Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Relay closed, user auth turn off, buts 10,000s of spam
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
 Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM
|
|
TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!
|
Relay closed, user auth turn off, buts 10,000s of spam - 18.Nov.2003 3:53:00 PM
|
|
|
skearon
Posts: 3
Joined: 11.Feb.2003
From: Dublin, Ireland
Status: offline
|
Some please help!
Suddenly 10 of thousands of spam messages
are going through my server and growing as I look at the smtp connections
Relay is disabled (i.e. telnet to server on port 25 and told relaying disabled)
From searching this forum I came across the auth problem, so have disabled allow computers who auth to relay
In case I have done something wrong can someone suggest what to test, also anything I can do to see source of these msgs (i.e. external or internal)
|
|
|
|
RE: Relay closed, user auth turn off, buts 10,000s of spam - 18.Nov.2003 4:18:00 PM
|
|
|
Henrik Walther
Posts: 6835
Joined: 21.Nov.2002
From: Copenhagen, Denmark
Status: offline
|
Now I don't know what you have configured, but I recommend you follow instructions in below article from Vamsoft:
http://www.vamsoft.com/orf/authattack.asp
Normally those instructions are sufficient.
|
|
|
|
|
RE: Relay closed, user auth turn off, buts 10,000s of spam - 18.Nov.2003 4:28:00 PM
|
|
|
skearon
Posts: 3
Joined: 11.Feb.2003
From: Dublin, Ireland
Status: offline
|
Thanks, but have already carried out the instructions in
http://www.vamsoft.com/orf/authattack.asp
|
|
|
|
RE: Relay closed, user auth turn off, buts 10,000s of spam - 24.Nov.2003 10:50:00 AM
|
|
|
shahid
Posts: 82
Joined: 10.Jul.2003
From: dubai
Status: offline
|
Hi Stephen
Ask all of your users to change their password and make them hard to guess, never use weak passwords.
hope it helps.
regards
shahid
|
|
|
|
|
RE: Relay closed, user auth turn off, buts 10,000s of spam - 5.Dec.2003 4:46:00 PM
|
|
|
DocFinity
Posts: 40
Joined: 6.Jun.2003
From: State College, PA
Status: offline
|
Stephen, definitely get all users to change their passwords. This same thing happened to me my outgoing queue was full of thousands of junk mails and sure enough they had gotten a users password. I had relaying disabled and users must authenticate to relay. Ever since I did the password changes it hasnt happened again.
|
|
|
|
|
RE: Relay closed, user auth turn off, buts 10,000s of spam - 23.Feb.2004 8:50:00 PM
|
|
|
Christ5340
Posts: 33
Joined: 12.Dec.2003
From: Dothan, AL
Status: offline
|
Turn on SMTP logging(all fields), what a couple of days, then import those text(log) files into Excel or Access and sort based on IP, grouping by counting and you can see which IP's are hitting you the most. For the IP's and domains that you don't recognize, check that IP address using ARIN, http://ws.arin.net/cgi-bin/whois.pl and see where the registrar is located. Most likely will be Asia, SA, or Europe if it's spam ore relay attemtps. I had this same problem, did what I've discussed and blocked the following netblocks at my Cisco Internet router using access-list 100 deny ip host xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx any
I blocked the following netblocks which include most all of Asia, some European, and some known US spammers and my spam is 99.999% gone.
deny ip 202.0.0.0 0.255.255.255 any
deny ip 203.0.0.0 0.255.255.255 any
deny ip 217.0.0.0 0.255.255.255 any
deny ip 218.0.0.0 0.255.255.255 any
deny ip 219.0.0.0 0.255.255.255 any
deny ip 220.0.0.0 0.255.255.255 any
deny ip 221.0.0.0 0.255.255.255 any
deny ip 222.0.0.0 0.255.255.255 any
deny ip 188.0.0.0 0.255.255.255 any
deny ip 80.0.0.0 0.255.255.255 any
deny ip 81.0.0.0 0.255.255.255 any
deny ip 82.0.0.0 0.255.255.255 any
deny ip 60.0.0.0 0.255.255.255 any
deny ip 61.0.0.0 0.255.255.255 any
deny ip 62.0.0.0 0.255.255.255 any
deny ip 210.0.0.0 0.255.255.255 any
deny ip 211.0.0.0 0.255.255.255 any
deny ip 212.0.0.0 0.255.255.255 any
deny ip 213.0.0.0 0.255.255.255 any
deny ip 193.0.0.0 0.255.255.255 any
deny ip 194.0.0.0 0.255.255.255 any
deny ip 195.0.0.0 0.255.255.255 any
deny ip 38.0.0.0 0.255.255.255 any
deny ip 43.0.0.0 0.255.255.255 any
deny ip 133.0.0.0 0.255.255.255 any
deny ip 83.0.0.0 0.255.255.255 any
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
