• Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

abuse spam and open relay

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2000] >> Server Security >> abuse spam and open relay Page: [1]
Message << Older Topic   Newer Topic >>
abuse spam and open relay - 22.Jul.2003 5:42:00 PM   


Posts: 19
Joined: 26.Oct.2002
From: Belgium
Status: offline

I have already checked my exchange2000 server for open relay but the test on http://www.abuse.net/cgi-bin/relaytest
gives this result

Relay test 1
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest@abuse.net>
<<< 250 2.1.0 spamtest@abuse.net....Sender OK
>>> RCPT TO:<relaytest@abuse.net>
<<< 550 5.7.1 Unable to relay for relaytest@abuse.net

test2 , 3 , all ok

this is wrong

Relay test 8
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest@[]>
<<< 250 2.1.0 spamtest@[]....Sender OK
>>> RCPT TO:<"relaytest@abuse.net">
<<< 250 2.1.5 "relaytest@abuse.net"@domein.nl

Hmmn, at first glance, host appeared to accept a message for relay.

PLEees Help.

What is wrong?
- I have no connector or smart host
- Default virtual smtp server is correct configured.

Post #: 1
RE: abuse spam and open relay - 25.Jul.2003 7:50:00 PM   


Posts: 980
Joined: 31.Oct.2001
From: Göteborg - Sweden
Status: offline
Well, most of these so called "relay checking scripts" are - how shall I put it mildly? - somewhat less accurate than desirable!

Most scripts I've seen analyze the SMTP dialog response codes, where a 250 in this case would indicate a (potential) relay situation. The case is that most scripts are written considering the normal behaviour of unix/linux servers, like sendmail. These programs give you a "no relay message", or 550 message, at a much earlier stage, actually directly after issuing the "RCPT TO:" command, when you enter an email address with in one way or another somewhat different syntax. So if you try to send to "victim@domain.com%yourdomain.com" (common relay exploit) sendmail will give you a 550 answer directly. Exchange however accepts the message and then does an *internal* relay-checking procedure and does not issue a relay prohibited until then!

So in other words, many relay scripts are actually thinking that Exchange servers are open for relay when they in fact are not! The *ONLY* reliable relay test is to actually try to send a message through the system (the scripts usually never send messages, just check to see the default response codes). Instead either do the tests on your own (telnet) or use a relay checking service which actually tries to send email (hich is a much greater help since it also makes it possible to detect relaying loops! I.e. one server which in it self does not accept relay but forwards unknown recipients to another server whichs gladly accepts relay from the first (trusted) server and sends out the spam.

Hmm... a somewhat long response, but I keep getting agitated whenever I see so called "relay checking scripts" which only do half the work. [Smile]

Well, back to your case: if you really are open for relay start checking the settings for the SMTP virtual server, and especially any SMTP connectors. Since you don't have any connectors just check the relay settings for the SMTP vs.

Good luck!

// Johan

(in reply to ludder)
Post #: 2
RE: abuse spam and open relay - 16.Aug.2003 7:21:00 PM   


Posts: 4
Joined: 13.Aug.2003
From: L.A
Status: offline
Good site to check for an open relay
Others just given wrong reports

(in reply to ludder)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2000] >> Server Security >> abuse spam and open relay Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts

Follow TechGenix on Twitter