Re: Exchange 2000 Being used as Relay

From: Lanwench [MVP - Exchange] (lanwench_at_heybuddy.donotsendme.unsolicitedmail.atyahoo.com)
Date: 09/09/04 

Date: Thu, 9 Sep 2004 09:52:25 -0400

Steve Louie wrote:
> I have Exchange 2000 Server SP3 on Windows 2000 SP4. There
> are message in my Exchange Queues going to domain names
> are are random and are not being sent from any users
> within our domain. When I open the property of these
> messages, it states that it's sent from
> postmaster@mydomain.com with an Envelope Recipients as
> SMTP: very-randon@random.com. I get about 75 messages a
> day and want to know where these messages are coming from
> and how.

Your server is sending an NDR - or trying to - and most likely to spammers.
Normal.

>
> First, where is the e-mail postmaster@mydomain.com address
> come from? It's not anywhere on my server.

It's your server.
>
> Second, I have the Default SMTP Virtual Server set to
> default, which MS calims, Open relay is closed. Right
> now, it's configured according to MS KB article 310380 and
> 310356.
>
> Users receive many SPAM mails. one of the user receive
> SPAMs that are sent to (on the TO filed) an e-mail address
> that is not in our network and yet it's going into his
> mailbox, example, billy@mydomain.com. I don't see that
> the message was BCC either. How is this occuring?

You can't see whether someone has been BCC'd. It's called 'blind' for a
reason. All you can know is that if the person got the message, and their
address isn't in the TO or CC field, they were BCC'd.

If you want to stop spam coming in, head it off at the pass with antispam
software or a third party service.

Relevant Pages

  • Re: SMTP Scans
    ... Opinion seems to be divided 99/1 that the scans are bad. ... an open relay, not only that, they are also scanning our mx listed secondary ... >server is pumping it flat out for a day or a week or a month. ... >Or to put it this way: why do you think earthlink, aol and a LOT of spam ...
    (Incidents)
  • Re: How to do rDNS. WAS: RE: educating rDNS violators
    ... It's done in the DNS server. ... As a spam prevention measure, a lot of end-user Internet providers are ... Using your own mail server as a slave to the ISP's mail server will add ...
    (Security-Basics)
  • RE: OMA and Outgoing Spam
    ... Someone hacked a user account and use it to spam emails; ... Your Exchange server is open relaying emails;(You have checked it ... Your server is under RNDR Attack. ... Microsoft is providing this information as a convenience to you. ...
    (microsoft.public.windows.server.sbs)
  • Re: External mail being returned
    ... Regards ... > How did they manage to configure the server as an open relay in the ... >> server was being used to relay thousands of spam emails. ...
    (microsoft.public.windows.server.sbs)
  • RE: OMA and Outgoing Spam
    ... Someone hacked a user account and use it to spam emails; ... Your Exchange server is open relaying emails;(You have checked it ... Your server is under RNDR Attack. ... When you enable recipient filtering on the SMTP virtual server, ...
    (microsoft.public.windows.server.sbs)