?
Solved

My server is a relay...Kind of

Posted on 2003-11-07
19
Medium Priority
?
463 Views
Last Modified: 2011-10-03
I have an exchange 2000 server and have gone through the process to make sure it is not a mail relay but it seems it will accept some spam as a relay but it doesn't send it on so it gets hung up in the queue.  i ran mail relay test from a couple of the online sites and it always fails but the mail never gets anywhere except stuck in my SMTP queue.  This is getting very anoying and i have to spend way too much time trying to remove these items from my queue.  I do have some remote pop 3 users and my ISP does not do store and forward, all my mail comes dirrectly to my domain.

Please help me maintain my sanity...
0
Comment
Question by:czntrouble
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
  • 5
  • +3
19 Comments
 
LVL 2

Expert Comment

by:slandise
ID: 9703894
Enumerate messages in the queue.  If they show the sender as postmaster@yourdomain.com, this is not relaying - it is your server sending NDRs back to the sender.
0
 

Author Comment

by:czntrouble
ID: 9704051
I can't get the server to stop accepting the Spam Relay.  It isn't sending it on but it is accepting it for delivery.  i do get alot of the NDRs but if i can get the server to stop accepting the spam for delivery i am hoping that the NDRs stop as well.
0
 
LVL 2

Expert Comment

by:slandise
ID: 9704077
Check your current session and see if anyone is connected.  Your server might be compromised.  I would suggest having your remote users use OWA, and stop allowing users who authenticate to relay.  If someone has gotten a user name and password, they will be able to relay.  And you might actually be sending some of it on - the ones in your queue might be bad addresses.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 

Author Comment

by:czntrouble
ID: 9704156
When i try to view the current sessions it tells me the Virtual Server is not started???  Do you know which virtual server it is talking about and how i may go about starting it.  I tried to start the Default SMTP virtual server but all of the start/stop options are grayed out.

Also the people using the remote POP all have static IP's and i have it set that "Only the list below" can relay and have those individule addresses included... Isn't this the best way to allow this access?
0
 
LVL 35

Expert Comment

by:Bembi
ID: 9704297
Must not be really relay, type the following from a DOS promt on your server:

telnet relay-test.mail-abuse.org

It may be, that your spamer uses your own domain or IP address as the senders address, and if your server accept these mails, you need not to be open for relay. This is an option, if you allow anonymous access to your Virtual SMTP Server what may needed, if you get all mails directly to allow other host to connect.

Enable the SMTP log of your Virtual SMTP Server and have a look at the senders address.
0
 
LVL 35

Expert Comment

by:Bembi
ID: 9704319
Oh, if your server is in use --> active connections -> it may be that you can not stop it. Fix first all outgoing connections and queues.
0
 

Author Comment

by:czntrouble
ID: 9704556
OK I ran the command and it prompted me for a username so i logged in with valid credentials for my network.  THen it ran the test and said that it appeared to accept 1 relay.

In order to receive mail from the internet I have to allow anonymous access to the server right?

What do you mean by Fix first outgoing connections and queues?
0
 
LVL 35

Expert Comment

by:Bembi
ID: 9704725
Which one of the test fails? There are 20 Tests.

If you want to allow, that external servers connect directly to your server, you have to allow anonymous access, otherwise your server would reject the connection request.

You can fix every queue, should mean that the content of the queue will not be delivered. If you go to your virtual SMTP server - queues - right click a queue and thsi should be the first menu item. Don't not if is "FIX" in the english version as my server is german.
0
 

Author Comment

by:czntrouble
ID: 9704777
test 10 failed  here is the output
:Relay test: #Test 10
                     >>> mail from: <spamtest@mail.webbdist.com>
<<< 250 2.1.0 spamtest@mail.webbdist.com....Sender OK
>>> rcpt to: <"nobody@mail-abuse.org">
<<< 250 2.1.5 "nobody@mail-abuse.org"@webbdist.com
>>> QUIT
<<< 221 2.0.0 pdc.webb-dist.com Service closing transmission channel
Tested host banner: 220 ********************************************************
***0*2******************************200************0*00
System appeared to accept 1 relay attempts


The first menu item when i right click on a queue is Freeze.  so are you saying i should freeze the queues?
0
 

Author Comment

by:czntrouble
ID: 9704783
Also the test ended at 10 instead of running all of them...???
0
 
LVL 35

Expert Comment

by:Bembi
ID: 9705258
Freeze, exactly...

You see, where the relay test fails, even if the senders domain is faked (it's your own) and the recipient is enveloped in quotion marks. Have a look at your SMTP log, if this mail is really gone out. I have a filter in front of my EXCh, which comments this mail as "Syntax Error in Address". Have you installed the latest Service packs / patches?

0
 
LVL 21

Expert Comment

by:marc_nivens
ID: 9756465
A couple of things to verify:

Properties of the SMTP VS, 2nd tab, relay.  Make sure this is set to "only the list below" and that the list only contains servers you want to relay.  If this is already set then check all of your SMTP connectors, specifically the address space tab.  If the box is checked that says "allow relay to these domains" (or something similar) and your address space is *, then you're open for relay.  Simply uncheck this box to turn it off.
0
 
LVL 2

Expert Comment

by:mwareman
ID: 9792409
I've seen *many* exchange servers apparently allowing relay even when restrictions arein place - and in most cases either:-

1)
0
 
LVL 2

Expert Comment

by:mwareman
ID: 9792410
I've seen *many* exchange servers apparently allowing relay even when restrictions arein place - and in most cases either:-

1)
0
 
LVL 2

Expert Comment

by:mwareman
ID: 9792411
I've seen *many* exchange servers apparently allowing relay even when restrictions arein place - and in most cases either:-

1)
0
 
LVL 2

Expert Comment

by:mwareman
ID: 9792412
I've seen *many* exchange servers apparently allowing relay even when restrictions arein place - and in most cases either:-

1)
0
 
LVL 2

Expert Comment

by:mwareman
ID: 9792440
Oops..  sorry..

1)  The local Guest account was enabled - allowing any credentials to successfully authenticate (therefore allowing them to relay)

or

2)  A compromized local account on the box (in one case a domain account, but this machine was a member of the domain).

Check the local accounts on the box - reset passwords and ensure guest is disabled.

Generally, I've been able to pin the issue down to a previous infection by Code Red (the IIS worm) - one of it payloads (in some versions) is enabling the guest account..

Michael.
0
 

Expert Comment

by:fdavari
ID: 10566523
Best thing to do is to set up a LINUX sendmail server as the smarthost to your exchange server.  If the sendmail is configured properly, it will pass all the mail-abuse.org tests.  You don't need any fansy hardware a regular PC PII or PIII with 8 gig H/D and 128Meg Ram will do.
0
 
LVL 35

Accepted Solution

by:
Bembi earned 750 total points
ID: 10797546
czntrouble:
Is your problem solved now? Would be nice, if you would close the question then.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question