RE: Relay Nightmare
- From: "Craig_Weil" <craig_weil@xxxxxxxxxxx>
- To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
- Date: Mon, 27 Sep 2004 11:10:54 -0700
MessageHi there Tom,
Yeah, that was one of my initial thoughts too. I ran Ethereal on the mail
server and filtered by port 25. The packets I captured would display the
originating and destination email addresses and I then verified that they were
being queued by using the Message Tracking portion of System Manager. All IP
addresses referenced in the packets were from outside sources. It has me
stumped!
Craig
----- Original Message -----
From: Thomas W Shinder
To: [ExchangeList]
Sent: Saturday, September 25, 2004 9:54 PM
Subject: [exchangelist] RE: Relay Nightmare
http://www.MSExchange.org/
Hi Craig,
Do a NetMon trace and identify the source IP address of the relayed spam. It
could be that your users are infected with a spam generator and the spammer is
leveraging their authenticated connections.
HTH,
Tom
www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
-----Original Message-----
From: Craig_Weil [mailto:craig_weil@xxxxxxxxxxx]
Sent: Friday, September 24, 2004 2:02 PM
To: [ExchangeList]
Subject: [exchangelist] Relay Nightmare
http://www.MSExchange.org/
Running Exchange 2000, default settings for the smtp virtual server...
(Anonymous Access - so we can receive outside email, Basic Authentication,
Integrated Windows Authentication all checked, Relay restrictions set to "Only
the list below" which is empty and "Allow all computers which successfully
authenticate to relay..." checked so that employees can send mail while
connected to another ISP, Outbound Security options set as default - Anonymous
Access checked)
My server is STILL relaying mail. I can look in any number of queues and
it's like a clearing house for spam.
Any ideas?
Much appreciation!
Craig
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
tshinder@xxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
craig_weil@xxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx
Other related posts:
