• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

RE: URGENT, PLEASE HELP

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2000] >> General >> RE: URGENT, PLEASE HELP Page: <<   < prev  1 [2]
Login
Message << Older Topic   Newer Topic >>
RE: URGENT, PLEASE HELP - 24.Feb.2004 6:59:00 PM   
jjd228

 

Posts: 37
Joined: 23.Sep.2003
From: NYC
Status: offline
would you like an example? maybe then youll stop arguing about something you clearly dont understand? telnet to your mail server from outside. guess what? youll be able to CONNECT! then, use a "mail from" command to start sending an email. youll see that it IS accepted! then use an rcpt to command to try and SEND (RELAY) the message... it will say DENIED. get it now??? you HAVE to allow anonymous CONNECTIONS. but you do NOT allow unauthenticated relaying. you are clearly confused between the 2

(in reply to jjd228)
Post #: 21
RE: URGENT, PLEASE HELP - 24.Feb.2004 7:20:00 PM   
Randy Temple

 

Posts: 158
Joined: 1.Aug.2002
From: Michigan
Status: offline
Forget it this is going nowhere. Enjoy getting spammed Clearly you dont understand how you got relayed. With allowing anonymous access which you want if you didnt you would be able to recieve mail.

how you got relayed is you had allow all computers which successfully authenticate to realy regardlss of the list above. with that checked lets say a commercial company send you 1 email. In that email are 10000 of recipents you mail server will relay all of those messages. This will be my last post to this issue with you clearing the all all computers i am guessing you dont have the problem anymore or you wouldnt take the time to post as many times as you ahve. Just say thankyou and move on.

For you Imap and pop3 users i would suggest creating another Smtp virtual server. you can dedicate this to recieve pop3 and impa4 messages. YOu can use the authentication with ssl encryption to allow relaying for authenticated clints. But if you took the time to learn how Rpc works over http you would have to use this.

(in reply to jjd228)
Post #: 22
RE: URGENT, PLEASE HELP - 24.Feb.2004 7:23:00 PM   
jjd228

 

Posts: 37
Joined: 23.Sep.2003
From: NYC
Status: offline
LOL.. youre the stupidist person ive ever come across. i feel bad for anyone whose network you administer. not only are you completely wrong, but even when you read information youre still wrong! LOL

(in reply to jjd228)
Post #: 23
RE: URGENT, PLEASE HELP - 24.Feb.2004 7:27:00 PM   
Randy Temple

 

Posts: 158
Joined: 1.Aug.2002
From: Michigan
Status: offline
ha.. who is getting relayed?

Please go find an article on how you got relayed. Please read all of KB article 319356. Never once did i say to uncheck all anoymous access. I said with that checked and with Allw all computer which successfully authenticate opens you up wide for relaying. Never did i say to uncheck this. Without this you would never recieve an email because it woudl require a password please go back and read the post.

Just read KB 319356 again you didnt answer the quetion as to if you were still being relayed. I bet you aren't after removing allow all computers.....

(in reply to jjd228)
Post #: 24
RE: URGENT, PLEASE HELP - 24.Feb.2004 7:31:00 PM   
Randy Temple

 

Posts: 158
Joined: 1.Aug.2002
From: Michigan
Status: offline
you wrote Randy: my SMTP server is setup properly as i indicated in my original post. relaying is set to "Only the list below" and the list is blank. this, again, leads to to believe strongly that someone MUST be using a valid account name to relay their mail. wouldnt this only make sense? please advise

all i said was i bet you have anymous access checked along with allow computers to successfully auth.... all i said was to uncheck alll all computers then this whole thing went downhill. I dont know if you can accept a solution or you are just bull headed i am sorry for you experience but i hope you problem is solved.

(in reply to jjd228)
Post #: 25
RE: URGENT, PLEASE HELP - 24.Feb.2004 7:33:00 PM   
Randy Temple

 

Posts: 158
Joined: 1.Aug.2002
From: Michigan
Status: offline
realize with allow anonymous access checked it doesnt require a usname and password that is what i was trying to get across. you said you wanted to track this becuase someone had to authenticate. Well they didnt because with this checked it doesnt require a username and password. i never said to uncheck this. If you did you would have to get with a isp provider who supported this.

(in reply to jjd228)
Post #: 26
RE: URGENT, PLEASE HELP - 24.Feb.2004 7:33:00 PM   
Randy Temple

 

Posts: 158
Joined: 1.Aug.2002
From: Michigan
Status: offline
realize with allow anonymous access checked it doesnt require a usname and password that is what i was trying to get across. you said you wanted to track this becuase someone had to authenticate. Well they didnt because with this checked it doesnt require a username and password. i never said to uncheck this. If you did you would have to get with a isp provider who supported this.

