• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Are we a relay?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2000] >> Server Security >> Are we a relay? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Are we a relay? - 14.Feb.2006 11:17:39 AM   
adamr

 

Posts: 2
Joined: 13.Feb.2006
Status: offline
I wasn't sure if this should be here or in Message Routing. Basically our SMTP virtual server queue is packed with thousands of messages, none being sent from any of the network clients (not knowingly at least). The domains are varied and random, but there's a lot of .com.tw.

We run Symantec corporate, and the defs are up to date. Oddly enough, we just had some mail bounce back from known recipients saying that we were listed as being an open relay on ORDB, but I've since submitted our server for testing and they say we aren't.

When I telnet to relay-test.mail-abuse.org for the relaying test, this is the result (domain and IPs changed)....

:Relay test: #Test 10
                     >>> mail from: <spamtest@hostxx-xxx-xx-xx.in-addr.btopenwor
ld.com>
<<< 250 2.1.0 spamtest@hostxx-xxx-xx-xx.in-addr.btopenworld.com....Sender OK
>>> rcpt to: <"nobody@mail-abuse.org">
<<< 250 2.1.5 "nobody@mail-abuse.org"@ourdomain.co.uk
>>> QUIT
<<< 221 2.0.0 server.ourdomain.co.uk Service closing transmission chann
<<< 221 2.0.0 server.ourdomain.co.uk Service closing transmission chann
el
Tested host banner: 220 server.ourdomain.co.uk Microsoft ESMTP MAIL Ser
vice, Version: 5.0.2195.6713 ready at  Tue, 14 Feb 2006 10:03:53 +0000
System appeared to accept 1 relay attempts


It's only that final test which it 'appears' to fail on, is this a known issue and is there an easy fix?

Also, is it possible to find the originating IP address for mail sat in the SMTP queue?
Post #: 1
RE: Are we a relay? - 14.Feb.2006 12:51:06 PM   
adamr

 

Posts: 2
Joined: 13.Feb.2006
Status: offline
Just to follow up, I can see now that we have loads (15-30 at any one time) of connected sessions to our SMTP server from the 61.64.x.x range of IPs, and those I've checked against known spam server databases have them blacklisted.

What on Earth is going on?

(in reply to adamr)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2000] >> Server Security >> Are we a relay? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter