Re: Need help with SMTP relay problem

From: Dan Kelley [MSFT] (dankel_at_online.microsoft.com)
Date: 03/18/04 

Date: Thu, 18 Mar 2004 13:15:52 -0500

Hello Ronald,

You can't as that address can be accepted per the SMTP RFCs. 

-- 
Regards,
Dan Kelley
Microsoft PSS
Please do not send email directly to this alias. This alias is for newsgroup
purposes only. This posting is provided "AS IS" with no warranties, and
confers no rights.
-----
"Ronald Nutter" <rnutter@networkref.com> wrote in message
news:#AX6X2ODEHA.3064@tk2msftngp13.phx.gbl...
> With some testing, what I have found is that if someone sends an email to
us
> addressed like user%qxs.net@somedomain.com that message will relay through
> us regardless of what account is being used.  How do I stop a message
> addressed with a % from being passed through the exchange server ?
>
> Ron
>
> "Dan Kelley [MSFT]" <dankel@online.microsoft.com> wrote in message
> news:%23HCuwfHDEHA.1228@TK2MSFTNGP11.phx.gbl...
> > Hello Ronald,
> >
> > More than likely an account has been compromised and is being used to
send
> > spam using authenticated relay. This article can help you detect and
> > clean-up from the open relay:
> >
> > 324958 HOW TO: Block Open SMTP Relaying and Clean Up Exchange Server
SMTP
> > http://support.microsoft.com/?id=324958
> >
> > This article can tell you how to prevent it in the future:
> >
> > 319267 HOW TO: Secure Simple Message Transfer Protocol Client Message
> > Delivery
> > http://support.microsoft.com/?id=319267
> >
> > These articles will show you to enable strong password policies:
> >
> > For Windows Server 2003:
> > -----
> > Account Passwords and Policies
> >
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/maintain/operate/BPACTLCK.asp
> >
> > Account Passwords and Policies in Windows Server 2003
> >
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itcommunity/chats/trans/windowsNET/wnet0826.asp
> >
> > For Windows 2000 Server:
> > -----
> > 225230 Enabling Strong Password Functionality in Windows 2000
> > http://support.microsoft.com/?id=225230
> >
> > -- 
> > Regards,
> >
> > Dan Kelley
> > Microsoft PSS
> >
> > Please do not send email directly to this alias. This alias is for
> newsgroup
> > purposes only. This posting is provided "AS IS" with no warranties, and
> > confers no rights.
> > -----
> > "Ronald Nutter" <rnutter@networkref.com> wrote in message
> > news:ONf5RRFDEHA.3852@TK2MSFTNGP10.phx.gbl...
> > > I am confused at this point.  I am listed on njabl.org blacklist
because
> I
> > > dont pass all the tests. Administration is up in arms because they
cant
> > > email to some sites because of this.  I am now listed on ORDB.ORG for
> > other
> > > reasons.  I have pointed the postmaster mailbox at my account for the
> time
> > > being.
> > >
> > > It is my understanding that I should pass all tests in order to not be
> an
> > > open relay. We have a unix box that the student email accounts are on
> and
> > it
> > > passes all the tests that abuse.net can throw at it.  It also isnt
being
> > > listed on the blacklists.
> > >
> > > Help
> > > Ron
> > >
> > > "Dan Kelley [MSFT]" <dankel@online.microsoft.com> wrote in message
> > > news:%23edFKLFDEHA.2800@tk2msftngp13.phx.gbl...
> > > > Hello Ronald,
> > > >
> > > > It doesn't look like you are open for relay. Those address syntaxes
> are
> > > > accepted by the SMTP RFCs. They match tests 6 & 7 in this article
(or
> a
> > > > combination thereof):
> > > >
> > > > 304897 XIMS: Microsoft SMTP Servers May Seem to Accept and Relay
> E-Mail
> > > > http://support.microsoft.com/?id=304897
> > > >
> > > > To confirm this, set a postmaster address per this article:
> > > >
> > > > 294757 How to Control Non-Delivery Reports Using Exchange 2000
> > > > http://support.microsoft.com/?id=294757
> > > >
> > > > ... and login to that mailbox. If the NDR arrives at the postmaster
> > > mailbox,
> > > > but is not delivered, then the message was not relayed.
> > > >
> > > > -- 
> > > > Regards,
> > > >
> > > > Dan Kelley
> > > > Microsoft PSS
> > > >
> > > > Please do not send email directly to this alias. This alias is for
> > > newsgroup
> > > > purposes only. This posting is provided "AS IS" with no warranties,
> and
> > > > confers no rights.
> > > > -----
> > > > "Ronald Nutter" <rnutter@networkref.com> wrote in message
> > > > news:OWbK8EFDEHA.3852@TK2MSFTNGP10.phx.gbl...
> > > > > Someone has reported my exchange server as an open relay.
According
> > to
> > > > > www.abuse.net/relay, I am failing on test 6 -
> > > > > Relay test 6
> > > > > >>> RSET
> > > > > <<< 250 2.0.0 Resetting
> > > > > >>> MAIL FROM:<spamtest@gandalf.georgetowncollege.edu>
> > > > > <<< 250 2.1.0 spamtest@gandalf.georgetowncollege.edu....Sender OK
> > > > > >>> RCPT TO:<securitytest%abuse.net@gandalf.georgetowncollege.edu>
> > > > > <<< 250 2.1.5 securitytest%abuse.net@gandalf.georgetowncollege.edu
> > > > >
> > > > > One of my smartass coworkers thought it would be funny to get me
> > listed
> > > on
> > > > > another site.  I have gone through KB 288635 and turned on
ResolveP2
> > but
> > > I
> > > > > am still having a problem.  I have reviewed KB 324948 and I appear
> to
> > > have
> > > > > everything set to deny relay but I am still having a problem.
> > > > >
> > > > > Any suggestions ?
> > > > >
> > > > > Ron
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: Audit Failures
    ... There are many attempts, even from my account. ... workgroups in a remote office and who are tunneling into my network via a VPN ... > Windows Server 2003 Events and Errors is our web site for more information. ... > Please do not send e-mail directly to this alias. ...
    (microsoft.public.win2000.security)
  • RE: how do i config Send an email to an alias?
    ... keep the sales@xxxxxxx account separate and just use Active Directory ... They can then either access the same mailbox via Outlook Web ... >> email is exo.wa@xxxxxxxx My alias is working for receiving, ...
    (microsoft.public.exchange.admin)
  • Re: Any Pitfalls when using Gmail?
    ... There is no point in creating a disposable account which is divulged to multiple unknown or untrusted recipients as you will have no idea who betrayed you when spam starts coming in through that one disposable account that was common amongst several recipients. ... They have free accounts where you can define an unlimited number of e-mail aliases. ... Because the alias was created and divulged only to one recipient, I know exactly who betrayed me. ... Any mails sent through a Sneakemail account have the headers setup so on a reply your message goes back through their server, all headers get stripped so only their headers are in the delivered mail, and it looks like it came from your account at Sneakemail. ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: Very Strange - OWA Login Problems / SP1 resolves problem?
    ... The account which don't work have the alias set to the same as the account name (login name). ... What we already tried in the meantime, we copied the user which doesn't work and reset the password (so we used the bugy user as template). ...
    (microsoft.public.exchange.setup)
  • Re: email aliases
    ... In the properties of the user, under the Exchange General Tab, go to ... > want to have an email alias (by alias i mean its just an email id without ... >> existing user account, then simply go to the properties of the account in ... >> Ben Winzenz ...
    (microsoft.public.exchange.admin)