaps the problem you are having is Reverse DNS? I know that AOL requires a Reverse DNS record if you want to talk to it. I had to add it into my records before they would talk to me :) Bob Sadler City of Leawood, KS, USA WAN/Internet Specialist 913-339-6700 x194 -Original Message- From: Romeo [mailto:[EMAIL PROTECTED] Sent: Friday, June 13, 2003 1:37 PM To: Exchange Discussions Subject: How do I make sure my exchange server is not acting as an Open Relay? When ever a recipient from my site trying to send an email to a recipient @aol.com. He/she will receive a message saying Delivery to the following recipients has been delayed. Then a few days later he/she will receive another message saying The following recipient(s) could not be reached: I finally talked to technical support at AOL and they are telling me that I have been put on the block domain list because AOL automatically check any IP that sends email to their domain and my IP is acting as An open relay, or also known as third-party relay. How do I stop this? What is the fix? Any comments or suggestion is truly appreciated. Thank you _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Open Relay Help
Apparently my mail server has been listed as an Open Relay at http://njabl.org/. I've followed the instructions listed in the following FAQ, and still get listed as an open relay. 3.73 Q: How can I configure my Exchange server so it can't be used as an open relay? A: http://www.exchangeadmin.com/Articles/Index.cfm?ArticleID=7696 My server is as follows: Windows 2000 SP2 Exchange 5.5 SP4 Trend Micro's ScanMail and EManager are installed and current on version and pattern files. I have been unsuccessful in finding and searching the archives. Any help would be greatly appreciated. Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Open Relay Help
You've got to contact them and have them take you out of their database. -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:06 AM To: Exchange Discussions Subject: Open Relay Help Apparently my mail server has been listed as an Open Relay at http://njabl.org/. I've followed the instructions listed in the following FAQ, and still get listed as an open relay. 3.73 Q: How can I configure my Exchange server so it can't be used as an open relay? A: http://www.exchangeadmin.com/Articles/Index.cfm?ArticleID=7696 My server is as follows: Windows 2000 SP2 Exchange 5.5 SP4 Trend Micro's ScanMail and EManager are installed and current on version and pattern files. I have been unsuccessful in finding and searching the archives. Any help would be greatly appreciated. Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] -- The information contained in this email message is privileged and confidential information intended only for the use of the individual or entity to whom it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copy of this message is strictly prohibited. If you have received this email in error, please immediately notify Veronis Suhler Stevenson by telephone (212)935-4990, fax (212)381-8168, or email ([EMAIL PROTECTED]) and delete the message. Thank you. == _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Open Relay Help
You're still an open relay. Did you restart the IMS after making the changes described in the article? Describe your settings on this tab as well in detail: http://www.exchangeadmin.com/Files/04/7696/Screen_04.gif -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Posted At: Thursday, May 29, 2003 9:06 AM Posted To: swynk Conversation: Open Relay Help Subject: Open Relay Help Apparently my mail server has been listed as an Open Relay at http://njabl.org/. I've followed the instructions listed in the following FAQ, and still get listed as an open relay. 3.73 Q: How can I configure my Exchange server so it can't be used as an open relay? A: http://www.exchangeadmin.com/Articles/Index.cfm?ArticleID=7696 My server is as follows: Windows 2000 SP2 Exchange 5.5 SP4 Trend Micro's ScanMail and EManager are installed and current on version and pattern files. I have been unsuccessful in finding and searching the archives. Any help would be greatly appreciated. Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Open Relay Help
I'm sure I did but restarted once more to make sure. Can you try again? Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:13 AM To: Exchange Discussion Subject: RE: Open Relay Help You're still an open relay. Did you restart the IMS after making the changes described in the article? Describe your settings on this tab as well in detail: http://www.exchangeadmin.com/Files/04/7696/Screen_04.gif -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Posted At: Thursday, May 29, 2003 9:06 AM Posted To: swynk Conversation: Open Relay Help Subject: Open Relay Help Apparently my mail server has been listed as an Open Relay at http://njabl.org/. I've followed the instructions listed in the following FAQ, and still get listed as an open relay. 3.73 Q: How can I configure my Exchange server so it can't be used as an open relay? A: http://www.exchangeadmin.com/Articles/Index.cfm?ArticleID=7696 My server is as follows: Windows 2000 SP2 Exchange 5.5 SP4 Trend Micro's ScanMail and EManager are installed and current on version and pattern files. I have been unsuccessful in finding and searching the archives. Any help would be greatly appreciated. Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Open Relay Help
Still looks to be open regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 024 7635 5378, Fax: 024 7635 8378 mailto:[EMAIL PROTECTED] -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Sent: 29 May 2003 15:23 To: Exchange Discussions Subject: RE: Open Relay Help I'm sure I did but restarted once more to make sure. Can you try again? Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:13 AM To: Exchange Discussion Subject: RE: Open Relay Help You're still an open relay. Did you restart the IMS after making the changes described in the article? Describe your settings on this tab as well in detail: http://www.exchangeadmin.com/Files/04/7696/Screen_04.gif -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Posted At: Thursday, May 29, 2003 9:06 AM Posted To: swynk Conversation: Open Relay Help Subject: Open Relay Help Apparently my mail server has been listed as an Open Relay at http://njabl.org/. I've followed the instructions listed in the following FAQ, and still get listed as an open relay. 3.73 Q: How can I configure my Exchange server so it can't be used as an open relay? A: http://www.exchangeadmin.com/Articles/Index.cfm?ArticleID=7696 My server is as follows: Windows 2000 SP2 Exchange 5.5 SP4 Trend Micro's ScanMail and EManager are installed and current on version and pattern files. I have been unsuccessful in finding and searching the archives. Any help would be greatly appreciated. Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode= lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Open Relay Help
Still open... What's that tab say now exactly? -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Posted At: Thursday, May 29, 2003 9:23 AM Posted To: swynk Conversation: Open Relay Help Subject: RE: Open Relay Help I'm sure I did but restarted once more to make sure. Can you try again? Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:13 AM To: Exchange Discussion Subject: RE: Open Relay Help You're still an open relay. Did you restart the IMS after making the changes described in the article? Describe your settings on this tab as well in detail: http://www.exchangeadmin.com/Files/04/7696/Screen_04.gif -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Posted At: Thursday, May 29, 2003 9:06 AM Posted To: swynk Conversation: Open Relay Help Subject: Open Relay Help Apparently my mail server has been listed as an Open Relay at http://njabl.org/. I've followed the instructions listed in the following FAQ, and still get listed as an open relay. 3.73 Q: How can I configure my Exchange server so it can't be used as an open relay? A: http://www.exchangeadmin.com/Articles/Index.cfm?ArticleID=7696 My server is as follows: Windows 2000 SP2 Exchange 5.5 SP4 Trend Micro's ScanMail and EManager are installed and current on version and pattern files. I have been unsuccessful in finding and searching the archives. Any help would be greatly appreciated. Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Open Relay Help
On the Routing tab Reroute incoming SMTP mail (required for POP3/IMAP4 support)is checked. In the field below Sent to: has our domain of jjg.com and Route to: is inbound The Routing Restrictions are as follows: Hosts and clients that successfully authenticate is not checked. Host and clients with these IP addresses is checked and populated with 3 internal addresses for Canon Image Runner copiers that can send email. Hosts and clients connecting to these internal addresses is checked with the Internal IP address of our exchange server. Specify the hosts and clients that can NEVER route mail is empty. Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:29 AM To: Exchange Discussion Subject: RE: Open Relay Help Still open... What's that tab say now exactly? -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Posted At: Thursday, May 29, 2003 9:23 AM Posted To: swynk Conversation: Open Relay Help Subject: RE: Open Relay Help I'm sure I did but restarted once more to make sure. Can you try again? Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:13 AM To: Exchange Discussion Subject: RE: Open Relay Help You're still an open relay. Did you restart the IMS after making the changes described in the article? Describe your settings on this tab as well in detail: http://www.exchangeadmin.com/Files/04/7696/Screen_04.gif -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Posted At: Thursday, May 29, 2003 9:06 AM Posted To: swynk Conversation: Open Relay Help Subject: Open Relay Help Apparently my mail server has been listed as an Open Relay at http://njabl.org/. I've followed the instructions listed in the following FAQ, and still get listed as an open relay. 3.73 Q: How can I configure my Exchange server so it can't be used as an open relay? A: http://www.exchangeadmin.com/Articles/Index.cfm?ArticleID=7696 My server is as follows: Windows 2000 SP2 Exchange 5.5 SP4 Trend Micro's ScanMail and EManager are installed and current on version and pattern files. I have been unsuccessful in finding and searching the archives. Any help would be greatly appreciated. Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Open Relay Help
I think the Hosts and clients connecting to these internal addresses is your problem - you don't need it ticked (or I should say it isn't ticked here and doesn't affect inbound email). regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 024 7635 5378, Fax: 024 7635 8378 mailto:[EMAIL PROTECTED] -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Sent: 29 May 2003 15:35 To: Exchange Discussions Subject: RE: Open Relay Help On the Routing tab Reroute incoming SMTP mail (required for POP3/IMAP4 support)is checked. In the field below Sent to: has our domain of jjg.com and Route to: is inbound The Routing Restrictions are as follows: Hosts and clients that successfully authenticate is not checked. Host and clients with these IP addresses is checked and populated with 3 internal addresses for Canon Image Runner copiers that can send email. Hosts and clients connecting to these internal addresses is checked with the Internal IP address of our exchange server. Specify the hosts and clients that can NEVER route mail is empty. Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:29 AM To: Exchange Discussion Subject: RE: Open Relay Help Still open... What's that tab say now exactly? -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Posted At: Thursday, May 29, 2003 9:23 AM Posted To: swynk Conversation: Open Relay Help Subject: RE: Open Relay Help I'm sure I did but restarted once more to make sure. Can you try again? Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:13 AM To: Exchange Discussion Subject: RE: Open Relay Help You're still an open relay. Did you restart the IMS after making the changes described in the article? Describe your settings on this tab as well in detail: http://www.exchangeadmin.com/Files/04/7696/Screen_04.gif -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Posted At: Thursday, May 29, 2003 9:06 AM Posted To: swynk Conversation: Open Relay Help Subject: Open Relay Help Apparently my mail server has been listed as an Open Relay at http://njabl.org/. I've followed the instructions listed in the following FAQ, and still get listed as an open relay. 3.73 Q: How can I configure my Exchange server so it can't be used as an open relay? A: http://www.exchangeadmin.com/Articles/Index.cfm?ArticleID=7696 My server is as follows: Windows 2000 SP2 Exchange 5.5 SP4 Trend Micro's ScanMail and EManager are installed and current on version and pattern files. I have been unsuccessful in finding and searching the archives. Any help would be greatly appreciated. Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode= lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Open Relay Help
Host and clients with these IP addresses is checked and populated with 3 internal addresses for Canon Image Runner copiers that can send email. I'd bet money that's your problem. I had my Exchange server setup like this at one point, for a Mac client with an old version of Eudora that didn't support SMTP AUTH. It turned Exchange into an open relay. Removing the IP address, but leaving the box checked, solved my problem. Steven --- Steven Dickenson [EMAIL PROTECTED] Network Administrator The Key School, Annapolis Maryland -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:35 AM To: Exchange Discussions Subject: RE: Open Relay Help On the Routing tab Reroute incoming SMTP mail (required for POP3/IMAP4 support)is checked. In the field below Sent to: has our domain of jjg.com and Route to: is inbound The Routing Restrictions are as follows: Hosts and clients that successfully authenticate is not checked. Host and clients with these IP addresses is checked and populated with 3 internal addresses for Canon Image Runner copiers that can send email. Hosts and clients connecting to these internal addresses is checked with the Internal IP address of our exchange server. Specify the hosts and clients that can NEVER route mail is empty. Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:29 AM To: Exchange Discussion Subject: RE: Open Relay Help Still open... What's that tab say now exactly? -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Posted At: Thursday, May 29, 2003 9:23 AM Posted To: swynk Conversation: Open Relay Help Subject: RE: Open Relay Help I'm sure I did but restarted once more to make sure. Can you try again? Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:13 AM To: Exchange Discussion Subject: RE: Open Relay Help You're still an open relay. Did you restart the IMS after making the changes described in the article? Describe your settings on this tab as well in detail: http://www.exchangeadmin.com/Files/04/7696/Screen_04.gif -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Posted At: Thursday, May 29, 2003 9:06 AM Posted To: swynk Conversation: Open Relay Help Subject: Open Relay Help Apparently my mail server has been listed as an Open Relay at http://njabl.org/. I've followed the instructions listed in the following FAQ, and still get listed as an open relay. 3.73 Q: How can I configure my Exchange server so it can't be used as an open relay? A: http://www.exchangeadmin.com/Articles/Index.cfm?ArticleID=7696 My server is as follows: Windows 2000 SP2 Exchange 5.5 SP4 Trend Micro's ScanMail and EManager are installed and current on version and pattern files. I have been unsuccessful in finding and searching the archives. Any help would be greatly appreciated. Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter
RE: Open Relay Help
Man, I AM tired. Sorry, wrong entry. This is the one I was talking about. Hosts and clients connecting to these internal addresses is checked with the Internal IP address of our exchange server. Remove that entry. Steven --- Steven Dickenson [EMAIL PROTECTED] Network Administrator The Key School, Annapolis Maryland -Original Message- From: Dickenson, Steven [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:43 AM To: Exchange Discussions Subject: RE: Open Relay Help Host and clients with these IP addresses is checked and populated with 3 internal addresses for Canon Image Runner copiers that can send email. I'd bet money that's your problem. I had my Exchange server setup like this at one point, for a Mac client with an old version of Eudora that didn't support SMTP AUTH. It turned Exchange into an open relay. Removing the IP address, but leaving the box checked, solved my problem. Steven --- Steven Dickenson [EMAIL PROTECTED] Network Administrator The Key School, Annapolis Maryland -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:35 AM To: Exchange Discussions Subject: RE: Open Relay Help On the Routing tab Reroute incoming SMTP mail (required for POP3/IMAP4 support)is checked. In the field below Sent to: has our domain of jjg.com and Route to: is inbound The Routing Restrictions are as follows: Hosts and clients that successfully authenticate is not checked. Host and clients with these IP addresses is checked and populated with 3 internal addresses for Canon Image Runner copiers that can send email. Hosts and clients connecting to these internal addresses is checked with the Internal IP address of our exchange server. Specify the hosts and clients that can NEVER route mail is empty. Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:29 AM To: Exchange Discussion Subject: RE: Open Relay Help Still open... What's that tab say now exactly? -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Posted At: Thursday, May 29, 2003 9:23 AM Posted To: swynk Conversation: Open Relay Help Subject: RE: Open Relay Help I'm sure I did but restarted once more to make sure. Can you try again? Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:13 AM To: Exchange Discussion Subject: RE: Open Relay Help You're still an open relay. Did you restart the IMS after making the changes described in the article? Describe your settings on this tab as well in detail: http://www.exchangeadmin.com/Files/04/7696/Screen_04.gif -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Posted At: Thursday, May 29, 2003 9:06 AM Posted To: swynk Conversation: Open Relay Help Subject: Open Relay Help Apparently my mail server has been listed as an Open Relay at http://njabl.org/. I've followed the instructions listed in the following FAQ, and still get listed as an open relay. 3.73 Q: How can I configure my Exchange server so it can't be used as an open relay? A: http://www.exchangeadmin.com/Articles/Index.cfm?ArticleID=7696 My server is as follows: Windows 2000 SP2 Exchange 5.5 SP4 Trend Micro's ScanMail and EManager are installed and current on version and pattern files. I have been unsuccessful in finding and searching the archives. Any help would be greatly appreciated. Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED
RE: Open Relay Help
I unchecked Hosts and clients connecting to these internal addresses and restarted the IMS. Still relaying? Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Paul Hutchings [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:42 AM To: Exchange Discussion Subject: RE: Open Relay Help I think the Hosts and clients connecting to these internal addresses is your problem - you don't need it ticked (or I should say it isn't ticked here and doesn't affect inbound email). regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 024 7635 5378, Fax: 024 7635 8378 mailto:[EMAIL PROTECTED] -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Sent: 29 May 2003 15:35 To: Exchange Discussions Subject: RE: Open Relay Help On the Routing tab Reroute incoming SMTP mail (required for POP3/IMAP4 support)is checked. In the field below Sent to: has our domain of jjg.com and Route to: is inbound The Routing Restrictions are as follows: Hosts and clients that successfully authenticate is not checked. Host and clients with these IP addresses is checked and populated with 3 internal addresses for Canon Image Runner copiers that can send email. Hosts and clients connecting to these internal addresses is checked with the Internal IP address of our exchange server. Specify the hosts and clients that can NEVER route mail is empty. Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:29 AM To: Exchange Discussion Subject: RE: Open Relay Help Still open... What's that tab say now exactly? -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Posted At: Thursday, May 29, 2003 9:23 AM Posted To: swynk Conversation: Open Relay Help Subject: RE: Open Relay Help I'm sure I did but restarted once more to make sure. Can you try again? Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:13 AM To: Exchange Discussion Subject: RE: Open Relay Help You're still an open relay. Did you restart the IMS after making the changes described in the article? Describe your settings on this tab as well in detail: http://www.exchangeadmin.com/Files/04/7696/Screen_04.gif -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Posted At: Thursday, May 29, 2003 9:06 AM Posted To: swynk Conversation: Open Relay Help Subject: Open Relay Help Apparently my mail server has been listed as an Open Relay at http://njabl.org/. I've followed the instructions listed in the following FAQ, and still get listed as an open relay. 3.73 Q: How can I configure my Exchange server so it can't be used as an open relay? A: http://www.exchangeadmin.com/Articles/Index.cfm?ArticleID=7696 My server is as follows: Windows 2000 SP2 Exchange 5.5 SP4 Trend Micro's ScanMail and EManager are installed and current on version and pattern files. I have been unsuccessful in finding and searching the archives. Any help would be greatly appreciated. Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode= lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin
RE: Open Relay Help
Nope, rejects relay attempts using sam spade. If you've not already done so check your outbound queue - you don't want to find there's 10,000 spams in there :-) regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 024 7635 5378, Fax: 024 7635 8378 mailto:[EMAIL PROTECTED] -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Sent: 29 May 2003 15:44 To: Exchange Discussions Subject: RE: Open Relay Help I unchecked Hosts and clients connecting to these internal addresses and restarted the IMS. Still relaying? Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Paul Hutchings [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:42 AM To: Exchange Discussion Subject: RE: Open Relay Help I think the Hosts and clients connecting to these internal addresses is your problem - you don't need it ticked (or I should say it isn't ticked here and doesn't affect inbound email). regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 024 7635 5378, Fax: 024 7635 8378 mailto:[EMAIL PROTECTED] -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Sent: 29 May 2003 15:35 To: Exchange Discussions Subject: RE: Open Relay Help On the Routing tab Reroute incoming SMTP mail (required for POP3/IMAP4 support)is checked. In the field below Sent to: has our domain of jjg.com and Route to: is inbound The Routing Restrictions are as follows: Hosts and clients that successfully authenticate is not checked. Host and clients with these IP addresses is checked and populated with 3 internal addresses for Canon Image Runner copiers that can send email. Hosts and clients connecting to these internal addresses is checked with the Internal IP address of our exchange server. Specify the hosts and clients that can NEVER route mail is empty. Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:29 AM To: Exchange Discussion Subject: RE: Open Relay Help Still open... What's that tab say now exactly? -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Posted At: Thursday, May 29, 2003 9:23 AM Posted To: swynk Conversation: Open Relay Help Subject: RE: Open Relay Help I'm sure I did but restarted once more to make sure. Can you try again? Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:13 AM To: Exchange Discussion Subject: RE: Open Relay Help You're still an open relay. Did you restart the IMS after making the changes described in the article? Describe your settings on this tab as well in detail: http://www.exchangeadmin.com/Files/04/7696/Screen_04.gif -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Posted At: Thursday, May 29, 2003 9:06 AM Posted To: swynk Conversation: Open Relay Help Subject: Open Relay Help Apparently my mail server has been listed as an Open Relay at http://njabl.org/. I've followed the instructions listed in the following FAQ, and still get listed as an open relay. 3.73 Q: How can I configure my Exchange server so it can't be used as an open relay? A: http://www.exchangeadmin.com/Articles/Index.cfm?ArticleID=7696 My server is as follows: Windows 2000 SP2 Exchange 5.5 SP4 Trend Micro's ScanMail and EManager are installed and current on version and pattern files. I have been unsuccessful in finding and searching the archives. Any help would be greatly appreciated. Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode= lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode= lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode= lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED
RE: Open Relay Help