(in reply to jjd228)
Post #: 27
RE: URGENT, PLEASE HELP - 24.Feb.2004 7:42:00 PM   
hecklej

 

Posts: 22
Joined: 17.Feb.2004
From: Charlotte, North Carolina
Status: offline
would you two quit bitching at each other, you are not helping anyone by posting all of this crap!

(in reply to jjd228)
Post #: 28
RE: URGENT, PLEASE HELP - 24.Feb.2004 8:43:00 PM   
koggen

 

Posts: 980
Joined: 31.Oct.2001
From: Göteborg - Sweden
Status: offline
Hullo guys... I see you've been busy today. Just thought I add a few lines to clarify things.

Mark Fugatt's article Understanding Relaying and Spam with Exchange 2000 is correct and implementing these settings will prevent relay!

There *are* a few pitfalls though; make sure that any smtp connectors are properly configured (see the article); make sure you don't allow relay based on ip from other servers that accept *any* email and forward to your server; make sure you don't forward unknown recipients to another server that in turn accepts relay from your server (effectively creating a nice relay loop).

If you think an account has been compromised and is being used for authenticated relay you can see which account is used by configuring diagnostic logging on the server. Open up Exchange System Manager, drill down to server object, properties, diagnostic logging. Set the logging level for MSExchangeTransport->Authentication to maximum.

Any relay attempts using accounts will now show up in the Application Event Log as event id 1708:

code:
SMTP Authentication was performed successfully with client "clientname".
The authentication method was "LOGIN" and the username was "DOMAIN\user".

Regards,

Johan

(in reply to jjd228)
Post #: 29
RE: URGENT, PLEASE HELP - 24.Feb.2004 11:22:00 PM   
jjd228

 

Posts: 37
Joined: 23.Sep.2003
From: NYC
Status: offline
quote:
Originally posted by Randy Temple:
ha.. who is getting relayed?

Please go find an article on how you got relayed. Please read all of KB article 319356. Never once did i say to uncheck all anoymous access. I said with that checked and with Allw all computer which successfully authenticate opens you up wide for relaying. Never did i say to uncheck this. Without this you would never recieve an email because it woudl require a password please go back and read the post.

Just read KB 319356 again you didnt answer the quetion as to if you were still being relayed. I bet you aren't after removing allow all computers.....

but dont you get it yet? youre WRONG. with anonymous connections enabled AND allow all users that successfully authenticate to relay you ARE NOT open to relaying, you moron! thats the point!

(in reply to jjd228)
Post #: 30
RE: URGENT, PLEASE HELP - 25.Feb.2004 11:41:00 AM   
jjd228

 

Posts: 37
Joined: 23.Sep.2003
From: NYC
Status: offline
quote:
Originally posted by Johan Sandqvist:
Hullo guys... I see you've been busy today. Just thought I add a few lines to clarify things.

Mark Fugatt's article Understanding Relaying and Spam with Exchange 2000 is correct and implementing these settings will prevent relay!

There *are* a few pitfalls though; make sure that any smtp connectors are properly configured (see the article); make sure you don't allow relay based on ip from other servers that accept *any* email and forward to your server; make sure you don't forward unknown recipients to another server that in turn accepts relay from your server (effectively creating a nice relay loop).

If you think an account has been compromised and is being used for authenticated relay you can see which account is used by configuring diagnostic logging on the server. Open up Exchange System Manager, drill down to server object, properties, diagnostic logging. Set the logging level for MSExchangeTransport->Authentication to maximum.

Any relay attempts using accounts will now show up in the Application Event Log as event id 1708:

code:
SMTP Authentication was performed successfully with client "clientname".
The authentication method was "LOGIN" and the username was "DOMAIN\user".

Regards,

Johan

thank you so much. however i dont have "MSExchangeTransport->Authentication". i DO have "MSExchangeTransport->SMTP Protocol". would that be the one i want? and why wouldnt i have what you suggested?

(in reply to jjd228)
Post #: 31
RE: URGENT, PLEASE HELP - 25.Feb.2004 2:18:00 PM   
jjd228

 

Posts: 37
Joined: 23.Sep.2003
From: NYC
Status: offline
Johan... just wanted to thank you again. the username that was being used was indeed logged in the event log. it was an old username that was created by a 3rd party consulting firm long ago. its now been deleted and everything looks great! thank you again!

(in reply to jjd228)
Post #: 32
RE: URGENT, PLEASE HELP - 25.Feb.2004 2:19:00 PM   
Randy Temple

 

Posts: 158
Joined: 1.Aug.2002
From: Michigan
Status: offline
Oh god with allowing annonymous access (which you have to have checked) and also checking alloww all comuters who successfully authe..... checked. This open you up to be relayed. when a message comes in for a commercial email company within that mail can be 1000 recipients from all different types of domains. You mail server reads the mail notices the other addressee's and relays it to those people.

