Re: Need help with SMTP relay problem
From: Ronald Nutter (rnutter_at_networkref.com)
Date: 03/18/04
- Previous message: Dan Kelley [MSFT]: "Re: Need help with SMTP relay problem"
- In reply to: Dan Kelley [MSFT]: "Re: Need help with SMTP relay problem"
- Next in thread: Dan Kelley [MSFT]: "Re: Need help with SMTP relay problem"
- Reply: Dan Kelley [MSFT]: "Re: Need help with SMTP relay problem"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 18 Mar 2004 13:21:52 -0500
The problem is that is the tests that several of the blacklist sites are
using to test for an open relay. I have been able to use that email address
and have duplicated the problem.
Ron
"Dan Kelley [MSFT]" <dankel@online.microsoft.com> wrote in message
news:uoEKXURDEHA.3852@TK2MSFTNGP10.phx.gbl...
> Hello Ronald,
>
> You can't as that address can be accepted per the SMTP RFCs.
>
> --
> Regards,
>
> Dan Kelley
> Microsoft PSS
>
> Please do not send email directly to this alias. This alias is for
newsgroup
> purposes only. This posting is provided "AS IS" with no warranties, and
> confers no rights.
> -----
> "Ronald Nutter" <rnutter@networkref.com> wrote in message
> news:#AX6X2ODEHA.3064@tk2msftngp13.phx.gbl...
> > With some testing, what I have found is that if someone sends an email
to
> us
> > addressed like user%qxs.net@somedomain.com that message will relay
through
> > us regardless of what account is being used. How do I stop a message
> > addressed with a % from being passed through the exchange server ?
> >
> > Ron
> >
> > "Dan Kelley [MSFT]" <dankel@online.microsoft.com> wrote in message
> > news:%23HCuwfHDEHA.1228@TK2MSFTNGP11.phx.gbl...
> > > Hello Ronald,
> > >
> > > More than likely an account has been compromised and is being used to
> send
> > > spam using authenticated relay. This article can help you detect and
> > > clean-up from the open relay:
> > >
> > > 324958 HOW TO: Block Open SMTP Relaying and Clean Up Exchange Server
> SMTP
> > > http://support.microsoft.com/?id=324958
> > >
> > > This article can tell you how to prevent it in the future:
> > >
> > > 319267 HOW TO: Secure Simple Message Transfer Protocol Client Message
> > > Delivery
> > > http://support.microsoft.com/?id=319267
> > >
> > > These articles will show you to enable strong password policies:
> > >
> > > For Windows Server 2003:
> > > -----
> > > Account Passwords and Policies
> > >
> >
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/maintain/operate/BPACTLCK.asp
> > >
> > > Account Passwords and Policies in Windows Server 2003
> > >
> >
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itcommunity/chats/trans/windowsNET/wnet0826.asp
> > >
> > > For Windows 2000 Server:
> > > -----
> > > 225230 Enabling Strong Password Functionality in Windows 2000
> > > http://support.microsoft.com/?id=225230
> > >
> > > --
> > > Regards,
> > >
> > > Dan Kelley
> > > Microsoft PSS
> > >
> > > Please do not send email directly to this alias. This alias is for
> > newsgroup
> > > purposes only. This posting is provided "AS IS" with no warranties,
and
> > > confers no rights.
> > > -----
> > > "Ronald Nutter" <rnutter@networkref.com> wrote in message
> > > news:ONf5RRFDEHA.3852@TK2MSFTNGP10.phx.gbl...
> > > > I am confused at this point. I am listed on njabl.org blacklist
> because
> > I
> > > > dont pass all the tests. Administration is up in arms because they
> cant
> > > > email to some sites because of this. I am now listed on ORDB.ORG
for
> > > other
> > > > reasons. I have pointed the postmaster mailbox at my account for
the
> > time
> > > > being.
> > > >
> > > > It is my understanding that I should pass all tests in order to not
be
> > an
> > > > open relay. We have a unix box that the student email accounts are
on
> > and
> > > it
> > > > passes all the tests that abuse.net can throw at it. It also isnt
> being
> > > > listed on the blacklists.
> > > >
> > > > Help
> > > > Ron
> > > >
> > > > "Dan Kelley [MSFT]" <dankel@online.microsoft.com> wrote in message
> > > > news:%23edFKLFDEHA.2800@tk2msftngp13.phx.gbl...
> > > > > Hello Ronald,
> > > > >
> > > > > It doesn't look like you are open for relay. Those address
syntaxes
> > are
> > > > > accepted by the SMTP RFCs. They match tests 6 & 7 in this article
> (or
> > a
> > > > > combination thereof):
> > > > >
> > > > > 304897 XIMS: Microsoft SMTP Servers May Seem to Accept and Relay
> > E-Mail
> > > > > http://support.microsoft.com/?id=304897
> > > > >
> > > > > To confirm this, set a postmaster address per this article:
> > > > >
> > > > > 294757 How to Control Non-Delivery Reports Using Exchange 2000
> > > > > http://support.microsoft.com/?id=294757
> > > > >
> > > > > ... and login to that mailbox. If the NDR arrives at the
postmaster
> > > > mailbox,
> > > > > but is not delivered, then the message was not relayed.
> > > > >
> > > > > --
> > > > > Regards,
> > > > >
> > > > > Dan Kelley
> > > > > Microsoft PSS
> > > > >
> > > > > Please do not send email directly to this alias. This alias is for
> > > > newsgroup
> > > > > purposes only. This posting is provided "AS IS" with no
warranties,
> > and
> > > > > confers no rights.
> > > > > -----
> > > > > "Ronald Nutter" <rnutter@networkref.com> wrote in message
> > > > > news:OWbK8EFDEHA.3852@TK2MSFTNGP10.phx.gbl...
> > > > > > Someone has reported my exchange server as an open relay.
> According
> > > to
> > > > > > www.abuse.net/relay, I am failing on test 6 -
> > > > > > Relay test 6
> > > > > > >>> RSET
> > > > > > <<< 250 2.0.0 Resetting
> > > > > > >>> MAIL FROM:<spamtest@gandalf.georgetowncollege.edu>
> > > > > > <<< 250 2.1.0 spamtest@gandalf.georgetowncollege.edu....Sender
OK
> > > > > > >>> RCPT
TO:<securitytest%abuse.net@gandalf.georgetowncollege.edu>
> > > > > > <<< 250 2.1.5
securitytest%abuse.net@gandalf.georgetowncollege.edu
> > > > > >
> > > > > > One of my smartass coworkers thought it would be funny to get me
> > > listed
> > > > on
> > > > > > another site. I have gone through KB 288635 and turned on
> ResolveP2
> > > but
> > > > I
> > > > > > am still having a problem. I have reviewed KB 324948 and I
appear
> > to
> > > > have
> > > > > > everything set to deny relay but I am still having a problem.
> > > > > >
> > > > > > Any suggestions ?
> > > > > >
> > > > > > Ron
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Previous message: Dan Kelley [MSFT]: "Re: Need help with SMTP relay problem"
- In reply to: Dan Kelley [MSFT]: "Re: Need help with SMTP relay problem"
- Next in thread: Dan Kelley [MSFT]: "Re: Need help with SMTP relay problem"
- Reply: Dan Kelley [MSFT]: "Re: Need help with SMTP relay problem"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
