Ureader.com  
Microsoft software help and Community
   home   |   control panel login   |   archive   |  
 
Exchange
2000.active.directory
2000.admin
2000.announcements
2000.app.conversion
2000.applications
2000.clients
2000.clustering
2000.connectivity
2000.development
2000.documentation
2000.general
2000.information.store
2000.interop
2000.kms
2000.misc
2000.protocols
2000.realtime.collabo.
2000.setup
2000.transport
2000.win2000
admin
application.conversion
applications
clients
clustering
connectivity
design
development
misc
mobility
setup
tools
  
 
date: Wed, 21 Nov 2007 07:44:34 -0500,    group: microsoft.public.exchange2000.admin        back       


Help Needed - Relay Issue?    
Hello All:

Seems there is unauthorized mail being sent from my server and I cannot 
figure out how. I've tested the server from several different open relay 
sites and it comes up good. I've scanned from viruses with the latest defs 
and it also came up good. From the log files, I can see that mail is being 
relayed and I cannot figure out how. Below is a few lines from the smtp 
logs. Any help would be appreciated. Thanks in advance.

2007-11-20 05:00:33 69.42.57.92 mxserv30.com.57.42.69.in-addr.arpa SMTPSVC1 
0 250
2007-11-20 05:00:33 69.42.57.92 mxserv30.com.57.42.69.in-addr.arpa SMTPSVC1 
0 240
2007-11-20 05:00:39 194.2.0.80 OutboundConnectionResponse SMTPSVC1 25 0
2007-11-20 05:00:39 194.2.0.80 OutboundConnectionCommand SMTPSVC1 25 0
2007-11-20 05:00:39 194.2.0.80 OutboundConnectionResponse SMTPSVC1 25 0
2007-11-20 05:02:07 76.4.105.92 fl-76-4-105-92.dhcp.embarqhsd.net SMTPSVC1 0 
250
2007-11-20 05:02:07 76.4.105.92 fl-76-4-105-92.dhcp.embarqhsd.net SMTPSVC1 0 
250
2007-11-20 05:02:07 76.4.105.92 fl-76-4-105-92.dhcp.embarqhsd.net SMTPSVC1 0 
250
2007-11-20 05:02:07 76.4.105.92 fl-76-4-105-92.dhcp.embarqhsd.net SMTPSVC1 0 
250
2007-11-20 05:02:07 76.4.105.92 fl-76-4-105-92.dhcp.embarqhsd.net SMTPSVC1 0 
240
2007-11-20 05:02:43 64.71.41.19 OutboundConnectionResponse SMTPSVC1 25 0
date: Wed, 21 Nov 2007 07:44:34 -0500   author:   Microsoft News Groups DJ

Re: Help Needed - Relay Issue?    
Microsoft News Groups <DJ> wrote:
> Hello All:
>
> Seems there is unauthorized mail being sent from my server and I
> cannot figure out how. I've tested the server from several different
> open relay sites and it comes up good. I've scanned from viruses with
> the latest defs and it also came up good. From the log files, I can
> see that mail is being relayed and I cannot figure out how. Below is
> a few lines from the smtp logs. Any help would be appreciated. Thanks
> in advance.
<snip>

The logs you've included don't indicate you're being used as a relay 
(although they aren't detailed enough to demonstrate either way). Let's 
start with the basics - what precisely makes you believe you're being used 
as one?

See http://www.msexchange.org/tutorials/MF005.html for a good overview of 
relaying and spam. E2k/2003 do not permit open relay by default, although 
they do permit authenticated relay.

If you don't have strong/complex password policies enabled, force regular 
password changes, have enabled guest, etc., someone may exploit 
authenticated relay. If you don't need authenticated relay, disable it. You 
can always have any external POP users use their own ISP's SMTP server for 
outbound mail anyway.
See http://www.vamsoft.com/orf/authattack.asp
date: Sun, 25 Nov 2007 11:00:10 -0500   author:   Lanwench [MVP - Exchange]

Google
 
Web ureader.com


    COPYRIGHT 2007, YARDI TECHNOLOGY LIMITED, ALL RIGHT RESERVE  |   contact us