No -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:44 AM To: Exchange Discussions Subject: RE: Open Relay Help I unchecked Hosts and clients connecting to these internal addresses and restarted the IMS. Still relaying? Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Paul Hutchings [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:42 AM To: Exchange Discussion Subject: RE: Open Relay Help I think the Hosts and clients connecting to these internal addresses is your problem - you don't need it ticked (or I should say it isn't ticked here and doesn't affect inbound email). regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 024 7635 5378, Fax: 024 7635 8378 mailto:[EMAIL PROTECTED] -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Sent: 29 May 2003 15:35 To: Exchange Discussions Subject: RE: Open Relay Help On the Routing tab Reroute incoming SMTP mail (required for POP3/IMAP4 support)is checked. In the field below Sent to: has our domain of jjg.com and Route to: is inbound The Routing Restrictions are as follows: Hosts and clients that successfully authenticate is not checked. Host and clients with these IP addresses is checked and populated with 3 internal addresses for Canon Image Runner copiers that can send email. Hosts and clients connecting to these internal addresses is checked with the Internal IP address of our exchange server. Specify the hosts and clients that can NEVER route mail is empty. Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:29 AM To: Exchange Discussion Subject: RE: Open Relay Help Still open... What's that tab say now exactly? -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Posted At: Thursday, May 29, 2003 9:23 AM Posted To: swynk Conversation: Open Relay Help Subject: RE: Open Relay Help I'm sure I did but restarted once more to make sure. Can you try again? Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:13 AM To: Exchange Discussion Subject: RE: Open Relay Help You're still an open relay. Did you restart the IMS after making the changes described in the article? Describe your settings on this tab as well in detail: http://www.exchangeadmin.com/Files/04/7696/Screen_04.gif -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Posted At: Thursday, May 29, 2003 9:06 AM Posted To: swynk Conversation: Open Relay Help Subject: Open Relay Help Apparently my mail server has been listed as an Open Relay at http://njabl.org/. I've followed the instructions listed in the following FAQ, and still get listed as an open relay. 3.73 Q: How can I configure my Exchange server so it can't be used as an open relay? A: http://www.exchangeadmin.com/Articles/Index.cfm?ArticleID=7696 My server is as follows: Windows 2000 SP2 Exchange 5.5 SP4 Trend Micro's ScanMail and EManager are installed and current on version and pattern files. I have been unsuccessful in finding and searching the archives. Any help would be greatly appreciated. Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode= lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource
RE: Open Relay Help
Nope, all good now. Steven --- Steven Dickenson [EMAIL PROTECTED] Network Administrator The Key School, Annapolis Maryland -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:44 AM To: Exchange Discussions Subject: RE: Open Relay Help I unchecked Hosts and clients connecting to these internal addresses and restarted the IMS. Still relaying? Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Paul Hutchings [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:42 AM To: Exchange Discussion Subject: RE: Open Relay Help I think the Hosts and clients connecting to these internal addresses is your problem - you don't need it ticked (or I should say it isn't ticked here and doesn't affect inbound email). regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 024 7635 5378, Fax: 024 7635 8378 mailto:[EMAIL PROTECTED] -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Sent: 29 May 2003 15:35 To: Exchange Discussions Subject: RE: Open Relay Help On the Routing tab Reroute incoming SMTP mail (required for POP3/IMAP4 support)is checked. In the field below Sent to: has our domain of jjg.com and Route to: is inbound The Routing Restrictions are as follows: Hosts and clients that successfully authenticate is not checked. Host and clients with these IP addresses is checked and populated with 3 internal addresses for Canon Image Runner copiers that can send email. Hosts and clients connecting to these internal addresses is checked with the Internal IP address of our exchange server. Specify the hosts and clients that can NEVER route mail is empty. Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:29 AM To: Exchange Discussion Subject: RE: Open Relay Help Still open... What's that tab say now exactly? -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Posted At: Thursday, May 29, 2003 9:23 AM Posted To: swynk Conversation: Open Relay Help Subject: RE: Open Relay Help I'm sure I did but restarted once more to make sure. Can you try again? Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:13 AM To: Exchange Discussion Subject: RE: Open Relay Help You're still an open relay. Did you restart the IMS after making the changes described in the article? Describe your settings on this tab as well in detail: http://www.exchangeadmin.com/Files/04/7696/Screen_04.gif -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Posted At: Thursday, May 29, 2003 9:06 AM Posted To: swynk Conversation: Open Relay Help Subject: Open Relay Help Apparently my mail server has been listed as an Open Relay at http://njabl.org/. I've followed the instructions listed in the following FAQ, and still get listed as an open relay. 3.73 Q: How can I configure my Exchange server so it can't be used as an open relay? A: http://www.exchangeadmin.com/Articles/Index.cfm?ArticleID=7696 My server is as follows: Windows 2000 SP2 Exchange 5.5 SP4 Trend Micro's ScanMail and EManager are installed and current on version and pattern files. I have been unsuccessful in finding and searching the archives. Any help would be greatly appreciated. Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode= lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED
RE: Open Relay Help
I saw about 50 or so. I'm still getting items in the queue with a blank originator. Is this to be expected? What happens to these items? Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Paul Hutchings [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:46 AM To: Exchange Discussion Subject: RE: Open Relay Help Nope, rejects relay attempts using sam spade. If you've not already done so check your outbound queue - you don't want to find there's 10,000 spams in there :-) regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 024 7635 5378, Fax: 024 7635 8378 mailto:[EMAIL PROTECTED] -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Sent: 29 May 2003 15:44 To: Exchange Discussions Subject: RE: Open Relay Help I unchecked Hosts and clients connecting to these internal addresses and restarted the IMS. Still relaying? Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Paul Hutchings [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:42 AM To: Exchange Discussion Subject: RE: Open Relay Help I think the Hosts and clients connecting to these internal addresses is your problem - you don't need it ticked (or I should say it isn't ticked here and doesn't affect inbound email). regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 024 7635 5378, Fax: 024 7635 8378 mailto:[EMAIL PROTECTED] -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Sent: 29 May 2003 15:35 To: Exchange Discussions Subject: RE: Open Relay Help On the Routing tab Reroute incoming SMTP mail (required for POP3/IMAP4 support)is checked. In the field below Sent to: has our domain of jjg.com and Route to: is inbound The Routing Restrictions are as follows: Hosts and clients that successfully authenticate is not checked. Host and clients with these IP addresses is checked and populated with 3 internal addresses for Canon Image Runner copiers that can send email. Hosts and clients connecting to these internal addresses is checked with the Internal IP address of our exchange server. Specify the hosts and clients that can NEVER route mail is empty. Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:29 AM To: Exchange Discussion Subject: RE: Open Relay Help Still open... What's that tab say now exactly? -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Posted At: Thursday, May 29, 2003 9:23 AM Posted To: swynk Conversation: Open Relay Help Subject: RE: Open Relay Help I'm sure I did but restarted once more to make sure. Can you try again? Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:13 AM To: Exchange Discussion Subject: RE: Open Relay Help You're still an open relay. Did you restart the IMS after making the changes described in the article? Describe your settings on this tab as well in detail: http://www.exchangeadmin.com/Files/04/7696/Screen_04.gif -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Posted At: Thursday, May 29, 2003 9:06 AM Posted To: swynk Conversation: Open Relay Help Subject: Open Relay Help Apparently my mail server has been listed as an Open Relay at http://njabl.org/. I've followed the instructions listed in the following FAQ, and still get listed as an open relay. 3.73 Q: How can I configure my Exchange server so it can't be used as an open relay? A: http://www.exchangeadmin.com/Articles/Index.cfm?ArticleID=7696 My server is as follows: Windows 2000 SP2 Exchange 5.5 SP4 Trend Micro's ScanMail and EManager are installed and current on version and pattern files. I have been unsuccessful in finding and searching the archives. Any help would be greatly appreciated. Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode= lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode= lang =english To unsubscribe: mailto:[EMAIL PROTECTED
