Re: Spam Relay Problem - What else can I do? Please help.
From: Yor Suiris (yor_at_hallgroupNOT.net)
Date: 08/11/04
- Next message: Theo: "Outlook express clients not receiving attachments"
- Previous message: Thor Kottelin: "Re: How to enable Qout?= of office' functionality in a windows \ exchange 2000 domain?"
- In reply to: Steve Stewart: "Spam Relay Problem - What else can I do? Please help."
- Next in thread: Steve Stewart: "Re: Spam Relay Problem - What else can I do? Please help."
- Reply: Steve Stewart: "Re: Spam Relay Problem - What else can I do? Please help."
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 11 Aug 2004 14:30:38 -0400
I think that if you check those Queues and messages, you will find that they
are NDRs from your server to none existent addresses in response to spam
sent to non existent users on your server. And not spam relaying through it.
Happens on my server all the time.
It appears lately some spammers are randomly generating/finding user names
such as Gastey or t255933, and then tack them on to a found/known domain
name. And you get tons of stuff for users who you have never heard of. And
of course the senders address does not really exist any where, so your
Queues back up trying to send NDRs about NDRs.
First I would sift through the Exchange Logs and verify if you are relaying
or if things are as I have outlined. Also check your bad mail folder, all
those undelivered messages would have been stored there.
-- Yor Suiris Remove the kNOT to reply. But it is best to share it with the group. "Steve Stewart" <steve@nospam.com> wrote in message news:6sakh01omminl1n3p9o8it4qor5bnhi0t1@4ax.com... > > Hi folks, > > I haven't had to deal with spam relays like this before and am really > getting bombarded. Here is the scoop: > > SBS 2000 w/ ISA on public IP > > Server was already defined to not relay > > I unticked check box so that even authenticated users can't relay > > I followed MS KB article on configuring SBS for non relay, purging > queues and deleting bad mail. > > I only had a few hundred emails stuck in queues, but I'm a little > upset that they even got there. > > So after all of this work last night, I remote in and check the queues > and there is an smtp connector in there for the usbank scam. I > enumerated it and deleted it. > > Later on this morning, there are smtp connectors for yahoo and our > local roaddunner cfl.rr.com. Is this anyway related to webmail usage? > Should I ever see any more smtp connectors than the default four that > are always there? > > Does anybody know the default nature of the relay process in exchange? > > If everything is configured correctly, am I going to temporarily see > a relay in the queues before it is nixed by policy? > > Is it possible that a user's computer is infected and that is why we > are having this problem? All computers are running updated AV. > > I also turned up the logging as defined in the KB articles and I'm > getting some events that: > > EXPS is temporarily unable to provide protocol security with "matrix". > "CSessionContext::OnEXPSInNegotiate" called "HrServerNegotiateAuth" > which failed with error code 0x8007052e ( > y:\transmt\src\smtpsink\exps\expslib\context.cpp@1462 ). > > > Thanks for any insight and help. I'm not sure where to take it from > here. > > Steve >
- Next message: Theo: "Outlook express clients not receiving attachments"
- Previous message: Thor Kottelin: "Re: How to enable Qout?= of office' functionality in a windows \ exchange 2000 domain?"
- In reply to: Steve Stewart: "Spam Relay Problem - What else can I do? Please help."
- Next in thread: Steve Stewart: "Re: Spam Relay Problem - What else can I do? Please help."
- Reply: Steve Stewart: "Re: Spam Relay Problem - What else can I do? Please help."
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
