|
|
|
date: Fri, 28 Apr 2006 11:56:01 -0700,
group: microsoft.public.exchange2000.general
back
Re: Unauthorized Message Relay
On Fri, 28 Apr 2006 11:56:01 -0700, BackthePack
wrote:
>I am pretty sure our server is being used to relay messages, lots of them.
>Our badmail folder fills up constantly and at inconsistant intervals, MDBDATA
>receives 5MB log files in bunches, like 20 or 30 files in a few minutes.
>Message tracking shows dozens of emails in just a few minutes. We only have
>about a dozen users, and email is used only occassionaly by any one of them.
>I have read tons of articles about the SMTP Virtual Server settings and have
>tried all kinds of combinations to shut this down, but to no avail. If I
>"uncheck" Anonomous Access in Authentication, it stops the badmail, but also
>stops all outside email from coming in. We are behind a firewall and I have
>the relay restrictions set to "Only the list below" and in the "list below"
>have our LAN ip xxx.xxx.xxx.0/255.255.255.0. Is there something simple I am
>missing or is this a problem with a difficult solution?
You're probably not being used as a relay ut you shouldn't actually
need to have any addresses allowed to subnet anyway.
Badmail won't have anything to do with the log files mounting up so
there are a couple of issues. If you receive a lot in the badmail you
may be receiving a lot of spam messages but the log file creation
could be down to that spam or another reason such as a message loop or
the odd virus scan that's doing directories it shouldn't.
date: Fri, 28 Apr 2006 20:29:48 +0100
author: Mark Arnold [MVP]
Re: Unauthorized Message Relay
You are right. If I take the subnet out of Relay Restrictions, it has no
effect. The problem I have is any changes that I make that shut down the Bad
Mail accumulation, shuts down outside email. How should I have the SMTP
Virtual server configured, or should I be looking somewhere else in Exchange?
"Mark Arnold [MVP]" wrote:
> On Fri, 28 Apr 2006 11:56:01 -0700, BackthePack
> wrote:
>
> >I am pretty sure our server is being used to relay messages, lots of them.
> >Our badmail folder fills up constantly and at inconsistant intervals, MDBDATA
> >receives 5MB log files in bunches, like 20 or 30 files in a few minutes.
> >Message tracking shows dozens of emails in just a few minutes. We only have
> >about a dozen users, and email is used only occassionaly by any one of them.
> >I have read tons of articles about the SMTP Virtual Server settings and have
> >tried all kinds of combinations to shut this down, but to no avail. If I
> >"uncheck" Anonomous Access in Authentication, it stops the badmail, but also
> >stops all outside email from coming in. We are behind a firewall and I have
> >the relay restrictions set to "Only the list below" and in the "list below"
> >have our LAN ip xxx.xxx.xxx.0/255.255.255.0. Is there something simple I am
> >missing or is this a problem with a difficult solution?
>
> You're probably not being used as a relay ut you shouldn't actually
> need to have any addresses allowed to subnet anyway.
>
> Badmail won't have anything to do with the log files mounting up so
> there are a couple of issues. If you receive a lot in the badmail you
> may be receiving a lot of spam messages but the log file creation
> could be down to that spam or another reason such as a message loop or
> the odd virus scan that's doing directories it shouldn't.
>
date: Mon, 1 May 2006 10:05:02 -0700
author: BackthePack
Re: Unauthorized Message Relay
Hi,
These should help:
http://www.msexchange.org/tutorials/MF005.html
http://www.vamsoft.com/orf/authattack.asp
Leif
"BackthePack" wrote in message
news:8876A45A-ECB8-4D55-834B-39B4C140967E@microsoft.com...
> You are right. If I take the subnet out of Relay Restrictions, it has no
> effect. The problem I have is any changes that I make that shut down the
> Bad
> Mail accumulation, shuts down outside email. How should I have the SMTP
> Virtual server configured, or should I be looking somewhere else in
> Exchange?
>
> "Mark Arnold [MVP]" wrote:
>
>> On Fri, 28 Apr 2006 11:56:01 -0700, BackthePack
>> wrote:
>>
>> >I am pretty sure our server is being used to relay messages, lots of
>> >them.
>> >Our badmail folder fills up constantly and at inconsistant intervals,
>> >MDBDATA
>> >receives 5MB log files in bunches, like 20 or 30 files in a few minutes.
>> >Message tracking shows dozens of emails in just a few minutes. We only
>> >have
>> >about a dozen users, and email is used only occassionaly by any one of
>> >them.
>> >I have read tons of articles about the SMTP Virtual Server settings and
>> >have
>> >tried all kinds of combinations to shut this down, but to no avail. If
>> >I
>> >"uncheck" Anonomous Access in Authentication, it stops the badmail, but
>> >also
>> >stops all outside email from coming in. We are behind a firewall and I
>> >have
>> >the relay restrictions set to "Only the list below" and in the "list
>> >below"
>> >have our LAN ip xxx.xxx.xxx.0/255.255.255.0. Is there something simple
>> >I am
>> >missing or is this a problem with a difficult solution?
>>
>> You're probably not being used as a relay ut you shouldn't actually
>> need to have any addresses allowed to subnet anyway.
>>
>> Badmail won't have anything to do with the log files mounting up so
>> there are a couple of issues. If you receive a lot in the badmail you
>> may be receiving a lot of spam messages but the log file creation
>> could be down to that spam or another reason such as a message loop or
>> the odd virus scan that's doing directories it shouldn't.
>>
date: Sat, 6 May 2006 19:45:39 +0200
author: Leif Pedersen [MVP]
|
|
