Have you checked ScanMail for relay settings? There is a problem that if not configured correctly, will allow relaying. Can you post or send off list the headers of one of the spam messages being relayed? On #3, what IP that is dynamic are you referring to, yours or the spammers? I am referring to looking a the logs to see what IP the spammers is coming from. John Tolmachoff Engineer/Consultant/Owner eServices For You > -----Original Message----- > From: Ôåäîðóñ Äåíèñ Íèêîëàåâè÷ [mailto:denis@xxxxxxxxxx] > Sent: Monday, November 17, 2003 7:03 AM > To: [ExchangeList] > Subject: [exchangelist] RE: Exchange 2000 is still used as relay :( > > http://www.MSExchange.org/ > > 1. Yes TrendMicro > 2. Noop > 3. IP is dynamic, belongs to large provider > 4. I think so > 5. I have about 10 more servers, but transmission chain starts with this > particular exchange > it could be seen in the message header > > -----Original Message----- > From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] > Sent: Monday, November 17, 2003 5:56 PM > To: [ExchangeList] > Subject: [exchangelist] RE: Exchange 2000 is still used as relay :( > > > http://www.MSExchange.org/ > > Do you have AV software for Exchange acting as a gateway installed? > > Do you have any anti-spam software acting as a gateway installed? > > Have you reviewed the logs to see what IP the spammer is coming from? > > Have you followed the relay settings article on MSExchange.org? > > Do you have any other servers or such on the internal network that could > be > acting as a node in a relay chain, which you are then allowing Exchange to > freely relay for? > > John Tolmachoff > Engineer/Consultant/Owner > eServices For You > > > -----Original Message----- > > From: Denis N Fedorus [mailto:denis@xxxxxxxxxx] > > Sent: Monday, November 17, 2003 12:32 AM > > To: [ExchangeList] > > Subject: [exchangelist] Exchange 2000 is still used as relay :( > > > > http://www.MSExchange.org/ > > > > Hello! > > I've really stuck with this problem.. My exchange server is used as > relay > > for spam. In the SMTP server properties relay allowed only from internal > > subnet, authenticated users are alowed to relay too. I've installed > > MS03-046 patch recently. But today morning someone tryed to send spam > > throuh my server. Pls, advice what to do, I don't have any ideas.. > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Other Internet Software Marketing Sites: > > Leading Network Software Directory: http://www.serverfiles.com > > No.1 ISA Server Resource Site: http://www.isaserver.org > > Windows Security Resource Site: http://www.windowsecurity.com/ > > Network Security Library: http://www.secinf.net/ > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > > ------------------------------------------------------ > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 ISA Server Resource Site: http://www.isaserver.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 ISA Server Resource Site: http://www.isaserver.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------