Re: Relaying nightmare
From: Geoff Pearce (nemx02_at_magma.ca)
Date: 12/30/04
- Next message: GAZ: "Re: Relaying nightmare"
- Previous message: Kevin Longley: "Re: Relaying nightmare"
- In reply to: GAZ: "Relaying nightmare"
- Next in thread: GAZ: "Re: Relaying nightmare"
- Reply: GAZ: "Re: Relaying nightmare"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 29 Dec 2004 22:13:27 -0500
If in fact you are relaying spam then likely you would be listed on an RBL.
Check your IP at www.openrbl.org it will check the IP against all the common
RBLs.
A common method of relaying is done as follows.
Determine Whether an Authenticated User is Relaying
http://support.microsoft.com/default.aspx?scid=KB;EN-US;324958
Also this is a common problem which appears as relaying but in fact reponses
to dictionary attacks.
If <> is the originating email address of the outbound emails then they are
Non Delivery Reports
Exchange Server accepts aliases to valid domains at your exchange server.
Later if the alias is undeliverable then Exchange Server returns an Non
Deliver Report (NDR) to the orginator. If a nondelivery report can't be
delivered to the sender, a copy of the original message is placed in the
"bad" mail directory. Messages placed in the bad mail directory can't be
delivered or returned. You can use the bad mail directory to track potential
abuse of your messaging system. By default, the bad mail directory is
located at root:\Exchsrvr\Mailroot\vsi#\BadMail, where root is the install
drive for Exchange Server and # is the number of the SMTP virtual server,
such as C:\Exchsrvr\Mailroot\vsi 1\BadMail. You can change the location of
the bad mail directory at any time, but you should never place the directory
on the M: drive, which is reserved for other types of Exchange Server data.
Likely at your location spammers are attempting dictionary attacks on your
domains in an attempt to get their emails delivered. A dictionary attack
are emails addressed to a large list of common aliases. Also to prevent the
spammer from being swamped with NDRs the originating email address is
typically spoofed or randomized. Exchange Server attempts to deliver NDRs
to the originator of the emails with invalid aliases during the dictionary
attack. Due to the fact that many of the originating addresses of the spam
are falsified the NDRs sit in the outbound queue (outbound with originating
address of <> or postmaster@yourdomain.com) attempting to go to an invalid
location. Eventually the NDRs fail the defined number of retrys and are
moved to your Badmail folder.
The following article disables Non Delivery Reports in Exchange 2000 (NOTE
this will not prevent items from being accepted and moved to your Bad Mail
folder)
http://support.microsoft.com/default.aspx?scid=kb;en-us;294757
Also you can purchase products which filter invalid recipients (example ex
employees) sent to your exchange server. When invalid recipients are found
the SMTP session is dropped and the originating SMTP server notifies the
user that it was unable to deliver the email (rather than your exchange
server sending an NDR). Bandwidth requirements are reduced as undeliverable
email is dropped rather than accepted and saved on your exchange server.
Also this prevents items incorrectly sent to your exchange server from
piling up in your BadMail folder.
Nemx Software (which I represent)
http://www.nemx.com/products/powertools/addressmanager.asp
"GAZ" <contact@asd-bl.com> wrote in message
news:cqofce$gv7$1@ariane.blic.net...
> Hello everyone,
>
> I would be most grateful if you could help me with a 'small' relaying
> problem.
>
> We have the Exchange 2000 enterprise server with the SMTP virtual server
> behind the ISA 2000 firewall.
>
> Basically, several days ago we 'started' relaying messages all over the
> shop. The Relay tab is set to 'Only listed below' with nothing in the list
> and the 'Allow all computers...' is unchecked. However, spam still passes
> through. We started putting whole ranges of IP address in the banned list
on
> the connection tab. The problem is that the spammers change ip addresses
> constantly and we have to extend the list almost on a daily basis. Never
> mind the bandwidth gone to waste, but we definitely do not want to end up
on
> a black list.
>
> Is there a one time 'kill all' solution that would prevent spammers from
> using our server?
>
> Thank you all for you help,
>
> GAZ
> MD & HSA
> Advanced Systems Design
>
>
- Next message: GAZ: "Re: Relaying nightmare"
- Previous message: Kevin Longley: "Re: Relaying nightmare"
- In reply to: GAZ: "Relaying nightmare"
- Next in thread: GAZ: "Re: Relaying nightmare"
- Reply: GAZ: "Re: Relaying nightmare"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
