Re: exchange getting relayed through

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Lanwench [MVP - Exchange] (lanwench_at_heybuddy.donotsendme.unsolicitedmail.atyahoo.com)
Date: 08/09/04 

Date: Mon, 9 Aug 2004 16:46:55 -0400

anonymous@discussions.microsoft.com wrote:
> Passwords are strong, authenticated is off. Mail is all
> comingt from the postmaster account. I am thinking it has
> to do with netsky but I don't see how.

It's your server trying to reply with an NDR or delivery report, most likely
to a spammer. Might be time to put in some content filtering s/w so that
junk doesn't get in to begin with....MailEssentials is pretty good, there
are outsourced services like Postini, there's also the Open Relay Filter
from www.vamsoft.com (can deny mail if address doesn't exist in AD)...maybe
a combo of one or two things is needed.

>
> Any other ideas?
>> -----Original Message-----
>> kevin mcauley wrote:
>>> I have looked all through the KB and found nothing to help
>>> on this, hopefully one of you has the answer. I have an
>>> exchange 2003 server, i have verified the anti relay
>>> settings (supposed to be out of the box) and yet my queues
>>> are still showing a bunch of email going out that isn't
>>> coming from my users. When I go to mailroot\vsi\queues it
>>> shows empty. My antivirus (trend) shows viruses on files
>>> in the queue (netsky) but no files show in the folder.
>>> Still my queues in system manager show about 18-24
>>> messages retrying to go out. Any ideas?
>>
>> First, make sure you've checked the 'from' settings in those
>> messages - if they're <>, that's your server trying to send an NDR
>> to a spammer, most of the time. Normal.
>>
>> Also see http://www.vamsoft.com/orf/authattack.asp....if you leave
>> authenticated relay disabled, and don't have a good password policy
>> in place (complex passwords, regular changes), and/or have enabled
>> the Guest account (a Bad Thing), someone may be exploiting your
>> server. I'd disable authenticated relay in addition to reviewing
>> password policies.... if you do have external POP users, have 'em
>> use their own ISP's
> SMTP server for
>> outbound mail.
>>>
>>> Kevin
>>
>>
>> .

Relevant Pages

  • Re: exchange getting relayed through
    ... Passwords are strong, authenticated is off. ... comingt from the postmaster account. ... >> in the queue (netsky) but no files show in the folder. ... >authenticated relay in addition to reviewing password ...
    (microsoft.public.exchange.admin)
  • RE: VmWare and Pen-test Learning
    ... Setup a tftp server on your client machine. ... Use John the Ripper to crack the passwords. ... (dictionary attacks, brute force, single mode). ... Download FREE whitepaper on how a managed service can help ...
    (Pen-Test)
  • Re: Strange SSID in the air...
    ... the cable modem assigning Gateway+DNS to the Linksys router etc.)? ... to verify that DNS lookups actually point to the real web site. ... from overloading one server, while another remains under-utilized. ... dumb applications that are not very smart about encrypting passwords. ...
    (alt.internet.wireless)
  • Re: unified authentication
    ... > I have a number of FreeBSD machines. ... Each *class* of server or device gets a different root password (or ... root/enable passwords, and have a bit less worry about ex-employees. ... only sysadmins have logins on routers.) ...
    (FreeBSD-Security)
  • Re: Strange SSID in the air...
    ... the cable modem assigning Gateway+DNS to the Linksys router etc.)? ... to verify that DNS lookups actually point to the real web site. ... from overloading one server, while another remains under-utilized. ... dumb applications that are not very smart about encrypting passwords. ...
    (alt.internet.wireless)