Re: Urgent Information - Relaying Spam (Mail Server)

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Marina Roos [SBS-MVP] (marina_at_roos.nodontwantspam.nl.com)
Date: 08/04/04 

Date: Wed, 4 Aug 2004 22:22:26 +0200

Hi Dave,

324958 HOW TO: Block Open SMTP Relaying and Clean Up Exchange Server SMTP
Queues
http://support.microsoft.com/?id=324958 

-- 
Regards,
Marina
Microsoft SBS-MVP
"Dave Smith" <dave@petrosolinc.removethis.com> schreef in bericht
news:%23Adfz2jeEHA.724@TK2MSFTNGP10.phx.gbl...
> I double-checked to make sure that I had the relaying shut down as per the
> KB article, and that was as it should be.  Possibility on the workstation
> relaying.  Once I get the queue cleaned out I plan to enable logging to
see
> who, if anybody, might be relaying accidentally from internal.
>
> My biggest problem now is that there are 250,000 msgs sitting in the smtp
> out queue.  I winnowed that down from 330,000+.  I've been using the "find
> msgs, 10k at a time, delete no ndr" process.  Is there any way more
> efficient???  It's taking several hours per 10k group.
>
> "Jim Behning SBS MVP" <jimbehingmvp@mindspring.com> wrote in message
> news:7ii1h0t65aljknm5cn84r1d6idvo318qhd@4ax.com...
> > A firewall usually is configured to block inbound traffic. If your
> > company works with email then it allows port 25 outbound. That is the
> > only way to send email. Workstations can get infected and start to
> > spam/relay.
> >
> > I would go through my antispam clicks at any site I work at whether
> > they had a smtp or a pop incoming feed. My clicks were mentione by Les
> > Conner a few months back. Send no ndr, accept mail only if they are in
> > the AD, accept no mail with blank subjects, only accept mail from the
> > server ips, clear check mark for authenticated users.
> >
> > Does your AV solution have av for email? The two most popular ways
> > viruses get in is bad web sites and email. Even if an account is using
> > pop for incoming I have the server collect that pop mail. The server
> > based AV scans all that email as a first line of defense. Workstations
> > can scan any attachments they need to open with their workstation AV
> > scanner as a second line of defense. I was at an account last week
> > where is appears that a workstation did not have working AV for over a
> > month, maybe two months. The user/owner of the companyu said "I don't
> > get this computer stuff." That machine had spyware and viruses in it.
> >
> > "Dave Smith" <dave@petrosolinc.removethis.com> wrote:
> >
> > >I'm one of the affected sites...just to post some additional
information
> > >(the problem has NOT been solved yet, although the server is
unplugged).
> > >
> > >Port 25 was blocked via my firewall, so as far as I'm aware, there
isn't
> any
> > >need to make changes to the server to block smtp relaying.  We don't
use
> > >smtp for inbound mail.
> > >
> > >The only 3 ports that the firewall had open were for https, remote web
> > >workplace, and vpn.  Anti-virus is Norton corporate/workgroup.
> > >
> > >The question is, is there a way to force a relay when those are the
only
> > >ports open?  Also, the machine was rebooted to try and clear the
problem
> (I
> > >was out of town), and now the logon visual elements are missing.  What
I
> > >mean is that if I let it boot up, and give it the 3 finger salute, the
> lower
> > >portion of the login screen is entirely black.  The edit fields are
still
> > >there (cursor changes) but are invisible.  Any clue as to what could be
> > >causing this?
> > >
> > >Dave
> > >
> > >"Todd Holloway" <todd.holloway@earthlink.net> wrote in message
> > >news:eZf1fwLeEHA.592@TK2MSFTNGP11.phx.gbl...
> > >> It appears that many Small Business Servers have been hit over the
past
> > >few
> > >> days with realaying spam.  I have contacted several of the companies
> > >myself
> > >> in an effort to stop this.  If anyone else is having a problem here
is
> the
> > >> link to fix this.
> > >>
> > >> http://support.microsoft.com/default.aspx?scid=kb;en-us;324958
> > >>
> > >> Please check the mail headers of any spam that you guys may be
> receiving
> > >and
> > >> see if you can help pass along the fix.  I am getting over 200,000
> > >e-mail's
> > >> a day from this junk.  Just so you have a heads up it tries to say it
> is
> > >> coming from Antivirus Mexis, but the e-mail header will give you the
> > >correct
> > >> domain information.
> > >>
> > >> Thanks for the help,
> > >>
> > >> -Todd
> > >>
> > >>
> > >
> >
> > Jim B. SBS  MVP
> > remove the mvp to send email
>
>

Relevant Pages

  • RE: Server is acting as relay
    ... You didn't mention what version of Exchange you are using. ... you can use these article to test and see if your server is setup for relay: ... Telnet to Port 25 to Test SMTP Communication ... Exchange 2003 disables relaying by default. ...
    (microsoft.public.exchange.admin)
  • Re: Stopping SPAM at the server?
    ... 60Subject: Re: Stopping SPAM at the server? ... 60> <Relaying> occurs when there is an inbound connection to your Simple ... With unsolicited commercial e-mail messages, ... 60> e-mail message that is sent to your SMTP server with multiple recipients ...
    (microsoft.public.exchange2000.general)
  • Workstation SMTP server communicating with Exchange on SBS 2003
    ... If you're running an SMTP server on your workstation you ... Exchange, you need to configure your Exchange SMTP to ...
    (microsoft.public.windows.server.sbs)
  • RE: Email being sent to unknown users
    ... Transfer Protocol (SMTP) server that is used to send e-mail messages to ... domains that are external to your organization is an example of relaying. ... the Default SMTP Virtual Server in Exchange 2003 is configured ...
    (microsoft.public.exchange.clients)
  • Exchange not relaying messages
    ... I'm having a problem with my local workstation SMTP server being able to ... I have set up the SMTP service on the workstation, ... server and the exchange server would send the message out. ...
    (microsoft.public.exchange.admin)