RE: Server help!! Possible comprimised over 6000 NDRs!!!! HELP!
- From: "John Tolmachoff \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
- To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
- Date: Tue, 23 Sep 2003 19:01:55 -0700
Your exchange server is almost positive a open relay.
You need to disallow relay right now.
What is the domain of your exchange server and the IP address and I can
test.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-----Original Message-----
From: KEN MORRIS [mailto:KMORRIS@xxxxxxx]
Sent: Tuesday, September 23, 2003 6:52 PM
To: [ExchangeList]
Subject: Server help!! Possible comprimised over 6000 NDRs!!!! HELP!
Importance: High
Hello,
As Exchange Admin (with little training unfortunately) I recieve the NDR's.
Today I have recieved over 6000 NRD's all with subjects, email addresses
both send and recieve that are not a part of our domain.
I have checked to ensure that spoofing is disabled, yet I cannot figure out
how we are being used.
I can forward on one of the NRD's to anyone. I have not been able to figure
a way to check the headers on the NDR. Here is a copy of the text for one of
the NDR's:
The following recipient(s) could not be reached:
cathyb76@xxxxxxxxxxx on 9/23/2003 9:43 PM
There was a SMTP communication problem with the recipient's email server.
Please contact your system administrator.
<server.company #5.5.0 smtp;550 Requested action not taken: mailbox
unavailable>
I figure that by morning, my inbox will be once again filled, could you
please forward any questions to k2keener@xxxxxxxxxxx as well as the list. I
do not want to loose any responses.
Thanks
Ken
Other related posts:
