Re: Server help!! Possible comprimised over 6000 NDRs!!!! HELP!

  • From: "KEN MORRIS" <KMORRIS@xxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Wed, 24 Sep 2003 08:45:08 -0400

Mike,
Thank you, I took a look first thing and that was checked. It is not anymore.
Craig,
Yes it is set to not allow relaying (however I was unaware of the SMPT
setting as well)
 
Question for all, How do I clear my SMTP Queues?
 
Thank you for your help!
Ken
 
 

        -----Original Message----- 
        From: Wohlgemuth, Mike [mailto:WohlgemuthM@xxxxxxxxxxxxxxxxxxx] 
        Sent: Wed 9/24/2003 7:06 AM 
        To: [ExchangeList] 
        Cc: 
        Subject: RE: [exchangelist] Re: Server help!! Possible comprimised
over 6000 NDRs!!!! HELP!
        
        
        I had the same problem ...
         
        under the relay on the smtp default server, I needed to uncheck
"allow to relay regardless of the list above" ...
         
        here is what I gathered from microsoft q papers (can't find them
right now ...) .. you have to have anonymous authentication checked, and IF
you also have "allow to relay regardless of the list above" checked, then
spammers authenticate anonymously to your server to relay .... I think most
of the spam is caught (i.e. that is why you have 6000 ndrs) ... but it still
ends up that you are processing all those emails ...
         
        mike

                -----Original Message----- 
                From: Craig Weil [mailto:craig_weil@xxxxxxxxxxx] 
                Sent: Tue 9/23/2003 10:14 PM 
                To: [ExchangeList] 
                Cc: 
                Subject: [exchangelist] Re: Server help!! Possible
comprimised over 6000 NDRs!!!! HELP!
                
                

                http://www.MSExchange.org/
                
                By "spoofing" do you mean that you're sure that your server
is configured to
                disallow relaying?
                
                Craig A. Weil
                Network Administrator
                
                
                ----- Original Message -----
                From: "KEN MORRIS" <KMORRIS@xxxxxxx>
                To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
                Sent: Tuesday, September 23, 2003 6:51 PM
                Subject: [exchangelist] Server help!! Possible comprimised
over 6000
                NDRs!!!! HELP!
                
                
                > http://www.MSExchange.org/
                >
                >
                > This is a multi-part message in MIME format.
                >
                
                
        
----------------------------------------------------------------------------
                ----
                
                
                > Hello,
                >
                > As Exchange Admin (with little training unfortunately) I
recieve the
                NDR's.
                > Today I have recieved over 6000 NRD's all with subjects,
email addresses
                both
                > send and recieve that are not a part of our domain.
                > I have checked to ensure that spoofing is disabled, yet I
cannot figure
                out
                > how we are being used.
                >
                > I can forward on one of the NRD's to anyone. I have not
been able to
                figure a
                > way to check the headers on the NDR. Here is a copy of the
text for one of
                > the NDR's:
                >
                > The following recipient(s) could not be reached:
                >
                >   cathyb76@xxxxxxxxxxx on 9/23/2003 9:43 PM
                >   There was a SMTP communication problem with the
recipient's email
                server.
                > Please contact your system administrator.
                >   <server.company #5.5.0 smtp;550 Requested action not
taken: mailbox
                > unavailable>
                >
                > I figure that by morning, my inbox will be once again
filled, could you
                > please forward any questions to k2keener@xxxxxxxxxxx  as
well as the list.
                I
                > do not want to loose any responses.
                >
                > Thanks
                >
                > Ken
                >
                >
                
                
        
----------------------------------------------------------------------------
                ----
                
                
                > ------------------------------------------------------
                > List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
                > Exchange Newsletters:
http://www.msexchange.org/pages/newsletter.asp
                > Exchange FAQ:
http://www.msexchange.org/pages/larticle.asp?type=FAQ
                > ------------------------------------------------------
                > Other Internet Software Marketing Sites:
                > Leading Network Software Directory:
http://www.serverfiles.com
                > No.1 ISA Server Resource Site: http://www.isaserver.org
                > Windows Security Resource Site:
http://www.windowsecurity.com/
                > Network Security Library: http://www.secinf.net/
                > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
                > ------------------------------------------------------
                > You are currently subscribed to this MSExchange.org
Discussion List as:
                craig_weil@xxxxxxxxxxx
                > To unsubscribe send a blank email to
                leave-exchangelist-1661321N@xxxxxxxxxxxxx
                >
                
                ------------------------------------------------------
                List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
                Exchange Newsletters:
http://www.msexchange.org/pages/newsletter.asp
                Exchange FAQ:
http://www.msexchange.org/pages/larticle.asp?type=FAQ
                ------------------------------------------------------
                Other Internet Software Marketing Sites:
                Leading Network Software Directory:
http://www.serverfiles.com
                No.1 ISA Server Resource Site: http://www.isaserver.org
                Windows Security Resource Site:
http://www.windowsecurity.com/
                Network Security Library: http://www.secinf.net/
                Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
                ------------------------------------------------------
                You are currently subscribed to this MSExchange.org
Discussion List as: wohlgemuthm@xxxxxxxxxxxxxxxxxxx
                To unsubscribe send a blank email to
leave-exchangelist-1661321N@xxxxxxxxxxxxx
                

Other related posts: