RE: Relay part II

  • From: "Jamie A. Byrnes" <jabyrnes@xxxxxxxxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Wed, 28 May 2003 10:06:48 +0930

Doug,

Gettting the "bad guys" out there can be difficult if they know what
they're doing, but I have a couple of suggestions:

Received: from 156.60.99.159 ([61.59.35.117] RDNS failed) by
mail1.ogh.org with Microsoft SMTPSVC(5.0.2195.5329);
         Tue, 27 May 2003 10:49:03 -0400

If the address in square brackets is the same or similar each time then
you may be able to do something. If the same then they should be "always
on" and you can report the address to their ISP. Looking up this address
tells me that it is a dial-up account with SeedNet in Taiwan, so the
only other option would be to make a list of the relay attempts and
forward that to the ISP (poss. abuse@xxxxxxxxxxx ?). Unlikely to get
results though, must admit.

You could also configure your relay to only accept sending hosts with
valid RDNS - which this one doesn't - although I'm afraid I don't know
how to set it up with your config.


Jamie.



-----Original Message-----
From: Stelley, Doug [mailto:dstelley@xxxxxxx] 
Sent: Wednesday, 28 May 2003 5:12 AM
To: [ExchangeList]
Subject: [exchangelist] Relay part II


http://www.MSExchange.org/

OK,
I believe we cured that one. Whether it was a flaw, a hack or what I
don't know, but by uninstalling/re-installing the SMTP services on that
server, we were able to "cure" it. I reinstalled the GFI suite, and I
believe all is well again.
Now when I try to relay I get the "unable to relay" message instantly,
life is good again.
Now if I only can shoot a billion volts of electric through to that
MF'er in Taiwan who helped himself to my services, I'd be a happy man.
Thanks all :-)

Doug Stelley
Network Admin.
Olean General Hospital
(716)375-7320

It is my ambition to say in ten sentences what others say in a whole
book. - Friedrich Nietzsche 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
jabyrnes@xxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub') 

_______________________
Confidentiality Notice: The information contained in this message may be
legally privileged and confidential information intended only for the
use of the individual or entity named above. If the reader of this
message is not the intended recipient, or the employee or agent
responsible to deliver it to the intended recipient, you are hereby
notified that any release, dissemination, distribution, or copying of
this communication is strictly prohibited. If you have received this
communication in error please notify the author immediately by replying
to this message and deleting the original message. Thank you.


Other related posts: