Solved

My server is a relay...Kind of

Posted on 2003-11-07
19
415 Views
Last Modified: 2011-10-03
I have an exchange 2000 server and have gone through the process to make sure it is not a mail relay but it seems it will accept some spam as a relay but it doesn't send it on so it gets hung up in the queue.  i ran mail relay test from a couple of the online sites and it always fails but the mail never gets anywhere except stuck in my SMTP queue.  This is getting very anoying and i have to spend way too much time trying to remove these items from my queue.  I do have some remote pop 3 users and my ISP does not do store and forward, all my mail comes dirrectly to my domain.

Please help me maintain my sanity...
0
Comment
Question by:czntrouble
  • 5
  • 5
  • 5
  • +3
19 Comments
 
LVL 2

Expert Comment

by:slandise
ID: 9703894
Enumerate messages in the queue.  If they show the sender as postmaster@yourdomain.com, this is not relaying - it is your server sending NDRs back to the sender.
0
 

Author Comment

by:czntrouble
ID: 9704051
I can't get the server to stop accepting the Spam Relay.  It isn't sending it on but it is accepting it for delivery.  i do get alot of the NDRs but if i can get the server to stop accepting the spam for delivery i am hoping that the NDRs stop as well.
0
 
LVL 2

Expert Comment

by:slandise
ID: 9704077
Check your current session and see if anyone is connected.  Your server might be compromised.  I would suggest having your remote users use OWA, and stop allowing users who authenticate to relay.  If someone has gotten a user name and password, they will be able to relay.  And you might actually be sending some of it on - the ones in your queue might be bad addresses.
0
 

Author Comment

by:czntrouble
ID: 9704156
When i try to view the current sessions it tells me the Virtual Server is not started???  Do you know which virtual server it is talking about and how i may go about starting it.  I tried to start the Default SMTP virtual server but all of the start/stop options are grayed out.

Also the people using the remote POP all have static IP's and i have it set that "Only the list below" can relay and have those individule addresses included... Isn't this the best way to allow this access?
0
 
LVL 35

Expert Comment

by:Bembi
ID: 9704297
Must not be really relay, type the following from a DOS promt on your server:

telnet relay-test.mail-abuse.org

It may be, that your spamer uses your own domain or IP address as the senders address, and if your server accept these mails, you need not to be open for relay. This is an option, if you allow anonymous access to your Virtual SMTP Server what may needed, if you get all mails directly to allow other host to connect.

Enable the SMTP log of your Virtual SMTP Server and have a look at the senders address.
0
 
LVL 35

Expert Comment

by:Bembi
ID: 9704319
Oh, if your server is in use --> active connections -> it may be that you can not stop it. Fix first all outgoing connections and queues.
0
 

Author Comment

by:czntrouble
ID: 9704556
OK I ran the command and it prompted me for a username so i logged in with valid credentials for my network.  THen it ran the test and said that it appeared to accept 1 relay.

In order to receive mail from the internet I have to allow anonymous access to the server right?

What do you mean by Fix first outgoing connections and queues?
0
 
LVL 35

Expert Comment

by:Bembi
ID: 9704725
Which one of the test fails? There are 20 Tests.

If you want to allow, that external servers connect directly to your server, you have to allow anonymous access, otherwise your server would reject the connection request.

You can fix every queue, should mean that the content of the queue will not be delivered. If you go to your virtual SMTP server - queues - right click a queue and thsi should be the first menu item. Don't not if is "FIX" in the english version as my server is german.
0
 

Author Comment

by:czntrouble
ID: 9704777
test 10 failed  here is the output
:Relay test: #Test 10
                     >>> mail from: <spamtest@mail.webbdist.com>
<<< 250 2.1.0 spamtest@mail.webbdist.com....Sender OK
>>> rcpt to: <"nobody@mail-abuse.org">
<<< 250 2.1.5 "nobody@mail-abuse.org"@webbdist.com
>>> QUIT
<<< 221 2.0.0 pdc.webb-dist.com Service closing transmission channel
Tested host banner: 220 ********************************************************
***0*2******************************200************0*00
System appeared to accept 1 relay attempts


The first menu item when i right click on a queue is Freeze.  so are you saying i should freeze the queues?
0
Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

 

Author Comment

by:czntrouble
ID: 9704783
Also the test ended at 10 instead of running all of them...???
0
 
LVL 35

Expert Comment

by:Bembi
ID: 9705258
Freeze, exactly...

You see, where the relay test fails, even if the senders domain is faked (it's your own) and the recipient is enveloped in quotion marks. Have a look at your SMTP log, if this mail is really gone out. I have a filter in front of my EXCh, which comments this mail as "Syntax Error in Address". Have you installed the latest Service packs / patches?

0
 
LVL 21

Expert Comment

by:marc_nivens
ID: 9756465
A couple of things to verify:

Properties of the SMTP VS, 2nd tab, relay.  Make sure this is set to "only the list below" and that the list only contains servers you want to relay.  If this is already set then check all of your SMTP connectors, specifically the address space tab.  If the box is checked that says "allow relay to these domains" (or something similar) and your address space is *, then you're open for relay.  Simply uncheck this box to turn it off.
0
 
LVL 2

Expert Comment

by:mwareman
ID: 9792409
I've seen *many* exchange servers apparently allowing relay even when restrictions arein place - and in most cases either:-

1)
0
 
LVL 2

Expert Comment

by:mwareman
ID: 9792410
I've seen *many* exchange servers apparently allowing relay even when restrictions arein place - and in most cases either:-

1)
0
 
LVL 2

Expert Comment

by:mwareman
ID: 9792411
I've seen *many* exchange servers apparently allowing relay even when restrictions arein place - and in most cases either:-

1)
0
 
LVL 2

Expert Comment

by:mwareman
ID: 9792412
I've seen *many* exchange servers apparently allowing relay even when restrictions arein place - and in most cases either:-

1)
0
 
LVL 2

Expert Comment

by:mwareman
ID: 9792440
Oops..  sorry..

1)  The local Guest account was enabled - allowing any credentials to successfully authenticate (therefore allowing them to relay)

or

2)  A compromized local account on the box (in one case a domain account, but this machine was a member of the domain).

Check the local accounts on the box - reset passwords and ensure guest is disabled.

Generally, I've been able to pin the issue down to a previous infection by Code Red (the IIS worm) - one of it payloads (in some versions) is enabling the guest account..

Michael.
0
 

Expert Comment

by:fdavari
ID: 10566523
Best thing to do is to set up a LINUX sendmail server as the smarthost to your exchange server.  If the sendmail is configured properly, it will pass all the mail-abuse.org tests.  You don't need any fansy hardware a regular PC PII or PIII with 8 gig H/D and 128Meg Ram will do.
0
 
LVL 35

Accepted Solution

by:
Bembi earned 250 total points
ID: 10797546
czntrouble:
Is your problem solved now? Would be nice, if you would close the question then.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
how to add IIS SMTP to handle application/Scanner relays into office 365.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now