RE: Exchange 2000 is still used as relay :(
- From: "John Tolmachoff \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
- To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
- Date: Mon, 17 Nov 2003 07:13:40 -0800
Have you checked ScanMail for relay settings? There is a problem that if not
configured correctly, will allow relaying.
Can you post or send off list the headers of one of the spam messages being
relayed?
On #3, what IP that is dynamic are you referring to, yours or the spammers?
I am referring to looking a the logs to see what IP the spammers is coming
from.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
> -----Original Message-----
> From: Ôåäîðóñ Äåíèñ Íèêîëàåâè÷ [mailto:denis@xxxxxxxxxx]
> Sent: Monday, November 17, 2003 7:03 AM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Exchange 2000 is still used as relay :(
>
> http://www.MSExchange.org/
>
> 1. Yes TrendMicro
> 2. Noop
> 3. IP is dynamic, belongs to large provider
> 4. I think so
> 5. I have about 10 more servers, but transmission chain starts with this
> particular exchange
> it could be seen in the message header
>
> -----Original Message-----
> From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
> Sent: Monday, November 17, 2003 5:56 PM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Exchange 2000 is still used as relay :(
>
>
> http://www.MSExchange.org/
>
> Do you have AV software for Exchange acting as a gateway installed?
>
> Do you have any anti-spam software acting as a gateway installed?
>
> Have you reviewed the logs to see what IP the spammer is coming from?
>
> Have you followed the relay settings article on MSExchange.org?
>
> Do you have any other servers or such on the internal network that could
> be
> acting as a node in a relay chain, which you are then allowing Exchange to
> freely relay for?
>
> John Tolmachoff
> Engineer/Consultant/Owner
> eServices For You
>
> > -----Original Message-----
> > From: Denis N Fedorus [mailto:denis@xxxxxxxxxx]
> > Sent: Monday, November 17, 2003 12:32 AM
> > To: [ExchangeList]
> > Subject: [exchangelist] Exchange 2000 is still used as relay :(
> >
> > http://www.MSExchange.org/
> >
> > Hello!
> > I've really stuck with this problem.. My exchange server is used as
> relay
> > for spam. In the SMTP server properties relay allowed only from internal
> > subnet, authenticated users are alowed to relay too. I've installed
> > MS03-046 patch recently. But today morning someone tryed to send spam
> > throuh my server. Pls, advice what to do, I don't have any ideas..
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 ISA Server Resource Site: http://www.isaserver.org
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Network Security Library: http://www.secinf.net/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
Other related posts:
