Solved

Exchange Enterprise 2003 (THOUSANDS OF NDR'S OPEN RELAY SPAM IP BANNED FEELING GUILTY)

Posted on 2004-04-05
10
1,647 Views
Last Modified: 2007-12-19
Gday all, I will try and explain my problems !! Here goes I set up Server 2003 Ent with Exchange 2003 Ent in December 2003.
I host email and website  accounts on approx 6 domains and my own domain. all is working well after a few minor setup problems. I Have read lots of bulletins on all the problems to do with NDR'S and Open Relay problems I am getting thousands of NDR'S and have done a few tests with sites recommended for open relay tests and they come back saying that yes I have an open relay problem !! to add injury to insult I got an email saying I had been banned by some mob in the UK cause I sent spam.
 I dont send spam I get spam. Ok here is my proposal, can someone for 500 points help me go through my setup to make sure that everything is set up correctly as I don't like the idea of possibly something that I have done or not done causing a problem to anyone, I just want my server to tick away and not give me indigestion and heartburn. The setup is virtually std with no frills as I did not know enough to change anything from the default settings. But after reading all these articles I started tweaking and then pannic set in, so here I am. I would like a simple and well tried solution if that is possible? Tell me what you need and I will supply all the relevant info you require. Regards Bosso (Feelling Guilty for been branded a spammer)
0
Comment
Question by:JohnBosich
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 20

Expert Comment

by:What90
ID: 10762657
Hi JohnBosich,


Try following these through:

This one shows you how to see if you are a relay:
http://support.microsoft.com/default.aspx?kbid=324958&product=sbserv2003


these show how to lock up the SMTP:
http://support.microsoft.com/default.aspx?kbid=310380
www.petri.co.il/ preventing_exchange_2000_2003_from_relaying.htm

Nice little touch for extra security:
http://blogs.msdn.com/dlemson/archive/2003/10/17/52019.aspx

0
 

Author Comment

by:JohnBosich
ID: 10762824
A non-delivery report with a status code of 4.0.0 was generated for recipient rfc822;10@uol.com.br (Message-ID <MY-SERVER35SKE0001b764@MYSERVER-server.server.MYDOMAIM.com.au>).

A non-delivery report with a status code of 4.0.0 was generated for recipient rfc822;beckydedora@xnet.com (Message-ID <MYSERVER-SERVERCvoXM0001b44a@MYSERVER-server.server.MYDOMAIN>).


I am still getting these NDRS they have slowed but there is still to many ?????

Regards Bosso.

0
 
LVL 20

Accepted Solution

by:
What90 earned 500 total points
ID: 10762898
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 

Author Comment

by:JohnBosich
ID: 10766307
I Get This error now when I try to send email via web mail. what have I done ???
The following recipient(s) could not be reached:
I still receive Emails OK.

  xxxxxx@xxxxxx.com.au on 06/04/2004 10:07 PM
  There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.
  <MYSERVER#5.5.0 smtp;554 mail server permanently rejected message (#5.3.0)>
0
 
LVL 3

Expert Comment

by:hcoltrain
ID: 10768579
Have you checked you SMTP log files and searched for that specific session. It may give you more information.
0
 
LVL 20

Expert Comment

by:What90
ID: 10770578
I looks like you've block all relaying from the SMTP outgoing.  Check the smtp connector and see what settings are there.
Then re-check the guides aboves to help resolve your problem.
0
 

Author Comment

by:JohnBosich
ID: 10771333
Ok The above issue has been resolved I think it was delegation problem as my domain had expired for a couple of hours.

After doing this
Determine Whether an Authenticated User is Relaying
I get this, is this good or bad ???

This is an SMTP protocol warning log for virtual server ID 1, connection #66. The remote host "203.93.172.4", responded to the SMTP command "rcpt" with "450 <ludi@tianjin.cngb.com>: User unknown in local recipient table  ". The full command sent was "RCPT TO:<ludi@tianjin.cngb.com>  ".  This may cause the connection to fail.

This is an SMTP protocol warning log for virtual server ID 1, connection #65. The remote host "216.203.248.178", responded to the SMTP command "rcpt" with "450 <abdala@sovietski.com>: User unknown in local recipient table  ". The full command sent was "RCPT TO:<abdala@sovietski.com>  ".  This may cause the connection to fail.

his is an SMTP protocol warning log for virtual server ID 1, connection #32. The remote host "211.218.150.164", responded to the SMTP command "mail" with "451 4.5.4 Host name is not match with your ip, Please Visit at http://realip.naver.com/heloinfo.html.  ". The full command sent was "MAIL FROM:<testimonytend@optonline.net> SIZE=1196  ".  This may cause the connection to fail.

and numerous others.


0
 

Author Comment

by:JohnBosich
ID: 10771467
I am going to leave things as they are for the next 24 hours and let the delegation kick in and sort itself out then I will start tweaking again thanks for all the help to date What90.
0
 
LVL 20

Expert Comment

by:What90
ID: 10771562
That's good as those users don't exist on your system and the message is bounced!
0
 

Author Comment

by:JohnBosich
ID: 10834861
Thanks for your help What90 it all seems to have settled down very few NDR'S now maybe one per hour I think I may have been spammed or spoofed or whatever they call it.

Regards John Bosich
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question