[ExchangeList] Re: Relaying mail but NOT an open relay... Compromised?

  • From: "Steve Frechette" <stevef@xxxxxxxxxx>
  • To: <exchangelist@xxxxxxxxxxxxx>
  • Date: Mon, 17 Jul 2006 13:58:07 -0500

http://www.msexchange.org
-------------------------------------------------------Very strange. I was just 
looking at our network traffic and noticed a LOT of
stuff going out from the exchange server that I setup....we havent used it
because I havent gotten around to it yet, but wow....i feel like maybe this
is happening to us! 


Enjoy the day,
 
Steve Frechette
Network Administrator
CCI

-----Original Message-----
From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of
ChongJa@xxxxxxxxxxxxxxxx
Sent: Monday, July 17, 2006 10:27 AM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: Relaying mail but NOT an open relay...
Compromised?

http://www.msexchange.org
-------------------------------------------------------Possibly a virus as
George has suggested. There are a number of viruses that exploit the "allow
all computers which successfully authenticate to relay" I experienced this
with one virus about 2 years back in which I saw the exact symptoms as
yours. I would start with using your Enterprise AV application to scan and
report any viruses on your network. 

-----Original Message-----
From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Tasita Ebacher
Sent: Monday, July 17, 2006 10:31 AM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Relaying mail but NOT an open relay...
Compromised?

http://www.msexchange.org
-------------------------------------------------------Hello all,


I'm working on an Exchange Server 2003 server that appears to be sending
mail like it's an open relay.  In the Message Tracking Center there are lots
of messages (a few every minute) that are from external domains being sent
to other external domains.  

The server is setup to NOT be relaying anything, and Relay tests have proved
negative for being a relay.

The client has even called Microsoft to get support on the server and they
couldn't find any problem.  I just don't see how it's relaying mail...
Unless it's internally compromised somehow, but I can't see anything
unusual.


Has anyone ever seen anything like this before...??

I appreciate any advice!

Thank you,
TE
-------------------------------------------------------
List Archives: http://www.freelists.org/archives/exchangelist/
MSExchange Newsletter: http://www.msexchange.org/pages/newsletter.asp
MSExchange Articles and Tutorials:
http://www.msexchange.org/articles_tutorials/
MSExchange Blogs: http://blogs.msexchange.org/
-------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
-------------------------------------------------------
To unsubscribe visit http://www.msexchange.org/pages/exchangelist.asp
Report abuse to listadmin@xxxxxxxxxxxxxx 

-------------------------------------------------------
List Archives: http://www.freelists.org/archives/exchangelist/
MSExchange Newsletter: http://www.msexchange.org/pages/newsletter.asp
MSExchange Articles and Tutorials:
http://www.msexchange.org/articles_tutorials/
MSExchange Blogs: http://blogs.msexchange.org/
-------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
-------------------------------------------------------
To unsubscribe visit http://www.msexchange.org/pages/exchangelist.asp
Report abuse to listadmin@xxxxxxxxxxxxxx 


-------------------------------------------------------
List Archives: http://www.freelists.org/archives/exchangelist/
MSExchange Newsletter: http://www.msexchange.org/pages/newsletter.asp
MSExchange Articles and Tutorials: http://www.msexchange.org/articles_tutorials/
MSExchange Blogs: http://blogs.msexchange.org/
-------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
-------------------------------------------------------
To unsubscribe visit http://www.msexchange.org/pages/exchangelist.asp
Report abuse to listadmin@xxxxxxxxxxxxxx

Other related posts: