Re: Incoming mail for recipients not in my domain

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: PaulB (p.bassett_at_zeda.co.uk)
Date: 02/04/04 

Date: Wed, 4 Feb 2004 15:31:23 -0000

Thanks for the advice, Ben.
Regarding point 1:
Guest account is disabled
The setting on my SMTP virtual server is indeed to allow authenticated users
to relay. However, in the access control 'anonymous access' is allowed.
Isn't this a paradox? Also 'basic authentication' and 'Integrated Windows
authentication' are enabled. Is this what you would recommend or should I
disable one or more of these?

Point 2:
Just taking one of these damned mail messages at random:
Sent from: "Aniana Burns" binisatchelsadorable@hahale.net
Subject: Free S@mp1e of We1ght Loss Pr0duct!
Envelope recipients: lerickso@eudoramail.com;

This message sits in my queue trying to get back to the sender address as it
is presumably not deliverable to the eudora address. I have to say that
right now I would consider a brief custodial sentence as worthwhile if only
I could have the satisfaction of repeatedly smashing the perpetrator's face
into my knee...

Any ideas? (about the technical problem, not the idea of violent assault).
PaulB

"Ben Winzenz [Exchange MVP]" <benwinzenz@NOSPAM.gardnerwhite.com> wrote in
message news:ee#3g6y6DHA.360@TK2MSFTNGP12.phx.gbl...
> A couple of things might be happening here.
>
> 1. Although you are not an open relay, someone could be relaying through
> your sever using authentication (i.e. a password has been compromised, or
> your Guest account is Enabled). The default settings on the SMTP Virtual
> Server are to allow all computers that successfully authenticate to relay.
> There was another person on the newsgroups recently that had this
problem -
> it ended up being Norton Ghost had created an account and the password had
> been compromised. Checking your SMTP Logs
> (c:\winnt\system32\logfiles\smtpsvc1 is the default location) may help you
> in finding out which account is doing this.
>
> 2. You are not an open relay, but someone else could still be attempting
to
> relay off your server. There are certain formats of messages that
Exchange
> will initially accept (even though the recipient is not local), only to
> later reject. If you look in the queues for thes remote domains, and
choose
> "Enumerate 100 messages", are they actual e-mails, or is the sender <>, or
> postmaster@yourdomain.com?
>
> --
> Ben Winzenz
> MVP - Exchange
> Network Engineer
> Gardner & White
>
> Exchange FAQ's: http://www.swinc.com/resource/exch_faq.htm
> Exchange 2000 FAQ's: http://www.swinc.com/resource/e2kfaq.htm
>
>
> "PaulB" <p.bassett@zeda.co.uk> wrote in message
> news:%23BuP7ww6DHA.1636@TK2MSFTNGP12.phx.gbl...
> > I expect this is a simple problem but my mail server is, for want of a
> > better word, being attacked several times a day by incoming SMTP traffic
> > that is destined for recipients for domains outside of my domain.
> > To clarify: my domain is zeda.co.uk but frequently I see in the 'current
> > connections' a connection from a spurious external host with a name like
> > 'regal' or 'dolphin' or some other word that looks like it has been
picked
> > from a dictionary rather than host.domain.tld The mail that is being
> > accepted by my server is destined for thousands of spurious users at
other
> > domains. Therefore my Exchange server starts creating queues to try to
> send
> > these mails out but, in the majority of cases, the server or recipient
> > cannot be reached so they just sit in the queue until the message
expires.
> > I can't help but think that if there were a way to configure my server
> only
> > to accept incoming messages for users at zeda.co.uk rather than
> > somone@hahale.net or someone@suite224.net this problem would not exist.
> >
> > My server is not an open relay - have checked this with numerous online
OR
> > testing services.
> >
> > Any help appreciated,
> > PaulB
> >
> >
>
>

Relevant Pages

  • Re: SBS 2003 server sharing a folder to a non authenticated user or device (can it be done?)
    ... Plus exchange and SQL do consume quite a bit of non-paged pool and this has the effect of making the server cough occasionally, you only see this at high IO times. ... What you MUST be aware of the the whapping security hole the guest account will drive into your network. ... Someone must have done an impact analysis for enabling the guest account on a default SBS install.. ... authentication and will use Exchange ...
    (microsoft.public.windows.server.sbs)
  • Re: open relay problem?
    ... > I have one exchange server 2003. ... > Authentication Tab ... enable - Allow All Computers Which Successfully Authenticate To Relay, ... > settings above already prvoide the open relay function or not? ...
    (microsoft.public.exchange.admin)
  • Re: SMTP Virtual Server Settings --- Lots of Sessions and Junk in
    ... successfully authenticate to relay, regardless of the list above" in case ... And under authentication you can uncheck all but the anoumous authentication ... if you are on a single server if you have more then one exchange server the ... connections trying to send spam) connections coming from companys or "Zombie ...
    (microsoft.public.exchange.admin)
  • Re: Exchange 2000 and Spam mail
    ... Check out Open Relay Filter from www.vamsoft.com - inexpensive, ... > virtual server/access and selecting authentication. ... > That's in the properties of your server. ...
    (microsoft.public.exchange2000.misc)
  • Re: Incoming mail for recipients not in my domain
    ... you can always have them use their own ISP's SMTP server to send ... If you turn off authenticated relay, ... > authentication' and 'Integrated Windows authentication' are enabled. ...
    (microsoft.public.exchange2000.admin)