Re: SPAM Relay

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

---

• From: "Bill Sanderson" <bill_sanderson@xxxxxxxxxxxxxxxxx>
• Date: Thu, 3 Apr 2008 19:44:54 -0400

---

I've had this thought about my own server multiple times.

It has never proved true.

Testing correctly is a bit of an art--the final arbiter is actual delivery of a message that should not have been delivered.

I suspect that you may be seeing a spam run by someone using your domain in spoofed from addresses. I've had two of these in the past two days, each of which has resulted in many thousands of messages, mainly NDRs hitting my admin mailbox. For a variety of reasons, I am required to filter all mail sent to invalid addresses in our domain.

One reason for these runs, I am convinced is that I removed the SPF records for out domain two days ago. We are working with a third party who is providing registration services for a large conference, and were getting bounces from mail sent by this third-party using our domain addresses. It was unclear whether there was a misconfiguration of their mail servers, or our SPF records, so I removed the SPF records to see if we could clarify that.

Today it has become clearer that it is their mailservers which are not properly configured (no reverse DNS) so I will reinstate our SPF records.

So--in a long-winded way, what I'm trying to suggest is that it is a great idea to create and maintain SPF records for your domain. This will both lessen the likelyhood of your valid mail being classed as spam, and also reduce the likelyhood of a spammer successfully using your domain in spoofed addresses.

http://old.openspf.org/wizard.html


"SpinalTap" <SpinalTap@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:51153C5C-9E26-450E-88E3-7174014227BE@xxxxxxxxxxxxxxxx

Hi Larry,

Thanks for the reply.

My domain is at dgsteinconsulting dot com.

The public IP address is: 68 146 16 140


Also, I just looked in my SPAM quarantine and there were an additional 400
email replies from destinations sent from my domain.

Thanks.

-Dean

"Larry Struckmeyer" wrote:

Hi SpinalTap:

If you post your email domain name, that is the part after the @, we can
check it for you. Disguise it as in *at*my*company*dot*com (remove the
stars).

There are a number of things that can go wrong. One that just happened to a
client was that he allowed the shop workers to use the wireless side of his
router to use their notebooks at breaks and lunch. One or more of them was
infected and his IP was blacklisted, even though it has nothing to do with
his domain name.

Therefore the public ip address of your wan facing device would also be
helpful.

Here are some articles about checking for relay, but SBS/Exchange is not
setup to relay unless your administrator specifically changed the settings.

http://support.microsoft.com/kb/895853

http://www.microsoft.com/technet/security/prodtech/exchangeserver/excrelay.mspx

http://support.microsoft.com/kb/304897

I would be much more likely to suspect some other issue. shoot us the
domain name and the ip address and we can check, or you can use
www.dnsstuff.com and www.sorbs.net to run some checks yourself.

--
Larry

Please post the resolution to
your issue so that all can benefit.


"SpinalTap" <SpinalTap@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:9671A1FD-2D10-41F4-A7D4-0618BB8FE6BC@xxxxxxxxxxxxxxxx
> Hello,
>
> I am not exactly sure if my SBS server is acting as a SPAM relay but > what
> is
> happening is that I am receiving a bunch of replies from destination > email
> addresses. These replies are indicating that messages from one of our
> accounts have been blocked, and the subject indicates that it is
> definitely
> spam. This started happing today, and I have not made any significant
> changes to my configuration.
>
> Is there a way to determine if I am acting as a relay? Also, we only > use
> RWW for accessing email (i.e no POP3), but we do access other POP3
> accounts
> from other mail services. Given that, what can I turn off to reduce > the
> chance that this can happen.
>
> Thanks in advance for any insight.
>
> -Dean

.

---

• References:
  • SPAM Relay
    • From: SpinalTap
  • Re: SPAM Relay
    • From: Larry Struckmeyer
  • Re: SPAM Relay
    • From: SpinalTap

• Prev by Date: Wizards
• Next by Date: Re: SPAM Relay
• Previous by thread: Re: SPAM Relay
• Next by thread: Re: SPAM Relay
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: Spam related problems ... Try running you mail server through multiple spam relay testers. ... and windows integrated authentication is checked off also. ... (microsoft.public.exchange2000.misc) Re: Default SMTP Virtual Server ... As long as the default relay setting are set up, ... Someone is *trying* to send spam through your server. ... Exchange is susceptible ... (microsoft.public.exchange.admin) Re: kein Senden möglich? ... >> Wenn du ohne sendest geht die mail direkt zu den server und der filtert ... >> sicher dynamische ip,s die du mit dem Relay umgehst. ... Aufgrund der hohen Frequenz an Spam, Viren und sonstiger Malware werden e-Mails an diese Adresse direkt gelöscht. ... (microsoft.public.de.exchange) RE: Exchange Problem ... Open up Exchange System Manager, and then expand Servers -> Your server ... successfully authenticate to relay, ... Your server''s resources are being stolen to deliver spam. ... When you enable recipient filtering on the SMTP virtual server, ... (microsoft.public.windows.server.sbs) Re: Need Exchange help, using DynDNS service ... In order to prevent SPAM some people use Reverse DNS to verify the ... identity of a mail server prior to accepting mail. ... ging to have to find someone to accept mail for you and relay it on a non ... bandwidth requirements. ... (microsoft.public.windows.server.sbs)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.sbs  > 2008-04