Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Open relay issues- THE SEQUEL
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
 Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM
|
|
TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!
|
Open relay issues- THE SEQUEL - 7.Jan.2003 5:28:00 PM
|
|
|
cbsmall
Posts: 5
Joined: 28.Dec.2002
From: Aspen, Colorado
Status: offline
|
I am running Exchange 2000 SP3. Very standard setup- one domain, no connectors, 15 users.
I have followed the instructions from this forum, other forums and microsoft to shut down open relay and yet, I am still being used like a cheap prostitute.
Thinking a password was hacked I have all users changing passwords.
Any other suggestions or leads to resources?
Funny_Bacon
|
|
|
|
|
RE: Open relay issues- THE SEQUEL - 7.Jan.2003 9:06:00 PM
|
|
|
Guest
|
What makes you so sure you are being used for relay?
Getting a rash or something?
Just curious.
Erik
|
|
|
|
RE: Open relay issues- THE SEQUEL - 7.Jan.2003 10:03:00 PM
|
|
|
DaDougInc
Posts: 827
Joined: 17.May2002
From: NC
Status: offline
|
Test your relay using Q153119
Ex: Telnet servername 25
helo
mail from:user@domain.com
Rcpt to:remoteuser@domain.com
Should see 550 5.7.1 response
A 250 response would indicate open relay
|
|
|
|
|
RE: Open relay issues- THE SEQUEL - 7.Jan.2003 10:22:00 PM
|
|
|
cbsmall
Posts: 5
Joined: 28.Dec.2002
From: Aspen, Colorado
Status: offline
|
I have about 40 crap hosts for all sorts of things coming through the SMTP Queue.
|
|
|
|
|
RE: Open relay issues- THE SEQUEL - 11.Jan.2003 10:16:00 PM
|
|
|
mfugatt
Posts: 479
Joined: 7.Apr.2002
From: Rochester, NY
Status: offline
|
Are you REALLY sure you are a relay, have you tested it using telnet, what were the results of the telnet test?
|
|
|
|
|
RE: Open relay issues- THE SEQUEL - 11.Jan.2003 10:32:00 PM
|
|
|
koggen
Posts: 980
Joined: 31.Oct.2001
From: Göteborg - Sweden
Status: offline
|
It is quite common to see a lot of strange mail in outbound queues. Whenever your server receives spam, most of it will bounce (since spammers frequently try to guess valid addresses which means that a lot of messages will bounce), but since many spam messages have forged return addresses the NDR:s generated will stick in your queue as undeliverable until the timeout period is reached.
Telnet tests can sometimes be misleading, especially if you are connection from the same network as the server or use email addresses which are local to your server (since most people configure their smtp server to allow relay based on ip and/or domain address). I recommend using an external test, like the one offered at http://www.ordb.org. This test actually tries to send mail through your server, and not just analyzes the smtp response codes.
// Johan
|
|
|
|
|
RE: Open relay issues- THE SEQUEL - 14.Jan.2003 8:38:00 PM
|
|
|
cbsmall
Posts: 5
Joined: 28.Dec.2002
From: Aspen, Colorado
Status: offline
|
I tested through ORDB and they reported that I am not open relaying. Seeing the last post, I am wondering if that is the case. I cannot seem to telnet to my server and get a response. I can telnet to other servers and get a response to I know I am doing it right.
Thanks to all who replied!
|
|
|
|
|
RE: Open relay issues- THE SEQUEL - 16.Jan.2003 3:06:00 AM
|
|
|
Splint
Posts: 1
Joined: 16.Jan.2003
From: San Diego
Status: offline
|
I have the same issue. However, if I set up my server the way it is supposed to be, NOBODY can relay, even authenticated users. I have used 3rd party to verify, with mixed results. When I telnet in, i get a 250 when I try to send.