RE: Open Relay Help
If it's originator is they're NDRs and the likes - they can be safely deleted. You might want to keep an eye on http://www.openrbl.org to make sure you don't creep onto more DNSBLs as people receive stuff that may have been sent through your server and report it to Spamcop and the likes. Some lists you'll be able to get removed from, some you're stuck on simply for being with QWest. regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 024 7635 5378, Fax: 024 7635 8378 mailto:[EMAIL PROTECTED] -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Sent: 29 May 2003 15:52 To: Exchange Discussions Subject: RE: Open Relay Help I saw about 50 or so. I'm still getting items in the queue with a blank originator. Is this to be expected? What happens to these items? Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Paul Hutchings [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:46 AM To: Exchange Discussion Subject: RE: Open Relay Help Nope, rejects relay attempts using sam spade. If you've not already done so check your outbound queue - you don't want to find there's 10,000 spams in there :-) regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 024 7635 5378, Fax: 024 7635 8378 mailto:[EMAIL PROTECTED] -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Sent: 29 May 2003 15:44 To: Exchange Discussions Subject: RE: Open Relay Help I unchecked Hosts and clients connecting to these internal addresses and restarted the IMS. Still relaying? Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Paul Hutchings [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:42 AM To: Exchange Discussion Subject: RE: Open Relay Help I think the Hosts and clients connecting to these internal addresses is your problem - you don't need it ticked (or I should say it isn't ticked here and doesn't affect inbound email). regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 024 7635 5378, Fax: 024 7635 8378 mailto:[EMAIL PROTECTED] -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Sent: 29 May 2003 15:35 To: Exchange Discussions Subject: RE: Open Relay Help On the Routing tab Reroute incoming SMTP mail (required for POP3/IMAP4 support)is checked. In the field below Sent to: has our domain of jjg.com and Route to: is inbound The Routing Restrictions are as follows: Hosts and clients that successfully authenticate is not checked. Host and clients with these IP addresses is checked and populated with 3 internal addresses for Canon Image Runner copiers that can send email. Hosts and clients connecting to these internal addresses is checked with the Internal IP address of our exchange server. Specify the hosts and clients that can NEVER route mail is empty. Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:29 AM To: Exchange Discussion Subject: RE: Open Relay Help Still open... What's that tab say now exactly? -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Posted At: Thursday, May 29, 2003 9:23 AM Posted To: swynk Conversation: Open Relay Help Subject: RE: Open Relay Help I'm sure I did but restarted once more to make sure. Can you try again? Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:13 AM To: Exchange Discussion Subject: RE: Open Relay Help You're still an open relay. Did you restart the IMS after making the changes described in the article? Describe your settings on this tab as well in detail: http://www.exchangeadmin.com/Files/04/7696/Screen_04.gif -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Posted At: Thursday, May 29, 2003 9:06 AM Posted To: swynk Conversation: Open Relay Help Subject: Open Relay Help Apparently my mail server has been listed as an Open Relay at http://njabl.org/. I've followed the instructions listed in the following FAQ, and still get listed as an open relay. 3.73 Q: How can I configure my Exchange server so it can't be used as an open relay? A: http://www.exchangeadmin.com/Articles/Index.cfm?ArticleID=7696 My server is as follows: Windows 2000 SP2 Exchange 5.5 SP4 Trend Micro's ScanMail and EManager are installed and current on version
RE: Open Relay Help
Thank you All for your help on this issue. btw what's the deal with Qwest? We just switched to them 2 weeks ago. Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Paul Hutchings [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:58 AM To: Exchange Discussion Subject: RE: Open Relay Help If it's originator is they're NDRs and the likes - they can be safely deleted. You might want to keep an eye on http://www.openrbl.org to make sure you don't creep onto more DNSBLs as people receive stuff that may have been sent through your server and report it to Spamcop and the likes. Some lists you'll be able to get removed from, some you're stuck on simply for being with QWest. regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 024 7635 5378, Fax: 024 7635 8378 mailto:[EMAIL PROTECTED] -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Sent: 29 May 2003 15:52 To: Exchange Discussions Subject: RE: Open Relay Help I saw about 50 or so. I'm still getting items in the queue with a blank originator. Is this to be expected? What happens to these items? Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Paul Hutchings [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:46 AM To: Exchange Discussion Subject: RE: Open Relay Help Nope, rejects relay attempts using sam spade. If you've not already done so check your outbound queue - you don't want to find there's 10,000 spams in there :-) regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 024 7635 5378, Fax: 024 7635 8378 mailto:[EMAIL PROTECTED] -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Sent: 29 May 2003 15:44 To: Exchange Discussions Subject: RE: Open Relay Help I unchecked Hosts and clients connecting to these internal addresses and restarted the IMS. Still relaying? Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Paul Hutchings [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:42 AM To: Exchange Discussion Subject: RE: Open Relay Help I think the Hosts and clients connecting to these internal addresses is your problem - you don't need it ticked (or I should say it isn't ticked here and doesn't affect inbound email). regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 024 7635 5378, Fax: 024 7635 8378 mailto:[EMAIL PROTECTED] -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Sent: 29 May 2003 15:35 To: Exchange Discussions Subject: RE: Open Relay Help On the Routing tab Reroute incoming SMTP mail (required for POP3/IMAP4 support)is checked. In the field below Sent to: has our domain of jjg.com and Route to: is inbound The Routing Restrictions are as follows: Hosts and clients that successfully authenticate is not checked. Host and clients with these IP addresses is checked and populated with 3 internal addresses for Canon Image Runner copiers that can send email. Hosts and clients connecting to these internal addresses is checked with the Internal IP address of our exchange server. Specify the hosts and clients that can NEVER route mail is empty. Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:29 AM To: Exchange Discussion Subject: RE: Open Relay Help Still open... What's that tab say now exactly? -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Posted At: Thursday, May 29, 2003 9:23 AM Posted To: swynk Conversation: Open Relay Help Subject: RE: Open Relay Help I'm sure I did but restarted once more to make sure. Can you try again? Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:13 AM To: Exchange Discussion Subject: RE: Open Relay Help You're still an open relay. Did you restart the IMS after making the changes described in the article? Describe your settings on this tab as well in detail: http://www.exchangeadmin.com/Files/04/7696/Screen_04.gif -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Posted At: Thursday, May 29, 2003 9:06 AM Posted To: swynk Conversation: Open Relay Help Subject: Open Relay Help Apparently my mail server has been listed as an Open Relay at http://njabl.org/. I've followed the instructions listed in the following FAQ, and still get listed
RE: Open Relay Help
