Re: Need help with SMTP relay problem
From: Ronald Nutter (rnutter_at_networkref.com)
Date: 03/18/04
- Next message: D: "SMTP Virtual Server Stopped"
- Previous message: Patrick Genova [MSFT]: "Re: Can't send out to any aol e-mail account"
- In reply to: Dan Kelley [MSFT]: "Re: Need help with SMTP relay problem"
- Next in thread: Dan Kelley [MSFT]: "Re: Need help with SMTP relay problem"
- Reply: Dan Kelley [MSFT]: "Re: Need help with SMTP relay problem"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 18 Mar 2004 08:33:23 -0500
With some testing, what I have found is that if someone sends an email to us
addressed like user%qxs.net@somedomain.com that message will relay through
us regardless of what account is being used. How do I stop a message
addressed with a % from being passed through the exchange server ?
Ron
"Dan Kelley [MSFT]" <dankel@online.microsoft.com> wrote in message
news:%23HCuwfHDEHA.1228@TK2MSFTNGP11.phx.gbl...
> Hello Ronald,
>
> More than likely an account has been compromised and is being used to send
> spam using authenticated relay. This article can help you detect and
> clean-up from the open relay:
>
> 324958 HOW TO: Block Open SMTP Relaying and Clean Up Exchange Server SMTP
> http://support.microsoft.com/?id=324958
>
> This article can tell you how to prevent it in the future:
>
> 319267 HOW TO: Secure Simple Message Transfer Protocol Client Message
> Delivery
> http://support.microsoft.com/?id=319267
>
> These articles will show you to enable strong password policies:
>
> For Windows Server 2003:
> -----
> Account Passwords and Policies
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/maintain/operate/BPACTLCK.asp
>
> Account Passwords and Policies in Windows Server 2003
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itcommunity/chats/trans/windowsNET/wnet0826.asp
>
> For Windows 2000 Server:
> -----
> 225230 Enabling Strong Password Functionality in Windows 2000
> http://support.microsoft.com/?id=225230
>
> --
> Regards,
>
> Dan Kelley
> Microsoft PSS
>
> Please do not send email directly to this alias. This alias is for
newsgroup
> purposes only. This posting is provided "AS IS" with no warranties, and
> confers no rights.
> -----
> "Ronald Nutter" <rnutter@networkref.com> wrote in message
> news:ONf5RRFDEHA.3852@TK2MSFTNGP10.phx.gbl...
> > I am confused at this point. I am listed on njabl.org blacklist because
I
> > dont pass all the tests. Administration is up in arms because they cant
> > email to some sites because of this. I am now listed on ORDB.ORG for
> other
> > reasons. I have pointed the postmaster mailbox at my account for the
time
> > being.
> >
> > It is my understanding that I should pass all tests in order to not be
an
> > open relay. We have a unix box that the student email accounts are on
and
> it
> > passes all the tests that abuse.net can throw at it. It also isnt being
> > listed on the blacklists.
> >
> > Help
> > Ron
> >
> > "Dan Kelley [MSFT]" <dankel@online.microsoft.com> wrote in message
> > news:%23edFKLFDEHA.2800@tk2msftngp13.phx.gbl...
> > > Hello Ronald,
> > >
> > > It doesn't look like you are open for relay. Those address syntaxes
are
> > > accepted by the SMTP RFCs. They match tests 6 & 7 in this article (or
a
> > > combination thereof):
> > >
> > > 304897 XIMS: Microsoft SMTP Servers May Seem to Accept and Relay
E-Mail
> > > http://support.microsoft.com/?id=304897
> > >
> > > To confirm this, set a postmaster address per this article:
> > >
> > > 294757 How to Control Non-Delivery Reports Using Exchange 2000
> > > http://support.microsoft.com/?id=294757
> > >
> > > ... and login to that mailbox. If the NDR arrives at the postmaster
> > mailbox,
> > > but is not delivered, then the message was not relayed.
> > >
> > > --
> > > Regards,
> > >
> > > Dan Kelley
> > > Microsoft PSS
> > >
> > > Please do not send email directly to this alias. This alias is for
> > newsgroup
> > > purposes only. This posting is provided "AS IS" with no warranties,
and
> > > confers no rights.
> > > -----
> > > "Ronald Nutter" <rnutter@networkref.com> wrote in message
> > > news:OWbK8EFDEHA.3852@TK2MSFTNGP10.phx.gbl...
> > > > Someone has reported my exchange server as an open relay. According
> to
> > > > www.abuse.net/relay, I am failing on test 6 -
> > > > Relay test 6
> > > > >>> RSET
> > > > <<< 250 2.0.0 Resetting
> > > > >>> MAIL FROM:<spamtest@gandalf.georgetowncollege.edu>
> > > > <<< 250 2.1.0 spamtest@gandalf.georgetowncollege.edu....Sender OK
> > > > >>> RCPT TO:<securitytest%abuse.net@gandalf.georgetowncollege.edu>
> > > > <<< 250 2.1.5 securitytest%abuse.net@gandalf.georgetowncollege.edu
> > > >
> > > > One of my smartass coworkers thought it would be funny to get me
> listed
> > on
> > > > another site. I have gone through KB 288635 and turned on ResolveP2
> but
> > I
> > > > am still having a problem. I have reviewed KB 324948 and I appear
to
> > have
> > > > everything set to deny relay but I am still having a problem.
> > > >
> > > > Any suggestions ?
> > > >
> > > > Ron
> > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Next message: D: "SMTP Virtual Server Stopped"
- Previous message: Patrick Genova [MSFT]: "Re: Can't send out to any aol e-mail account"
- In reply to: Dan Kelley [MSFT]: "Re: Need help with SMTP relay problem"
- Next in thread: Dan Kelley [MSFT]: "Re: Need help with SMTP relay problem"
- Reply: Dan Kelley [MSFT]: "Re: Need help with SMTP relay problem"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