In the relay tab, if I select only the list below, nobody can send mail, regardless of the authentication ckeck box at the bottom. At this point, I have tried EVERY combination of settings and it is always an all-or-nothing situation. Any ideas would be great.
|
|
|
|
|
RE: Open relay issues- THE SEQUEL - 17.Jan.2003 4:21:00 AM
|
|
|
Guest
|
I have the exact same problem - everything has been humming along just fine when Monday Jan 13 everything started slowing down. By Tuesday I had a log jam and yesterday it all came to a halt. I have the relay setup as per Microsoft instructions and the ordb.org says I am not an open relay. Yet I have about 2,000 server connections sitting in my que with 290,000 messages totalling 1 GIG! My server is barely alive. If I stop the SMTP virtual server, everything is OK. It took all day to clean out all the badmail and now everytime I turn on the SMTP server, I get hundreds of messages flowing in instantly. I only have 9 users on our network! Any help is greatly appreciated.
|
|
|
|
|
RE: Open relay issues- THE SEQUEL - 17.Jan.2003 6:36:00 PM
|
|
|
cbsmall
Posts: 5
Joined: 28.Dec.2002
From: Aspen, Colorado
Status: offline
|
I feel some of your pain, CANNON. My issue hasn't gotten that bad though. Hope it doesn't but a resolution would be nice!
|
|
|
|
|
RE: Open relay issues- THE SEQUEL - 18.Jan.2003 4:07:00 AM
|
|
|
Guest
|
Since a number of us are experiencing the same issue here, and in my case this is devastating, what is there to do? I have not called Microsoft yet, but my last experience with them was unusual. I had a problem which they required me to so narrowly define, by the time we were done, that one little thing had been taken care of, but my real problem had not. A person could spend a fortune one little piece at a time trying to resolve an issue like this one. I hope someone is listening. I am not relaying (according to ordb), yet when I turn on the SMTPVS, I get a flood of messages - maybe 100 per second. I have virus checked OK. How is this happening (293,000 messages in one day)??? Help please!
|
|
|
|
|
RE: Open relay issues- THE SEQUEL - 19.Jan.2003 12:37:00 AM
|
|
|
koggen
Posts: 980
Joined: 31.Oct.2001
From: Göteborg - Sweden
Status: offline
|
Well guys, let's get back to basics. Either you are relaying, or you donÆt. If ordb says your server wonÆt relay then thatÆs probably the case, at least when sending mail from an external network! Have all of you really run the telnet tests from *different* networks? (in case of any rules allowing relay based on IP address or domain name û double check these settings!) If you need help then drop me a private message with your domain name and IÆll help you with the telnet tests.
If the ordb and the telnet tests turn out negative (i.e. donÆt imply an open relay), but you still receive enormous amounts of mail, then I would say that thereÆs likely only two options left: either someone on your network with access to your server is SENDING OUT SPAM, in which case take obvious actions, or your server just for some reason receives enormous amounts of mail and the queues are filled with bouncing messages (NDR:s).
Cannon, what happens if you cut the outgoing connection (if you can û thus isolating your local network) and re-enable the SMTPVS? If you still get lots of messages then you can be sure thereÆs a local problem.
I see that there a several people having trouble in finding appropriate combinations of settings in order to secure their servers. If you like, take a look at some old help pages I've made some time ago.
See http://www.sandqvist.pp.se/vs/ for my default SMTPVS settings, and http://www.sandqvist.pp.se/smtp/ for a non relaying configuration. These settings work! I use them on two different Exchange servers.
If you need further help post more details on your setup and system behaviour. Remember that a certain amount of strange mail in outbound queues is normal (see my posting above) and does not imply having a relaying server. But if things are like Cannon describes, I would certainly say something is wrong. Btw, also make sure that you don't run any FILEBASED antivirus programs as these really can mess up things (always use SMTP based scanners)!
// Johan
|
|
|
|
|
RE: Open relay issues- THE SEQUEL - 23.Jan.2003 7:41:00 PM
|
|
|
dgeevaratne
Posts: 72
Joined: 30.Sep.2002
From: washington dc
Status: offline
|
Don't forget that viruses, trojans and the like could have infected your network users' computers and their computer is the one sending all this outbound mail (which technically is perfectly legit as far as your exchange server is concerned). virus checks on all machines in your network is usually a pretty obvious suggestion (sorry, don't mean to insult) but is sometimes overlooked if virus engine updates don't have the latest definitions.
old definitions + newer mass mailing virus infects system = hosed exchange server
[ January 23, 2003, 07:41 PM: Message edited by: dgeevaratne ]
|
|
|
|
RE: Open relay issues- THE SEQUEL - 24.Jan.2003 6:00:00 PM
|
|
|
exch2kis2cool
Posts: 4
Joined: 17.Dec.2002
From: USA
Status: offline
|
How do you stop the user <> from authenticating?
