Solved

My server is a relay...Kind of

Posted on 2003-11-07
19
434 Views
Last Modified: 2011-10-03
I have an exchange 2000 server and have gone through the process to make sure it is not a mail relay but it seems it will accept some spam as a relay but it doesn't send it on so it gets hung up in the queue.  i ran mail relay test from a couple of the online sites and it always fails but the mail never gets anywhere except stuck in my SMTP queue.  This is getting very anoying and i have to spend way too much time trying to remove these items from my queue.  I do have some remote pop 3 users and my ISP does not do store and forward, all my mail comes dirrectly to my domain.

Please help me maintain my sanity...
0
Comment
Question by:czntrouble
  • 5
  • 5
  • 5
  • +3
19 Comments
 
LVL 2

Expert Comment

by:slandise
ID: 9703894
Enumerate messages in the queue.  If they show the sender as postmaster@yourdomain.com, this is not relaying - it is your server sending NDRs back to the sender.
0
 

Author Comment

by:czntrouble
ID: 9704051
I can't get the server to stop accepting the Spam Relay.  It isn't sending it on but it is accepting it for delivery.  i do get alot of the NDRs but if i can get the server to stop accepting the spam for delivery i am hoping that the NDRs stop as well.
0
 
LVL 2

Expert Comment

by:slandise
ID: 9704077
Check your current session and see if anyone is connected.  Your server might be compromised.  I would suggest having your remote users use OWA, and stop allowing users who authenticate to relay.  If someone has gotten a user name and password, they will be able to relay.  And you might actually be sending some of it on - the ones in your queue might be bad addresses.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Author Comment

by:czntrouble
ID: 9704156
When i try to view the current sessions it tells me the Virtual Server is not started???  Do you know which virtual server it is talking about and how i may go about starting it.  I tried to start the Default SMTP virtual server but all of the start/stop options are grayed out.

Also the people using the remote POP all have static IP's and i have it set that "Only the list below" can relay and have those individule addresses included... Isn't this the best way to allow this access?
0
 
LVL 35

Expert Comment

by:Bembi
ID: 9704297
Must not be really relay, type the following from a DOS promt on your server:

telnet relay-test.mail-abuse.org

It may be, that your spamer uses your own domain or IP address as the senders address, and if your server accept these mails, you need not to be open for relay. This is an option, if you allow anonymous access to your Virtual SMTP Server what may needed, if you get all mails directly to allow other host to connect.

Enable the SMTP log of your Virtual SMTP Server and have a look at the senders address.
0
 
LVL 35

Expert Comment

by:Bembi
ID: 9704319
Oh, if your server is in use --> active connections -> it may be that you can not stop it. Fix first all outgoing connections and queues.
0
 

Author Comment

by:czntrouble
ID: 9704556
OK I ran the command and it prompted me for a username so i logged in with valid credentials for my network.  THen it ran the test and said that it appeared to accept 1 relay.

In order to receive mail from the internet I have to allow anonymous access to the server right?

What do you mean by Fix first outgoing connections and queues?
0
 
LVL 35

Expert Comment

by:Bembi
ID: 9704725
Which one of the test fails? There are 20 Tests.

If you want to allow, that external servers connect directly to your server, you have to allow anonymous access, otherwise your server would reject the connection request.

You can fix every queue, should mean that the content of the queue will not be delivered. If you go to your virtual SMTP server - queues - right click a queue and thsi should be the first menu item. Don't not if is "FIX" in the english version as my server is german.
0
 

Author Comment

by:czntrouble
ID: 9704777
test 10 failed  here is the output
:Relay test: #Test 10
                     >>> mail from: <spamtest@mail.webbdist.com>
<<< 250 2.1.0 spamtest@mail.webbdist.com....Sender OK
>>> rcpt to: <"nobody@mail-abuse.org">
<<< 250 2.1.5 "nobody@mail-abuse.org"@webbdist.com
>>> QUIT
<<< 221 2.0.0 pdc.webb-dist.com Service closing transmission channel
Tested host banner: 220 ********************************************************
***0*2******************************200************0*00
System appeared to accept 1 relay attempts


The first menu item when i right click on a queue is Freeze.  so are you saying i should freeze the queues?
0
 

Author Comment

by:czntrouble
ID: 9704783
Also the test ended at 10 instead of running all of them...???
0
 
LVL 35

Expert Comment

by:Bembi
ID: 9705258
Freeze, exactly...

You see, where the relay test fails, even if the senders domain is faked (it's your own) and the recipient is enveloped in quotion marks. Have a look at your SMTP log, if this mail is really gone out. I have a filter in front of my EXCh, which comments this mail as "Syntax Error in Address". Have you installed the latest Service packs / patches?

0
 
LVL 21

Expert Comment

by:marc_nivens
ID: 9756465
A couple of things to verify:

Properties of the SMTP VS, 2nd tab, relay.  Make sure this is set to "only the list below" and that the list only contains servers you want to relay.  If this is already set then check all of your SMTP connectors, specifically the address space tab.  If the box is checked that says "allow relay to these domains" (or something similar) and your address space is *, then you're open for relay.  Simply uncheck this box to turn it off.
0
 
LVL 2

Expert Comment

by:mwareman
ID: 9792409
I've seen *many* exchange servers apparently allowing relay even when restrictions arein place - and in most cases either:-

1)
0
 
LVL 2

Expert Comment

by:mwareman
ID: 9792410
I've seen *many* exchange servers apparently allowing relay even when restrictions arein place - and in most cases either:-

1)
0
 
LVL 2

Expert Comment

by:mwareman
ID: 9792411
I've seen *many* exchange servers apparently allowing relay even when restrictions arein place - and in most cases either:-

1)
0
 
LVL 2

Expert Comment

by:mwareman
ID: 9792412
I've seen *many* exchange servers apparently allowing relay even when restrictions arein place - and in most cases either:-

1)
0
 
LVL 2

Expert Comment

by:mwareman
ID: 9792440
Oops..  sorry..

1)  The local Guest account was enabled - allowing any credentials to successfully authenticate (therefore allowing them to relay)

or

2)  A compromized local account on the box (in one case a domain account, but this machine was a member of the domain).

Check the local accounts on the box - reset passwords and ensure guest is disabled.

Generally, I've been able to pin the issue down to a previous infection by Code Red (the IIS worm) - one of it payloads (in some versions) is enabling the guest account..

Michael.
0
 

Expert Comment

by:fdavari
ID: 10566523
Best thing to do is to set up a LINUX sendmail server as the smarthost to your exchange server.  If the sendmail is configured properly, it will pass all the mail-abuse.org tests.  You don't need any fansy hardware a regular PC PII or PIII with 8 gig H/D and 128Meg Ram will do.
0
 
LVL 35

Accepted Solution

by:
Bembi earned 250 total points
ID: 10797546
czntrouble:
Is your problem solved now? Would be nice, if you would close the question then.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Are external E-mails being sent to distribution groups? 6 40
exchange2007 4 20
Exchange 2010 SP1 to SP3 + RU16 8 40
Updating Email Addresses in exchange 2013 2 19
We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question