Re: NDR Spam
- From: "Lanwench [MVP - Exchange]" <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 22 Sep 2006 08:49:49 -0400
In news:1158929055.657888.67710@xxxxxxxxxxxxxxxxxxxxxxxxxxx,
chrisskrod@xxxxxxxxx <chrisskrod@xxxxxxxxx> typed:
I have a SBS 2003 box hosting email with Exchange. Many of the users
are getting NDR reports with spam in them every few minutes. I have
Symantec Mail Agent for Exchange updated and running. Clients report
no virus problems.
I have a telneted to the mail server from the outside. The reply to
telnet xxx.xxx.xxx.xxx 25 is a different name than my mail server.
That's not uncommon.
I
type in the correct IP address and receive the wrong hostname.
What are you expecting to see, and what are you seeing, and from where?
When I
test for open relay, it responds with the 250 ok instead of blocking.
How are you testing? Unless you or someone deliberately enabled relay, all
that's enabled is authenticated relay. However, check - and also disable
auth relay unless you need it. And if you *do* need it, you really want to
have a good complex password policy to prevent it being exploited.
I went through the Microsoft KB for closing an open relay. Default
SMTP and SmallBusiness SMTP set as they should be.
Is there a way to determine if the emails are originating elsewhere,
if the sender address was being spoofed.
Check the headers....
The mails that are going out
Going out, or coming in?
are coming from mydomain@mydomain which is not one of my email
addresses. Thanks,
That's a pretty good sign you're being spoofed.
Do you have SP2 installed, and filtering enabled? You should....
Chris
.
- Follow-Ups:
- Re: NDR Spam
- From: chrisskrod@xxxxxxxxx
- Re: NDR Spam
- References:
- NDR Spam
- From: chrisskrod@xxxxxxxxx
- NDR Spam
- Prev by Date: Re: BEST WAY TO MOVE priv1.edb & .stm
- Next by Date: Re: no internet!@
- Previous by thread: NDR Spam
- Next by thread: Re: NDR Spam
- Index(es):
Relevant Pages
|
