RE: Exchange 2000 is still used as relay :(

  • From: "??????? ????? ??????????" <denis@xxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Mon, 17 Nov 2003 18:42:27 +0300

1. I can't find such =(
2. I'll try to find one
3. IP of the spammer, I have static one

Denis N Fedorus
System administrator

-----Original Message-----
From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
Sent: Monday, November 17, 2003 6:14 PM
To: [ExchangeList]
Subject: [exchangelist] RE: Exchange 2000 is still used as relay :(


http://www.MSExchange.org/

Have you checked ScanMail for relay settings? There is a problem that if not
configured correctly, will allow relaying. 

Can you post or send off list the headers of one of the spam messages being
relayed?

On #3, what IP that is dynamic are you referring to, yours or the spammers?
I am referring to looking a the logs to see what IP the spammers is coming
from.

John Tolmachoff
Engineer/Consultant/Owner
eServices For You


> -----Original Message-----
> From: Ôåäîðóñ Äåíèñ Íèêîëàåâè÷ [mailto:denis@xxxxxxxxxx]
> Sent: Monday, November 17, 2003 7:03 AM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Exchange 2000 is still used as relay :(
> 
> http://www.MSExchange.org/
> 
> 1. Yes TrendMicro
> 2. Noop
> 3. IP is dynamic, belongs to large provider
> 4. I think so
> 5. I have about 10 more servers, but transmission chain starts with this
> particular exchange
> it could be seen in the message header
> 
> -----Original Message-----
> From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
> Sent: Monday, November 17, 2003 5:56 PM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Exchange 2000 is still used as relay :(
> 
> 
> http://www.MSExchange.org/
> 
> Do you have AV software for Exchange acting as a gateway installed?
> 
> Do you have any anti-spam software acting as a gateway installed?
> 
> Have you reviewed the logs to see what IP the spammer is coming from?
> 
> Have you followed the relay settings article on MSExchange.org?
> 
> Do you have any other servers or such on the internal network that could
> be
> acting as a node in a relay chain, which you are then allowing Exchange to
> freely relay for?
> 
> John Tolmachoff
> Engineer/Consultant/Owner
> eServices For You
> 
> > -----Original Message-----
> > From: Denis N Fedorus [mailto:denis@xxxxxxxxxx]
> > Sent: Monday, November 17, 2003 12:32 AM
> > To: [ExchangeList]
> > Subject: [exchangelist] Exchange 2000 is still used as relay :(
> >
> > http://www.MSExchange.org/
> >
> > Hello!
> > I've really stuck with this problem.. My exchange server is used as
> relay
> > for spam. In the SMTP server properties relay allowed only from internal
> > subnet, authenticated users are alowed to relay too. I've installed
> > MS03-046 patch recently. But today morning someone tryed to send spam
> > throuh my server.  Pls, advice what to do, I don't have any ideas..
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 ISA Server Resource Site: http://www.isaserver.org
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Network Security Library: http://www.secinf.net/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------


Other related posts: