RE: Server is acting as relay
- From: Kenwood@xxxxxxxxxxxxxxxxxxxx (Kenny Wood)
- Date: Sun, 01 May 2005 02:49:34 GMT
Hello Nathan,
You didn't mention what version of Exchange you are using (but it looks like 2003). It won't matter what version you are using to test, but if any changes need to be
made, it will matter. None the less, you can use these article to test and see if your server is setup for relay:
313395 How To Examine Relay Restrictions for Anonymous SMTP Connections and
http://support.microsoft.com/?id=313395
153119 XFOR: Telnet to Port 25 to Test SMTP Communication
http://support.microsoft.com/?id=153119
The important thing is going to be the response you get after you type the external recipient address (RCPT TO:someone@xxxxxxxxxxx). If relaying is disabled you
will get a 550 response. Getting a 250 means the system accepted the message, but does NOTmean it will deliver it. For example Exchange 5.5 would accept such a
message, but then bucket the message because it had no delivery path (in one configuration of Exchange 5.5). So if you get a 250, you will need to verify whether or not
the message was actually delivered. Exchange 2003 disables relaying by default (550 code would be seen).
The following is a KB article that may also be of assistance.
324958 How to block open SMTP relaying and clean up Exchange Server SMTP queues
http://support.microsoft.com/?id=324958
Thank you for your post.
Kenny Wood
CISSP, MCSE (+S, +M)
PSS Security
Microsoft Corporation
--
This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated.
--------------------
| Reply-To: "Nathan Weldon" <nweldon@xxxxxxxxxxxxxxxxx>
| From: "Nathan Weldon" <nweldon@xxxxxxxxxxxxxxxxx>
| Subject: Server is acting as relay
| Date: Fri, 29 Apr 2005 15:27:15 -0400
| Lines: 12
| Organization: USA Architects
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| Message-ID: <uhFsuFPTFHA.3040@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.exchange.admin
| NNTP-Posting-Host: mail.usaarchitects.com 63.115.34.18
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.exchange.admin:61767
| X-Tomcat-NG: microsoft.public.exchange.admin
|
| I'm testing out an intrusion prevention service from my firewall's
| manufacturer. I started this today and I'm getting consistant notifications
| of SMTP Relay detected with my email server's ip address as the source and
| an external address as the destination. The destination address is always
| the same on every alert. I know for fact I do not have relaying enabled on
| my server. Can anyone tell me what I should check, or should I just chalk
| this up to the firewall being overly sensitive? I looked up the IP address
| and it is registered to an ISP I've never heard of but I've not heard of a
| lot that are out there I'm sure. Should I be worried about this. I don't
| want spammers using my mail server.
|
|
|
.
- Prev by Date: RE: Who wants a shot at this error?
- Next by Date: Re: Nickname problem
- Previous by thread: RE: Who wants a shot at this error?
- Next by thread: Re: Nickname problem
- Index(es):
Relevant Pages
|
