RE: relay question

• From: "John Tolmachoff \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
• To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
• Date: Thu, 9 Oct 2003 07:31:52 -0700

Testing relay by telneting does not always tell the whole story.

 

Is there any software that is severing as a gateway? (AV software)

 

Is there a user whose password could have become compromised?

 

Is there any relaying allowed by IP address?

 

Could the % hack been used? (A to address like
remoteuser%remotedomain.com@xxxxxxxxxxxxxxx
<mailto:remoteuser%25remotedomain.com@xxxxxxxxxxxxxxx> ) Some mail servers
(I am not sure about Exchange) will see that, receive it, and then send it
to remoteuser@xxxxxxxxxxxxxxxxx 

 

Have you checked the logs for how those messages were received?

 

Is message tracking turned on?

 

John Tolmachoff MCSE CSSA

Engineer/Consultant

eServices For You

www.eservicesforyou.com

 

-----Original Message-----
From: Mike Pfeiffer [mailto:mike@xxxxxxxxxxx] 
Sent: Wednesday, October 08, 2003 12:28 PM
To: [ExchangeList]
Subject: [exchangelist] relay question

 

http://www.MSExchange.org/

I just came across an Exchange 2000 server at a customer site that has
hundreds of messages in the outbound queue. The server is not currently an
open relay (tested using the telnet method) but all of the messages are from
addresses from outside domains to users in outside domains. Why would these
messages get put in remote delivery queue if the server doesn't allow
unknown users to relay mail?

 

Thanks for any help

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
johnlist@xxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub') 

Other related posts:

• » relay question
• » RE: relay question
• » RE: relay question

1. Home
2. exchangelist
3. Archive
4. 10-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---