Exchange Enterprise 2003 (THOUSANDS OF NDR'S OPEN RELAY SPAM IP BANNED FEELING GUILTY)

Gday all, I will try and explain my problems !! Here goes I set up Server 2003 Ent with Exchange 2003 Ent in December 2003.
I host email and website  accounts on approx 6 domains and my own domain. all is working well after a few minor setup problems. I Have read lots of bulletins on all the problems to do with NDR'S and Open Relay problems I am getting thousands of NDR'S and have done a few tests with sites recommended for open relay tests and they come back saying that yes I have an open relay problem !! to add injury to insult I got an email saying I had been banned by some mob in the UK cause I sent spam.
 I dont send spam I get spam. Ok here is my proposal, can someone for 500 points help me go through my setup to make sure that everything is set up correctly as I don't like the idea of possibly something that I have done or not done causing a problem to anyone, I just want my server to tick away and not give me indigestion and heartburn. The setup is virtually std with no frills as I did not know enough to change anything from the default settings. But after reading all these articles I started tweaking and then pannic set in, so here I am. I would like a simple and well tried solution if that is possible? Tell me what you need and I will supply all the relevant info you require. Regards Bosso (Feelling Guilty for been branded a spammer)
JohnBosichAsked:
Who is Participating?
 
What90Connect With a Mentor Commented:
0
 
What90Commented:
Hi JohnBosich,


Try following these through:

This one shows you how to see if you are a relay:
http://support.microsoft.com/default.aspx?kbid=324958&product=sbserv2003


these show how to lock up the SMTP:
http://support.microsoft.com/default.aspx?kbid=310380
www.petri.co.il/ preventing_exchange_2000_2003_from_relaying.htm

Nice little touch for extra security:
http://blogs.msdn.com/dlemson/archive/2003/10/17/52019.aspx

0
 
JohnBosichAuthor Commented:
A non-delivery report with a status code of 4.0.0 was generated for recipient rfc822;10@uol.com.br (Message-ID <MY-SERVER35SKE0001b764@MYSERVER-server.server.MYDOMAIM.com.au>).

A non-delivery report with a status code of 4.0.0 was generated for recipient rfc822;beckydedora@xnet.com (Message-ID <MYSERVER-SERVERCvoXM0001b44a@MYSERVER-server.server.MYDOMAIN>).


I am still getting these NDRS they have slowed but there is still to many ?????

Regards Bosso.

0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
JohnBosichAuthor Commented:
I Get This error now when I try to send email via web mail. what have I done ???
The following recipient(s) could not be reached:
I still receive Emails OK.

  xxxxxx@xxxxxx.com.au on 06/04/2004 10:07 PM
  There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.
  <MYSERVER#5.5.0 smtp;554 mail server permanently rejected message (#5.3.0)>
0
 
hcoltrainCommented:
Have you checked you SMTP log files and searched for that specific session. It may give you more information.
0
 
What90Commented:
I looks like you've block all relaying from the SMTP outgoing.  Check the smtp connector and see what settings are there.
Then re-check the guides aboves to help resolve your problem.
0
 
JohnBosichAuthor Commented:
Ok The above issue has been resolved I think it was delegation problem as my domain had expired for a couple of hours.

After doing this
Determine Whether an Authenticated User is Relaying
I get this, is this good or bad ???

This is an SMTP protocol warning log for virtual server ID 1, connection #66. The remote host "203.93.172.4", responded to the SMTP command "rcpt" with "450 <ludi@tianjin.cngb.com>: User unknown in local recipient table  ". The full command sent was "RCPT TO:<ludi@tianjin.cngb.com>  ".  This may cause the connection to fail.

This is an SMTP protocol warning log for virtual server ID 1, connection #65. The remote host "216.203.248.178", responded to the SMTP command "rcpt" with "450 <abdala@sovietski.com>: User unknown in local recipient table  ". The full command sent was "RCPT TO:<abdala@sovietski.com>  ".  This may cause the connection to fail.

his is an SMTP protocol warning log for virtual server ID 1, connection #32. The remote host "211.218.150.164", responded to the SMTP command "mail" with "451 4.5.4 Host name is not match with your ip, Please Visit at http://realip.naver.com/heloinfo.html.  ". The full command sent was "MAIL FROM:<testimonytend@optonline.net> SIZE=1196  ".  This may cause the connection to fail.

and numerous others.


0
 
JohnBosichAuthor Commented:
I am going to leave things as they are for the next 24 hours and let the delegation kick in and sort itself out then I will start tweaking again thanks for all the help to date What90.
0
 
What90Commented:
That's good as those users don't exist on your system and the message is bounced!
0
 
JohnBosichAuthor Commented:
Thanks for your help What90 it all seems to have settled down very few NDR'S now maybe one per hour I think I may have been spammed or spoofed or whatever they call it.

Regards John Bosich
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.