JohnBosich
asked on
Exchange Enterprise 2003 (THOUSANDS OF NDR'S OPEN RELAY SPAM IP BANNED FEELING GUILTY)
Gday all, I will try and explain my problems !! Here goes I set up Server 2003 Ent with Exchange 2003 Ent in December 2003.
I host email and website accounts on approx 6 domains and my own domain. all is working well after a few minor setup problems. I Have read lots of bulletins on all the problems to do with NDR'S and Open Relay problems I am getting thousands of NDR'S and have done a few tests with sites recommended for open relay tests and they come back saying that yes I have an open relay problem !! to add injury to insult I got an email saying I had been banned by some mob in the UK cause I sent spam.
I dont send spam I get spam. Ok here is my proposal, can someone for 500 points help me go through my setup to make sure that everything is set up correctly as I don't like the idea of possibly something that I have done or not done causing a problem to anyone, I just want my server to tick away and not give me indigestion and heartburn. The setup is virtually std with no frills as I did not know enough to change anything from the default settings. But after reading all these articles I started tweaking and then pannic set in, so here I am. I would like a simple and well tried solution if that is possible? Tell me what you need and I will supply all the relevant info you require. Regards Bosso (Feelling Guilty for been branded a spammer)
I host email and website accounts on approx 6 domains and my own domain. all is working well after a few minor setup problems. I Have read lots of bulletins on all the problems to do with NDR'S and Open Relay problems I am getting thousands of NDR'S and have done a few tests with sites recommended for open relay tests and they come back saying that yes I have an open relay problem !! to add injury to insult I got an email saying I had been banned by some mob in the UK cause I sent spam.
I dont send spam I get spam. Ok here is my proposal, can someone for 500 points help me go through my setup to make sure that everything is set up correctly as I don't like the idea of possibly something that I have done or not done causing a problem to anyone, I just want my server to tick away and not give me indigestion and heartburn. The setup is virtually std with no frills as I did not know enough to change anything from the default settings. But after reading all these articles I started tweaking and then pannic set in, so here I am. I would like a simple and well tried solution if that is possible? Tell me what you need and I will supply all the relevant info you require. Regards Bosso (Feelling Guilty for been branded a spammer)
ASKER
A non-delivery report with a status code of 4.0.0 was generated for recipient rfc822;10@uol.com.br (Message-ID <MY-SERVER35SKE0001b764@MY
A non-delivery report with a status code of 4.0.0 was generated for recipient rfc822;beckydedora@xnet.co
I am still getting these NDRS they have slowed but there is still to many ?????
Regards Bosso.
A non-delivery report with a status code of 4.0.0 was generated for recipient rfc822;beckydedora@xnet.co
I am still getting these NDRS they have slowed but there is still to many ?????
Regards Bosso.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I Get This error now when I try to send email via web mail. what have I done ???
The following recipient(s) could not be reached:
I still receive Emails OK.
xxxxxx@xxxxxx.com.au on 06/04/2004 10:07 PM
There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.
<MYSERVER#5.5.0 smtp;554 mail server permanently rejected message (#5.3.0)>
The following recipient(s) could not be reached:
I still receive Emails OK.
xxxxxx@xxxxxx.com.au on 06/04/2004 10:07 PM
There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.
<MYSERVER#5.5.0 smtp;554 mail server permanently rejected message (#5.3.0)>
Have you checked you SMTP log files and searched for that specific session. It may give you more information.
I looks like you've block all relaying from the SMTP outgoing. Check the smtp connector and see what settings are there.
Then re-check the guides aboves to help resolve your problem.
Then re-check the guides aboves to help resolve your problem.
ASKER
Ok The above issue has been resolved I think it was delegation problem as my domain had expired for a couple of hours.
After doing this
Determine Whether an Authenticated User is Relaying
I get this, is this good or bad ???
This is an SMTP protocol warning log for virtual server ID 1, connection #66. The remote host "203.93.172.4", responded to the SMTP command "rcpt" with "450 <ludi@tianjin.cngb.com>: User unknown in local recipient table ". The full command sent was "RCPT TO:<ludi@tianjin.cngb.com>
This is an SMTP protocol warning log for virtual server ID 1, connection #65. The remote host "216.203.248.178", responded to the SMTP command "rcpt" with "450 <abdala@sovietski.com>: User unknown in local recipient table ". The full command sent was "RCPT TO:<abdala@sovietski.com> ". This may cause the connection to fail.
his is an SMTP protocol warning log for virtual server ID 1, connection #32. The remote host "211.218.150.164", responded to the SMTP command "mail" with "451 4.5.4 Host name is not match with your ip, Please Visit at http://realip.naver.com/heloinfo.html. ". The full command sent was "MAIL FROM:<testimonytend@optonl
and numerous others.
After doing this
Determine Whether an Authenticated User is Relaying
I get this, is this good or bad ???
This is an SMTP protocol warning log for virtual server ID 1, connection #66. The remote host "203.93.172.4", responded to the SMTP command "rcpt" with "450 <ludi@tianjin.cngb.com>: User unknown in local recipient table ". The full command sent was "RCPT TO:<ludi@tianjin.cngb.com>
This is an SMTP protocol warning log for virtual server ID 1, connection #65. The remote host "216.203.248.178", responded to the SMTP command "rcpt" with "450 <abdala@sovietski.com>: User unknown in local recipient table ". The full command sent was "RCPT TO:<abdala@sovietski.com> ". This may cause the connection to fail.
his is an SMTP protocol warning log for virtual server ID 1, connection #32. The remote host "211.218.150.164", responded to the SMTP command "mail" with "451 4.5.4 Host name is not match with your ip, Please Visit at http://realip.naver.com/heloinfo.html. ". The full command sent was "MAIL FROM:<testimonytend@optonl
and numerous others.
ASKER
I am going to leave things as they are for the next 24 hours and let the delegation kick in and sort itself out then I will start tweaking again thanks for all the help to date What90.
That's good as those users don't exist on your system and the message is bounced!
ASKER
Thanks for your help What90 it all seems to have settled down very few NDR'S now maybe one per hour I think I may have been spammed or spoofed or whatever they call it.
Regards John Bosich
Regards John Bosich
Try following these through:
This one shows you how to see if you are a relay:
http://support.microsoft.com/default.aspx?kbid=324958&product=sbserv2003
these show how to lock up the SMTP:
http://support.microsoft.com/default.aspx?kbid=310380
www.petri.co.il/ preventing_exchange_2000_2
Nice little touch for extra security:
http://blogs.msdn.com/dlemson/archive/2003/10/17/52019.aspx