On the subject of emails from , RFC2821 says your mailer must accept them. It neededn't do anything with them, though. There's a surprisingly large number of misconfigured mailers which bounce them, alas. Phil - Phil Randal Network Engineer Herefordshire Council Hereford, UK -Original Message- From: Paul Hutchings [mailto:[EMAIL PROTECTED] Sent: 29 May 2003 15:58 To: Exchange Discussions Subject: RE: Open Relay Help If it's originator is they're NDRs and the likes - they can be safely deleted. You might want to keep an eye on http://www.openrbl.org to make sure you don't creep onto more DNSBLs as people receive stuff that may have been sent through your server and report it to Spamcop and the likes. Some lists you'll be able to get removed from, some you're stuck on simply for being with QWest. regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 024 7635 5378, Fax: 024 7635 8378 mailto:[EMAIL PROTECTED] -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Sent: 29 May 2003 15:52 To: Exchange Discussions Subject: RE: Open Relay Help I saw about 50 or so. I'm still getting items in the queue with a blank originator. Is this to be expected? What happens to these items? Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Paul Hutchings [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:46 AM To: Exchange Discussion Subject: RE: Open Relay Help Nope, rejects relay attempts using sam spade. If you've not already done so check your outbound queue - you don't want to find there's 10,000 spams in there :-) regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 024 7635 5378, Fax: 024 7635 8378 mailto:[EMAIL PROTECTED] -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Sent: 29 May 2003 15:44 To: Exchange Discussions Subject: RE: Open Relay Help I unchecked Hosts and clients connecting to these internal addresses and restarted the IMS. Still relaying? Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Paul Hutchings [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:42 AM To: Exchange Discussion Subject: RE: Open Relay Help I think the Hosts and clients connecting to these internal addresses is your problem - you don't need it ticked (or I should say it isn't ticked here and doesn't affect inbound email). regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 024 7635 5378, Fax: 024 7635 8378 mailto:[EMAIL PROTECTED] -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Sent: 29 May 2003 15:35 To: Exchange Discussions Subject: RE: Open Relay Help On the Routing tab Reroute incoming SMTP mail (required for POP3/IMAP4 support)is checked. In the field below Sent to: has our domain of jjg.com and Route to: is inbound The Routing Restrictions are as follows: Hosts and clients that successfully authenticate is not checked. Host and clients with these IP addresses is checked and populated with 3 internal addresses for Canon Image Runner copiers that can send email. Hosts and clients connecting to these internal addresses is checked with the Internal IP address of our exchange server. Specify the hosts and clients that can NEVER route mail is empty. Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:29 AM To: Exchange Discussion Subject: RE: Open Relay Help Still open... What's that tab say now exactly? -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Posted At: Thursday, May 29, 2003 9:23 AM Posted To: swynk Conversation: Open Relay Help Subject: RE: Open Relay Help I'm sure I did but restarted once more to make sure. Can you try again? Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:13 AM To: Exchange Discussion Subject: RE: Open Relay Help You're still an open relay. Did you restart the IMS after making the changes described in the article? Describe your settings on this tab as well in detail: http://www.exchangeadmin.com/Files/04/7696/Screen_04.gif -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Posted
RE: Open Relay Help
It looks like a bunch of Qwest IPs are on blacklists because of Qwests alleged unwillinglness to terminate spammers using their network - I don't really know the specifics, but I suspect if you go to http://groups.google.com/groups?hl=enlr=ie=UTF-8oe=UTF-8q=qwest+group%3A news.admin.net-abuse.* you'll get an idea. Main thing is get of any lists you're on because you were an open relay, short of changing IPs or ISPs you can't do much about the others. regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 024 7635 5378, Fax: 024 7635 8378 mailto:[EMAIL PROTECTED] -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Sent: 29 May 2003 16:04 To: Exchange Discussions Subject: RE: Open Relay Help Thank you All for your help on this issue. btw what's the deal with Qwest? We just switched to them 2 weeks ago. Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Paul Hutchings [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:58 AM To: Exchange Discussion Subject: RE: Open Relay Help If it's originator is they're NDRs and the likes - they can be safely deleted. You might want to keep an eye on http://www.openrbl.org to make sure you don't creep onto more DNSBLs as people receive stuff that may have been sent through your server and report it to Spamcop and the likes. Some lists you'll be able to get removed from, some you're stuck on simply for being with QWest. regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 024 7635 5378, Fax: 024 7635 8378 mailto:[EMAIL PROTECTED] -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Sent: 29 May 2003 15:52 To: Exchange Discussions Subject: RE: Open Relay Help I saw about 50 or so. I'm still getting items in the queue with a blank originator. Is this to be expected? What happens to these items? Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Paul Hutchings [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:46 AM To: Exchange Discussion Subject: RE: Open Relay Help Nope, rejects relay attempts using sam spade. If you've not already done so check your outbound queue - you don't want to find there's 10,000 spams in there :-) regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 024 7635 5378, Fax: 024 7635 8378 mailto:[EMAIL PROTECTED] -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Sent: 29 May 2003 15:44 To: Exchange Discussions Subject: RE: Open Relay Help I unchecked Hosts and clients connecting to these internal addresses and restarted the IMS. Still relaying? Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Paul Hutchings [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:42 AM To: Exchange Discussion Subject: RE: Open Relay Help I think the Hosts and clients connecting to these internal addresses is your problem - you don't need it ticked (or I should say it isn't ticked here and doesn't affect inbound email). regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 024 7635 5378, Fax: 024 7635 8378 mailto:[EMAIL PROTECTED] -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Sent: 29 May 2003 15:35 To: Exchange Discussions Subject: RE: Open Relay Help On the Routing tab Reroute incoming SMTP mail (required for POP3/IMAP4 support)is checked. In the field below Sent to: has our domain of jjg.com and Route to: is inbound The Routing Restrictions are as follows: Hosts and clients that successfully authenticate is not checked. Host and clients with these IP addresses is checked and populated with 3 internal addresses for Canon Image Runner copiers that can send email. Hosts and clients connecting to these internal addresses is checked with the Internal IP address of our exchange server. Specify the hosts and clients that can NEVER route mail is empty. Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:29 AM To: Exchange Discussion Subject: RE: Open Relay Help Still open... What's that tab say now exactly? -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Posted At: Thursday, May 29, 2003 9:23 AM Posted To: swynk Conversation: Open Relay Help Subject: RE: Open Relay Help I'm sure I did but restarted once more to make sure. Can you try
RE: Open Relay Help
