Re: SPAM Relay

Here is the header information. If you look at the from information, the
name "duane dusty" is wrong, but the email address is definitely mine.

Received: from 213.60.187.54 (unknown [213.60.187.54])
by inbound.sys.gtei.net (Postfix) with ESMTP id 8B0DF37557
for <rstevens@xxxxxxxxxxxxxxxx>; Thu, 3 Apr 2008 16:40:33 +0000 (GMT)
Message-ID: <000701c895a9$06e1d392$e2f0c098@vaixhn>
From: "dane dusty" <*****.***** at dgsteinconsulting dot com>
To: "Maureen Osborne" <rstevens@xxxxxxxxxxxxxxxx>
Subject: Get Timepieces Search for Timepieces
Date: Thu, 03 Apr 2008 14:53:09 +0000
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198

"Larry Struckmeyer" wrote:

If you right click the header info of one of those messages you may be able
to see its original source. You may have to go all the way down the list.

--
Larry

Please post the resolution to
your issue so that all can benefit.


"SpinalTap" <SpinalTap@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:FBDA8157-2288-476D-AC69-BE72858E42BD@xxxxxxxxxxxxxxxx
Here is one of the messages:

Your message did not reach some or all of the intended recipients.

Subject: David Yurman Watches
Sent: 4/3/2008 2:31 PM

The following recipient(s) cannot be reached:

tafson@xxxxxxxxxxxxxxx on 4/3/2008 3:29 PM
You do not have permission to send to this recipient. For
assistance, contact your system administrator.
< barracuda.prsresearch.com #5.7.1 smtp; 550 5.7.1 Message
content rejected, UBE, id=14852-01-27>


"Larry Struckmeyer" wrote:

Your dns report and your sorbs report were both clean, so you may just be
a
victim of a spoofer. You do not have a spf record for that domain.

Post one of the messages.

--
Larry

Please post the resolution to
your issue so that all can benefit.


"SpinalTap" <SpinalTap@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:51153C5C-9E26-450E-88E3-7174014227BE@xxxxxxxxxxxxxxxx
Hi Larry,

Thanks for the reply.

My domain is at dgsteinconsulting dot com.

The public IP address is: 68 146 16 140


Also, I just looked in my SPAM quarantine and there were an additional
400
email replies from destinations sent from my domain.

Thanks.

-Dean

"Larry Struckmeyer" wrote:

Hi SpinalTap:

If you post your email domain name, that is the part after the @, we
can
check it for you. Disguise it as in *at*my*company*dot*com (remove
the
stars).

There are a number of things that can go wrong. One that just
happened
to a
client was that he allowed the shop workers to use the wireless side
of
his
router to use their notebooks at breaks and lunch. One or more of
them
was
infected and his IP was blacklisted, even though it has nothing to do
with
his domain name.

Therefore the public ip address of your wan facing device would also
be
helpful.

Here are some articles about checking for relay, but SBS/Exchange is
not
setup to relay unless your administrator specifically changed the
settings.

http://support.microsoft.com/kb/895853

http://www.microsoft.com/technet/security/prodtech/exchangeserver/excrelay.mspx

http://support.microsoft.com/kb/304897

I would be much more likely to suspect some other issue. shoot us the
domain name and the ip address and we can check, or you can use
www.dnsstuff.com and www.sorbs.net to run some checks yourself.

--
Larry

Please post the resolution to
your issue so that all can benefit.


"SpinalTap" <SpinalTap@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:9671A1FD-2D10-41F4-A7D4-0618BB8FE6BC@xxxxxxxxxxxxxxxx
Hello,

I am not exactly sure if my SBS server is acting as a SPAM relay but
what
is
happening is that I am receiving a bunch of replies from destination
email
addresses. These replies are indicating that messages from one of
our
accounts have been blocked, and the subject indicates that it is
definitely
spam. This started happing today, and I have not made any
significant
changes to my configuration.

Is there a way to determine if I am acting as a relay? Also, we
only
use
RWW for accessing email (i.e no POP3), but we do access other POP3
accounts
from other mail services. Given that, what can I turn off to reduce
the
chance that this can happen.

Thanks in advance for any insight.

-Dean









.

Relevant Pages

  • Re: SPAM Relay
    ... I just looked in my SPAM quarantine and there were an additional 400 ... email replies from destinations sent from my domain. ... setup to relay unless your administrator specifically changed the settings. ...
    (microsoft.public.windows.server.sbs)
  • Re: SPAM Relay
    ... Please post the resolution to ... I just looked in my SPAM quarantine and there were an additional ... email replies from destinations sent from my domain. ... Here are some articles about checking for relay, ...
    (microsoft.public.windows.server.sbs)
  • Re: SPAM Relay
    ... Your message did not reach some or all of the intended recipients. ... I just looked in my SPAM quarantine and there were an additional 400 ... email replies from destinations sent from my domain. ... Here are some articles about checking for relay, ...
    (microsoft.public.windows.server.sbs)
  • Re: SPAM Relay
    ... Your dns report and your sorbs report were both clean, so you may just be a ... I just looked in my SPAM quarantine and there were an additional 400 ... email replies from destinations sent from my domain. ... Here are some articles about checking for relay, ...
    (microsoft.public.windows.server.sbs)
  • Re: Sendmail queue warning rewrite
    ... up because one email got delayed while sending to aol because aol ... blocked our relay before I setup their loopback system because someone ... sent spam to our mail servers which then sent a NDR back to ... better without any need to change behavior users may expect. ...
    (comp.mail.sendmail)