Re: queues problem Please help ASAP
From: Ramadan Al-Jallad (ramadan19_at_hotmail.com)
Date: 07/11/04
- Next message: Administrator: "Re: POP3 Exc2K3"
- Previous message: Ramadan Al-Jallad: "Re: queues problem Please help ASAP"
- In reply to: Rich Matheisen [MVP]: "Re: queues problem Please help ASAP"
- Next in thread: Ramadan Al-Jallad: "Re: queues problem Please help ASAP"
- Reply: Ramadan Al-Jallad: "Re: queues problem Please help ASAP"
- Reply: Rich Matheisen [MVP]: "Re: queues problem Please help ASAP"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 11 Jul 2004 11:04:11 +0200
"Rich Matheisen [MVP]" <richnews@rmcons.com.NOSPAM.COM> wrote in message
news:0md1f0t497u8k5p9qe5sf454dbpjtl49j4@4ax.com...
> "Ramadan Al-Jallad" <ramadan19@hotmail.com> wrote:
>
> >Dear All:
> >I haave the follwing case :
> >1-I have Exch2k3 on win2k server
> >2-My exch2k3 is a secureNat client
> >3-It is connected to the internal DNS and the internal DNS has a
> >forwarders which are my ISP DNSs
> >4-Exch2k3 is behind ISA2k
> >5-There are publishing rules for the following services in ISA:
> > DNS query for internal DNS
> > server publishing for exch2k3
> > OWA,OMA
> >........................................................................
> >since one month all of things are Ok
> >but befor 3 days strainge things were hapened
> >when exch is ON my outbound connection is full(128kbps) As I can show the
> >outbound connection from telneting my router .
> >and if it is OFF the connection traffic goes down
> >and my outgoign messages are in the queues and slowly going down and
reports
> >of delay are generated to my users
> >small emails are leaving the queue but with a dely
> >I checked viruses by symantec corporate edition server and virueses are
> >quarentin
> >configure relay to be blocked from open relay
> >when I add MSexchangeTransport to event viewer I get alot of events.
> >the events are :
> >The remote server did not respond to a connection attempt.
> >and another one: Message delivery to the remote domain 'xxxxxx.com'
failed
> >for the following reason: Unable to bind to the destination server in
DNS.
> >also: Message delivery to the host ( ip address) failed while
delivering
> >to the remote domain 'finex.fi' for the following reason: The connection
> >was dropped by the remote host.
> >
> >I am realy in trouble so please help
> >and thank you very much for any postive comments.
>
> Either you're being heavily spammed, you're being used in a "reverse
> NDR" attack, or your server's an open SMTP relay.
how can I know that by short way
and How can I check the 2 possiblities
>
> You can eliminate the NDR's from spam by configuring the Exchange
> server to use the AD to verify the address on the inbound mail is
> correct. If it isn't, the mail isn't accepted.
can you please show me how to make that.
>
> If it's a reverse-NDR attack you'll have to block the IP addresses of
> the originator.
How to make that?
> If you're an open SMTP relay, close the relay.
How to make that?
>
> A final possibility is that you've assigned a weak password to a
> common account (administrator, iusr_<servername>, webmaster, etc.) and
> someone's cracked the password. It can also be one of your user's
> accounts that compromised. If you don;t nned it, don't allow relaying
> by authenticated clients.
I don't think so because we made a complexity requirement for passwords.
thak you very much
Hope to reply.
>
> --
> Rich Matheisen
> MCSE+I, Exchange MVP
> MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
- Next message: Administrator: "Re: POP3 Exc2K3"
- Previous message: Ramadan Al-Jallad: "Re: queues problem Please help ASAP"
- In reply to: Rich Matheisen [MVP]: "Re: queues problem Please help ASAP"
- Next in thread: Ramadan Al-Jallad: "Re: queues problem Please help ASAP"
- Reply: Ramadan Al-Jallad: "Re: queues problem Please help ASAP"
- Reply: Rich Matheisen [MVP]: "Re: queues problem Please help ASAP"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