Agreed. It drives me nuts, as I do sender address verification using null senders. It's okay to reject null senders for multiple recipients, but not for just one! I'm also amazed at the number of sites that just ignore e-mails I send informing them of their RFC violation. Steven --- Steven Dickenson [EMAIL PROTECTED] Network Administrator The Key School, Annapolis Maryland -Original Message- From: Randal, Phil [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 11:10 AM To: Exchange Discussions Subject: RE: Open Relay Help On the subject of emails from , RFC2821 says your mailer must accept them. It neededn't do anything with them, though. There's a surprisingly large number of misconfigured mailers which bounce them, alas. Phil - Phil Randal Network Engineer Herefordshire Council Hereford, UK -Original Message- From: Paul Hutchings [mailto:[EMAIL PROTECTED] Sent: 29 May 2003 15:58 To: Exchange Discussions Subject: RE: Open Relay Help If it's originator is they're NDRs and the likes - they can be safely deleted. You might want to keep an eye on http://www.openrbl.org to make sure you don't creep onto more DNSBLs as people receive stuff that may have been sent through your server and report it to Spamcop and the likes. Some lists you'll be able to get removed from, some you're stuck on simply for being with QWest. regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 024 7635 5378, Fax: 024 7635 8378 mailto:[EMAIL PROTECTED] -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Sent: 29 May 2003 15:52 To: Exchange Discussions Subject: RE: Open Relay Help I saw about 50 or so. I'm still getting items in the queue with a blank originator. Is this to be expected? What happens to these items? Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Paul Hutchings [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:46 AM To: Exchange Discussion Subject: RE: Open Relay Help Nope, rejects relay attempts using sam spade. If you've not already done so check your outbound queue - you don't want to find there's 10,000 spams in there :-) regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 024 7635 5378, Fax: 024 7635 8378 mailto:[EMAIL PROTECTED] -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Sent: 29 May 2003 15:44 To: Exchange Discussions Subject: RE: Open Relay Help I unchecked Hosts and clients connecting to these internal addresses and restarted the IMS. Still relaying? Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Paul Hutchings [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:42 AM To: Exchange Discussion Subject: RE: Open Relay Help I think the Hosts and clients connecting to these internal addresses is your problem - you don't need it ticked (or I should say it isn't ticked here and doesn't affect inbound email). regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 024 7635 5378, Fax: 024 7635 8378 mailto:[EMAIL PROTECTED] -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Sent: 29 May 2003 15:35 To: Exchange Discussions Subject: RE: Open Relay Help On the Routing tab Reroute incoming SMTP mail (required for POP3/IMAP4 support)is checked. In the field below Sent to: has our domain of jjg.com and Route to: is inbound The Routing Restrictions are as follows: Hosts and clients that successfully authenticate is not checked. Host and clients with these IP addresses is checked and populated with 3 internal addresses for Canon Image Runner copiers that can send email. Hosts and clients connecting to these internal addresses is checked with the Internal IP address of our exchange server. Specify the hosts and clients that can NEVER route mail is empty. Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:29 AM To: Exchange Discussion Subject: RE: Open Relay Help Still open... What's that tab say now exactly? -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Posted At: Thursday, May 29, 2003 9:23 AM Posted To: swynk Conversation: Open Relay Help Subject: RE: Open Relay Help I'm sure I did but restarted once more to make sure. Can you try again? Skip Taylor, MCSE Network Administrator Jordan, Jones
RE: Open Relay Help
Sooner or later I need to start using these guys: http://www.rfc-ignorant.com/policy-dsn.php -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Randal, Phil [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 11:10 AM To: Exchange Discussions Subject: RE: Open Relay Help On the subject of emails from , RFC2821 says your mailer must accept them. It neededn't do anything with them, though. There's a surprisingly large number of misconfigured mailers which bounce them, alas. Phil - Phil Randal Network Engineer Herefordshire Council Hereford, UK -Original Message- From: Paul Hutchings [mailto:[EMAIL PROTECTED] Sent: 29 May 2003 15:58 To: Exchange Discussions Subject: RE: Open Relay Help If it's originator is they're NDRs and the likes - they can be safely deleted. You might want to keep an eye on http://www.openrbl.org to make sure you don't creep onto more DNSBLs as people receive stuff that may have been sent through your server and report it to Spamcop and the likes. Some lists you'll be able to get removed from, some you're stuck on simply for being with QWest. regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 024 7635 5378, Fax: 024 7635 8378 mailto:[EMAIL PROTECTED] -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Sent: 29 May 2003 15:52 To: Exchange Discussions Subject: RE: Open Relay Help I saw about 50 or so. I'm still getting items in the queue with a blank originator. Is this to be expected? What happens to these items? Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Paul Hutchings [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:46 AM To: Exchange Discussion Subject: RE: Open Relay Help Nope, rejects relay attempts using sam spade. If you've not already done so check your outbound queue - you don't want to find there's 10,000 spams in there :-) regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 024 7635 5378, Fax: 024 7635 8378 mailto:[EMAIL PROTECTED] -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Sent: 29 May 2003 15:44 To: Exchange Discussions Subject: RE: Open Relay Help I unchecked Hosts and clients connecting to these internal addresses and restarted the IMS. Still relaying? Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Paul Hutchings [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:42 AM To: Exchange Discussion Subject: RE: Open Relay Help I think the Hosts and clients connecting to these internal addresses is your problem - you don't need it ticked (or I should say it isn't ticked here and doesn't affect inbound email). regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 024 7635 5378, Fax: 024 7635 8378 mailto:[EMAIL PROTECTED] -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Sent: 29 May 2003 15:35 To: Exchange Discussions Subject: RE: Open Relay Help On the Routing tab Reroute incoming SMTP mail (required for POP3/IMAP4 support)is checked. In the field below Sent to: has our domain of jjg.com and Route to: is inbound The Routing Restrictions are as follows: Hosts and clients that successfully authenticate is not checked. Host and clients with these IP addresses is checked and populated with 3 internal addresses for Canon Image Runner copiers that can send email. Hosts and clients connecting to these internal addresses is checked with the Internal IP address of our exchange server. Specify the hosts and clients that can NEVER route mail is empty. Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:29 AM To: Exchange Discussion Subject: RE: Open Relay Help Still open... What's that tab say now exactly? -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Posted At: Thursday, May 29, 2003 9:23 AM Posted To: swynk Conversation: Open Relay Help Subject: RE: Open Relay Help I'm sure I did but restarted once more to make sure. Can you try again? Skip Taylor, MCSE Network
RE: Open Relay Help
Just what I needed, thanks! Phil - Phil Randal Network Engineer Herefordshire Council Hereford, UK -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: 29 May 2003 17:44 To: Exchange Discussions Subject: RE: Open Relay Help Sooner or later I need to start using these guys: http://www.rfc-ignorant.com/policy-dsn.php -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Randal, Phil [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 11:10 AM To: Exchange Discussions Subject: RE: Open Relay Help On the subject of emails from , RFC2821 says your mailer must accept them. It neededn't do anything with them, though. There's a surprisingly large number of misconfigured mailers which bounce them, alas. Phil - Phil Randal Network Engineer Herefordshire Council Hereford, UK -Original Message- From: Paul Hutchings [mailto:[EMAIL PROTECTED] Sent: 29 May 2003 15:58 To: Exchange Discussions Subject: RE: Open Relay Help If it's originator is they're NDRs and the likes - they can be safely deleted. You might want to keep an eye on http://www.openrbl.org to make sure you don't creep onto more DNSBLs as people receive stuff that may have been sent through your server and report it to Spamcop and the likes. Some lists you'll be able to get removed from, some you're stuck on simply for being with QWest. regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 024 7635 5378, Fax: 024 7635 8378 mailto:[EMAIL PROTECTED] -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Sent: 29 May 2003 15:52 To: Exchange Discussions Subject: RE: Open Relay Help I saw about 50 or so. I'm still getting items in the queue with a blank originator. Is this to be expected? What happens to these items? Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Paul Hutchings [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:46 AM To: Exchange Discussion Subject: RE: Open Relay Help Nope, rejects relay attempts using sam spade. If you've not already done so check your outbound queue - you don't want to find there's 10,000 spams in there :-) regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 024 7635 5378, Fax: 024 7635 8378 mailto:[EMAIL PROTECTED] -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Sent: 29 May 2003 15:44 To: Exchange Discussions Subject: RE: Open Relay Help I unchecked Hosts and clients connecting to these internal addresses and restarted the IMS. Still relaying? Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Paul Hutchings [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:42 AM To: Exchange Discussion Subject: RE: Open Relay Help I think the Hosts and clients connecting to these internal addresses is your problem - you don't need it ticked (or I should say it isn't ticked here and doesn't affect inbound email). regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 024 7635 5378, Fax: 024 7635 8378 mailto:[EMAIL PROTECTED] -Original Message- From: Taylor, Skip [mailto:[EMAIL PROTECTED] Sent: 29 May 2003 15:35 To: Exchange Discussions Subject: RE: Open Relay Help On the Routing tab Reroute incoming SMTP mail (required for POP3/IMAP4 support)is checked. In the field below Sent to: has our domain of jjg.com and Route to: is inbound The Routing Restrictions are as follows: Hosts and clients that successfully authenticate is not checked. Host and clients with these IP addresses is checked and populated with 3 internal addresses for Canon Image Runner copiers that can send email. Hosts and clients connecting to these internal addresses is checked with the Internal IP address of our exchange server. Specify the hosts and clients that can NEVER route mail is empty. Skip Taylor, MCSE Network Administrator Jordan, Jones, and Goulding -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:29 AM To: Exchange
Open Relay and E2k
I have a set up an Exchange 2000 server Windows 2000 SP3Exchange 2000 SP3 And I want to ensure that we are not an open relay,I know how to do this in Exchange 5.5 can someone point me to a doc that explains how to do this in E2k? TIA, Joshua Joshua Morgan Method IQ Senior Network Engineer Mobile: (864) 449-9912 Email: [EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Open Relay and E2k
Out of the box, E2K is NOT setup for open relay. Unless you have changed the default settings, you should be fine. Bob Sadler City of Leawood, KS, USA WAN/Internet Specialist 913-339-6700 x194 -Original Message- From: Joshua R. Morgan [mailto:[EMAIL PROTECTED]] Sent: Monday, January 27, 2003 9:42 AM To: Exchange Discussions Subject: Open Relay and E2k I have a set up an Exchange 2000 server Windows 2000 SP3Exchange 2000 SP3 And I want to ensure that we are not an open relay,I know how to do this in Exchange 5.5 can someone point me to a doc that explains how to do this in E2k? TIA, Joshua Joshua Morgan Method IQ Senior Network Engineer Mobile: (864) 449-9912 Email: [EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Open Relay and E2k
Thanks Joshua Morgan Email: [EMAIL PROTECTED] -Original Message- From: Bob Sadler [mailto:[EMAIL PROTECTED]] Sent: Monday, January 27, 2003 10:43 AM To: Exchange Discussions Subject: RE: Open Relay and E2k Out of the box, E2K is NOT setup for open relay. Unless you have changed the default settings, you should be fine. Bob Sadler City of Leawood, KS, USA WAN/Internet Specialist 913-339-6700 x194 -Original Message- From: Joshua R. Morgan [mailto:[EMAIL PROTECTED]] Sent: Monday, January 27, 2003 9:42 AM To: Exchange Discussions Subject: Open Relay and E2k I have a set up an Exchange 2000 server Windows 2000 SP3Exchange 2000 SP3 And I want to ensure that we are not an open relay,I know how to do this in Exchange 5.5 can someone point me to a doc that explains how to do this in E2k? TIA, Joshua Joshua Morgan Method IQ Senior Network Engineer Mobile: (864) 449-9912 Email: [EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Open Relay and E2k
http://www.exchangeadmin.com/Articles/Index.cfm?ArticleID=7696 Relay - 5.5 http://www.microsoft.com/TechNet/security/mail/excrelay.asp Relay - E2K http://support.microsoft.com/default.aspx?scid=kb;EN-US;q310380 Ed Crowley MCSE+Internet MVP kcCC+I Tech Consultant hp Services Protecting the world from PSTs and Bricked Backups! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Joshua R. Morgan Sent: Monday, January 27, 2003 7:42 AM To: Exchange Discussions Subject: Open Relay and E2k I have a set up an Exchange 2000 server Windows 2000 SP3Exchange 2000 SP3 And I want to ensure that we are not an open relay,I know how to do this in Exchange 5.5 can someone point me to a doc that explains how to do this in E2k? TIA, Joshua Joshua Morgan Method IQ Senior Network Engineer Mobile: (864) 449-9912 Email: [EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Verifying Third Party Relay (Open Relay) is disabled on Exchange 2k?
I'm getting ready to transfer the connecter from our 5.5 server to 2000. I think I have enverything configured the way I would like it to be, but I would like to verify open relay is in fact disabled. There is abundant information out there about how to verify this with Exchange 5.5, but can't find much for 2000? Any ideas? TIA! -Jason _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Verifying Third Party Relay (Open Relay) is disabled on Exchange2k?
I usually verify by a telnet session to port 25 and trying to relay a message myself. Have you followed these references? http://www.exchangeadmin.com/Articles/Index.cfm?ArticleID=7696 http://support.microsoft.com/default.aspx?scid=kb;EN-US;q310380 Ed Crowley MCSE+Internet MVP kcCC+I Tech Consultant hp Services Protecting the world from PSTs and Bricked Backups! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jason Brown Sent: Thursday, July 18, 2002 8:54 AM To: Exchange Discussions Subject: Verifying Third Party Relay (Open Relay) is disabled on Exchange 2k? I'm getting ready to transfer the connecter from our 5.5 server to 2000. I think I have enverything configured the way I would like it to be, but I would like to verify open relay is in fact disabled. There is abundant information out there about how to verify this with Exchange 5.5, but can't find much for 2000? Any ideas? TIA! -Jason _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Open relay question
I recently closed our open relay because we were blacklisted by orbz...now my external pop3 clients can't reply to addresses outside of our company.I am trying to find a solution, but so far nothing is working. Can anyone help? Thank You, Robert Williams Senior Network Administrator Raypak, Inc. [EMAIL PROTECTED] Phone - 805-278-5363 _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Re: Open relay question
FAQ - Original Message - From: Robert Williams [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, March 04, 2002 3:59 PM Subject: Open relay question I recently closed our open relay because we were blacklisted by orbz...now my external pop3 clients can't reply to addresses outside of our company.I am trying to find a solution, but so far nothing is working. Can anyone help? Thank You, Robert Williams Senior Network Administrator Raypak, Inc. [EMAIL PROTECTED] Phone - 805-278-5363 _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Open relay question
I am testing this with IMAP on my own account and it still does not work What is the setting on IMS for authentication? I chose that from routing restrictions.. On my OL2002 I check the outgoing server requires authentication under more settings Did I miss something? -Original Message- From: Roger Haxton [mailto:[EMAIL PROTECTED]] Sent: Monday, March 04, 2002 2:10 PM To: Exchange Discussions Subject: RE: Open relay question The list is going to tell you VPN or OWA, but that is not always an option. I personally use IMAP and authenticated SMTP to allow this over the internet for my travelling trainers and sales people. Works really well. Upside is that the mail stays on the server and can be accessed through OWA, Exchange or their IMAP client. They check the check box in OE that says you must authenticate to send mail and voila! No more open relay and all your people are happy. Regards, ~R~ -- Roger Haxton Network Administrator Factor/WR Hess [EMAIL PROTECTED] --- Whoever is careless with the truth in small matters cannot be trusted with important matters. -- Albert Einstein, Scientist/1954 -Original Message- From: Robert Williams [mailto:[EMAIL PROTECTED]] Sent: Monday, March 04, 2002 16:00 To: Exchange Discussions Subject: Open relay question I recently closed our open relay because we were blacklisted by orbz...now my external pop3 clients can't reply to addresses outside of our company.I am trying to find a solution, but so far nothing is working. Can anyone help? Thank You, Robert Williams Senior Network Administrator Raypak, Inc. [EMAIL PROTECTED] Phone - 805-278-5363 _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]