|
|
|
|
|
RE: Open relay issues- THE SEQUEL - 25.Jan.2003 12:29:00 AM
|
|
|
cbsmall
Posts: 5
Joined: 28.Dec.2002
From: Aspen, Colorado
Status: offline
|
All computers are clean. Hope this thread is helping everyone out!
|
|
|
|
|
RE: Open relay issues- THE SEQUEL - 25.Feb.2003 7:56:00 PM
|
|
|
rzm60
Posts: 1
Joined: 25.Feb.2003
From: UK
Status: offline
|
I had excatly the same problem as described by Cannon above. Over a period of 2 days the queues on my Default SMTP Virtual Server grew, with thousands of mails destined for many different domains, some wth spoofed from/to addresses, others were NDR's. My 2000 Server is NOT an open relay. I have up to date Virus checking on all 20 of my client computers and Exchange aware virus checking on my server - all are clean. ISA Server is my Firewall.
The only way that I have been able to clear things is to disable the Default SMTP virtual Server and delete all of badmail and queue from a command prompt. I have defined a second SMTP Server which is running fine. But each time I re-enable the Default Server, the queues on that ser er start to grow again, more badmail, more NDR's.
So where do I go from here? I can't re-enable the Default SMTP Server without completely clearing the problem, but virus checkers find nothing wrong and I am not an open relay. The default directories for vsi 1 (Program Files\exchsrvr\mailroot\vsi 1 are all empty, but each time I start it the queue fills with crap mails.
As all seems ok if I keep the Default SMTP server shutdown all is well, so I thought I might disable it or delete it so it won't restart when the box reboots. Is this a good idea or even possible?
Interesting that a number of people, all claiming not to be open relays have reported this. Maybe there's a wider problem here?
Cheers,
Rob
|
|
|
|
RE: Open relay issues- THE SEQUEL - 2.Mar.2003 3:16:00 PM
|
|
|
clautmcp2
Posts: 18
Joined: 24.Jul.2002
From: NY
Status: offline
|
I found a good tool thats makes it easy to check your email server.
http://www.samspade.org/ssw/
|
|
|
|
|
RE: Open relay issues- THE SEQUEL - 3.Mar.2003 7:49:00 AM
|
|
|
dlal13
Posts: 1
Joined: 3.Mar.2003
From: Dubai
Status: offline
|
hi,
We have had a similar pbm here on my server since firday (1 march).
We have a exahange 2000 server, sp3, with sophos mail monitor runing on it, directly on public ip address and second nic on to our local network.
on friday afternoon we got complaints from users that emails had stopped. Checked teh queues the server was taking hell lot of time to diaplay, so restarted, nothig worked. after the boot we found that we had 1000's of messages being routed from our server,
We called our antivirus supplier, he verified it to be a Spam/Relay attack.
Cound not get help from microsoft support center.
The ISP was clear in his statement saying that he waas no way
concerned with it as the attack could not be blocked by him.
we were just using our domain name and getting mails ourselves.
I checked the tutorial mentioned on your site and all was
configured properly (as mentioned), inspite of this we were getting 1000's
of messages every minite. ORDB certified that our server was not a open relay.
I stopped the default smtp server and started a new one as
mentioned by one of our friends, but it also started clogging.
even when both the nic cards were unplugged, we found the queues to be increasing.
one observation was: when the queues were increasing in size inetinfo.exe the ftp service memory usage was increasing and decreasing in teh tasks.
more over we had long time back stopped the service. No idea
from where this had got enabled, and moreover why was it
showing activity when no users and cables were plugged.
[ One important info: In order to enable web access we need to add the user in the local logon group. we had done that to a number of users, whose user/pass were same.we found some users logged on the desktop of the exchange server at odd hours. And we found a software firedaemon
installed on exchange server.]
Finally on saturday morning we installed mail marshall trial to check teh queues and relay, then stopped the ftp service which was running. Everythig became ok.
Today sunday morning no relay , little spam evertthing in control.
Hope this will give soem help to other users.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
RE: Open relay issues- THE SEQUEL - ![[Frown]](/image/smiles/frown.gif)
.![[Confused]](/image/smiles/confused.gif)
Good ![[Big Grin]](/image/smiles/biggrin.gif)
bad ![[Roll Eyes]](/image/smiles/rolleyes.gif)
ugly ![[Mad]](/image/smiles/mad.gif)
