Re: Relaying nightmare

From: GAZ (contact_at_asd-bl.com)
Date: 12/29/04 

Date: Wed, 29 Dec 2004 15:11:55 +0100

Yes, that's the only domain, and the mail server is mail.asd-bl.com (at
least for the internet).

And I wish that relaying would be impossible, however here is a part of the
smtp log showing what is actually happening. I just haven't got a single
idea how to stop this.

2004-12-29 00:57:36 218.150.8.199 w8jqtmrrhlbf72l SMTPSVC1 PARTHENON
10.0.0.16 0 HELO - +w8jqtmrrhlbf72l 250 0 61 20 2293 SMTP - - - -
2004-12-29 00:57:36 218.150.8.199 w8jqtmrrhlbf72l SMTPSVC1 PARTHENON
10.0.0.16 0 MAIL - +From:+t183003@atmail.com 250 0 43 29 0 SMTP - - - -
2004-12-29 00:57:36 218.150.8.199 w8jqtmrrhlbf72l SMTPSVC1 PARTHENON
10.0.0.16 0 RCPT - +To:+koccip@hanmail.net 550 0 50 27 0 SMTP - - - -
2004-12-29 00:57:37 218.150.8.199 w8jqtmrrhlbf72l SMTPSVC1 PARTHENON
10.0.0.16 0 QUIT - w8jqtmrrhlbf72l 240 3756 50 27 371 SMTP - - - -
2004-12-29 02:11:32 218.150.8.199 w8jqtmrrhlbf72l SMTPSVC1 PARTHENON
10.0.0.16 0 HELO - +w8jqtmrrhlbf72l 250 0 61 20 2283 SMTP - - - -
2004-12-29 02:11:32 218.150.8.199 w8jqtmrrhlbf72l SMTPSVC1 PARTHENON
10.0.0.16 0 MAIL - +From:+h503373@com.ne.kr 250 0 42 28 0 SMTP - - - -
2004-12-29 02:11:32 218.150.8.199 w8jqtmrrhlbf72l SMTPSVC1 PARTHENON
10.0.0.16 0 RCPT - +To:+koccip@hanmail.net 550 0 50 27 0 SMTP - - - -
2004-12-29 02:11:33 218.150.8.199 w8jqtmrrhlbf72l SMTPSVC1 PARTHENON
10.0.0.16 0 QUIT - w8jqtmrrhlbf72l 240 3806 50 27 351 SMTP - - - -

Unfortunate as it is, this actually goes through. Would appreciate any help.

Thanks.

GAZ

"Jeff Thibodeau [MS]" <jeffthi@online.microsoft.com> wrote in message
news:%23YbrJWT7EHA.2600@cpmsftngxa10.phx.gbl...
> Is asd-bl.com the correct domain for the mail server with the relaying
> issue?
> I did some testing to the Exchange server hosting this domain and I was
> not
> able to relay anything. Relaying Denied
>
>
> Jeff Thibodeau
> Microsoft
> --
> Get Secure! - www.microsoft.com/security
> --
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> --
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> ==========================================================
>
> --------------------
> From: "GAZ" <contact@asd-bl.com>
> Subject: Re: Relaying nightmare
> Date: Tue, 28 Dec 2004 16:14:42 +0100
>
> God, I wish it was SPAM. Unfortunately, it is relaying. When I said all
> over
> the shop I actually ment from a whole range of IP addresses. Sorry, I do
> get
> carried off sometimes.
>
> We have an anti- SPAM module from BitDefender and it works great, but
> realying is another issue. So far we are blocking ranges of IP addresses
> that used for relaying, but little buggers just change the IP address and
> the next morning come another full SMTP log.
>
> Is there a way in Exchange 2000 (or Ex2K3 as we are soon changing) to
> actually prevent relaying and allow only e-mails addressed to our domain
> to
> enter the system?
>
> Thanks,
>
> GAZ
>
>
>
> "Rich Matheisen [MVP]" <richnews@rmcons.com.NOSPAM.COM> wrote in message
> news:pvh0t0doc7o7prr077mk88aiq2ios1rurb@4ax.com...
>> "GAZ" <contact@asd-bl.com> wrote:
>>
>>>I would be most grateful if you could help me with a 'small' relaying
>>>problem.
>>>
>>>We have the Exchange 2000 enterprise server with the SMTP virtual server
>>>behind the ISA 2000 firewall.
>>>
>>>Basically, several days ago we 'started' relaying messages all over the
>>>shop. The Relay tab is set to 'Only listed below' with nothing in the
>>>list
>>>and the 'Allow all computers...' is unchecked. However, spam still passes
>>>through.
>>
>> Spam and relaying are not the same problem. "All over the shop" sounds
>> like the problem is spam and no relaying.
>>
>>>We started putting whole ranges of IP address in the banned list on
>>>the connection tab. The problem is that the spammers change ip addresses
>>>constantly and we have to extend the list almost on a daily basis. Never
>>>mind the bandwidth gone to waste, but we definitely do not want to end up
>>>on
>>>a black list.
>>
>> If you need a quick fix, one that relies only on DNS RBL's and limited
>> checking on the message body, try Open Relay Filter fro Vamsoft
>> (http://www.vamsoft.com/orf). Other inexpensive software might be GFI.
>> More expensive software is available, as are e-mail appliances that
>> are much more capable of dealing with SMTP and the Internet than
>> Exchange will ever be.
>>
>>>Is there a one time 'kill all' solution that would prevent spammers from
>>>using our server?
>>
>> If you find one, the world will be eternally grateful.
>>
>> --
>> Rich Matheisen
>> MCSE+I, Exchange MVP
>> MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
>
>
>

Relevant Pages

  • Re: sendmail relaying on FreeeBSD 5.4
    ... > John Rushford wrote: ... >> I have a mail server running FreeBSD 5.4 and assumed that relaying was ... I found that a misconfigured mail client not ... How can I configure the mail server to require ...
    (comp.unix.bsd.freebsd.misc)
  • Re: help understand relaying and authentication
    ... access on the SMTP virtual server that receives internet mail, ... Current versions of Exchange are configured out of the box with relaying ... mail server, then other mail servers fail to send email to me... ...
    (microsoft.public.exchange.admin)
  • Re: SmtpException with email form
    ... Google would allow relaying through their mail server. ... Try use 127.0.0.1 as your SMTP host instead. ... EmailMessage is the System.Net.Mail.SmtpClient ...
    (microsoft.public.dotnet.framework.aspnet)
  • RE: email gateway (transparent) - full transparent
    ... The result in relaying is 100% accurate, but spam is comming from time to ... PGP / XML GATEWAY APPLIANCE ...
    (Security-Basics)
  • Re: sendmail relaying on FreeeBSD 5.4
    ... John Rushford wrote: ... > Can someone help me with the configuration info I need to deny relaying ... is setup to use SSL smtps on port 465. ... How can I configure the mail server to require ...
    (comp.unix.bsd.freebsd.misc)