(in reply to jjd228)
Post #: 33
RE: URGENT, PLEASE HELP - 25.Feb.2004 2:29:00 PM   
jjd228

 

Posts: 37
Joined: 23.Sep.2003
From: NYC
Status: offline
wow. no, it doesnt. unless the user is ALLOWED to relay. and the user WONT be allowed to relay UNLESS he has been authenticated. please tell me you understand this. there are now 2 people telling you that youre wrong. with your scenario, yes, the spam will be relayed IF THE USER IS ABLE TO AUTHENTICATE. but he wont be able to authenticate if he doesnt have a valid username and password on the system.

(in reply to jjd228)
Post #: 34
RE: URGENT, PLEASE HELP - 25.Feb.2004 2:33:00 PM   
c0c074

 

Posts: 12
Joined: 23.Feb.2004
From: michigan
Status: offline
Wow will you two stop going at one another. By reading all of these posts it seems the guy who started this doesnt want to listen to a solution. Allowing anonymous access is a must. If this is not enabled it will require everyone who attempts to send mail to an org to have to know a username and password. It seems Randy is attempting to get this point across. The other is if you allow all computers which successfully authenticate to relay, regardless of the list above it does enable a commercial company to relay mail through your server. Since a mial server will accept any connection and allow all computer to successfuly realy regaurdless of the list above anyone can relay becuase annoymous access is turned on. So the simple fact is you were getting relayed becuase you had Allow all computers which successfully authenticate to relay regardless of the list above, Remember they didnt have to authenicate becuase annoymous acces was turned on. If you uncheck All all computers which success authenticate regardless of the list above you will not be realyed becase your only the list below will take presedence.

(in reply to jjd228)
Post #: 35
RE: URGENT, PLEASE HELP - 25.Feb.2004 2:43:00 PM   
jjd228

 

Posts: 37
Joined: 23.Sep.2003
From: NYC
Status: offline
LOL.. jonah... please help me here. you are completely mistaken. youre wrong because youre confusing the meaning of the 2 things. however im done trying to explain it.... ill say this: yes, enabling anonymous connections is a must. this is so other smtp servers can connect to your server and exchange mail. but this is completely different than authentication. authentiocation has to do with USERS when they try to use the server. these are completely different and you 2 are wrong and simply dont understand. instead of arguing, try to learn! the default, MICROSOFT RECOMMENDED config is to "allow anonymous connections" and "enable all USERS who SUCCESSFULLY AUTHENTICATE" to relay.

(in reply to jjd228)
Post #: 36
RE: URGENT, PLEASE HELP - 25.Feb.2004 4:29:00 PM   
c0c074

 

Posts: 12
Joined: 23.Feb.2004
From: michigan
Status: offline
Here is my questions to you then. if you have...

enable all USERS who SUCCESSFULLY AUTHENTICATE" to relay

BUt you also have allow all annoymous connections what is to stop anyone from relaying on your server. With allow annoymous connections checked (which it should be) this requires no password so there fore when hitting your server no one has to authenticate. Read the article randy posted before on how enabling this causes you system to be open for relay. It is in the sentence. ENABLE ALL USERS WHO SUCCESSFULLY AUTHENICATE TO REALY. If you have allow annoymous connections you dont require anyone to authenticate.

(in reply to jjd228)
Post #: 37
RE: URGENT, PLEASE HELP - 25.Feb.2004 4:32:00 PM   
koggen

 

Posts: 980
Joined: 31.Oct.2001
From: Göteborg - Sweden
Status: offline
Hi!

jjd228 is right. Anonymous access *only* means that anyone *may* access your server. It has *nothing* to do with relay *unless* you also (mis)configure a SMTP connector with default SMTP domain "*" (meaning all domains) to "Allow messages to be relayed to these domains".

There's a huge difference between access and authentication. Unfortunatelly Microsoft placed the settings in such a way that many are confused by this.

It's worth repeating again: anonymous access will not allow relay *unless* you also have a (mis)configured SMTP connector!

jjd228: Glad you found the account! It struck me that the setting might have been called something else in Exchange 2000 or indead was included in the "SMTP Protocol" events. The info was from Exchange 2003.

Regards,

Johan Sandqvist
Microsoft Exchange MVP

[ February 25, 2004, 04:33 PM: Message edited by: Johan Sandqvist ]

(in reply to jjd228)
Post #: 38

Page:   <<   < prev  1 [2] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2000] >> General >> RE: URGENT, PLEASE HELP Page: <<   < prev  1 [2]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter