Solved

SMTP Connector Full of Spam!

Posted on 2004-10-22
1,899 Views
Last Modified: 2008-01-09
HEy EVeryone,

I am having another issue with a client running SBS Server 2000 with Exchange 2000. The SMTP connector is sending out spam like crazy, and I cant find where it is coming from! I figured it was a reverse NDR attack, but I have turned off NDR's a month ago. I have tested the Port 25 to make sure it is not an open relay, which it is not. I have ran every Anti Virus solution out there. Anyideas where this is coming from? Here is a bit of the SMTP logging that I have captured.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

004-10-22 17:37:50 65.248.18.232 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 45 0 79 SMTP - - - -
2004-10-22 17:37:50 65.248.18.232 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 EHLO 0 0 4 0 125 SMTP - - - -
2004-10-22 17:37:50 65.248.18.232 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 20 0 219 SMTP - - - -
2004-10-22 17:37:50 65.248.18.232 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 MAIL 0 0 4 0 219 SMTP - - - -
2004-10-22 17:37:50 65.248.18.232 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 6 0 297 SMTP - - - -
2004-10-22 17:37:50 65.248.18.232 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 RCPT 0 0 4 0 297 SMTP - - - -
2004-10-22 17:37:51 65.248.18.232 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 99 0 1485 SMTP - - - -
2004-10-22 17:37:51 65.248.18.232 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 RSET 0 0 4 0 1485 SMTP - - - -
2004-10-22 17:37:51 65.248.18.232 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 6 0 1579 SMTP - - - -
2004-10-22 17:37:51 65.248.18.232 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 QUIT 0 0 4 0 1579 SMTP - - - -
2004-10-22 17:37:51 65.248.18.232 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 7 0 1657 SMTP - -
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Any ideas on what this may be??? I am not sure how to decipher the SMTP logs! TIA...Chris
0
Question by:gqchris
    12 Comments
     
    LVL 10

    Assisted Solution

    by:munichpostman
    Do you have virus scanners on your Exchange Server?

    0
     
    LVL 10

    Expert Comment

    by:munichpostman
    Sorry I see you have Antivirus software on your system.

    Can you post more information from your SMTP Log?

    Are all the ndrs going to the same addresses?
    0
     
    LVL 10

    Expert Comment

    by:munichpostman
    On the SMTP Virtual Server properties, click on the connection tab. Have you restricted access to the server to the ipaddresses of your smart host and your internal exchange servers?
    0
     

    Author Comment

    by:gqchris
    Here is some more of the log!

    004-10-22 18:58:36 66.17.206.80 post3.hotshoppingdirect.com SMTPSVC1 CAELWYN01 208.57.69.164 0 HELO 250 0 48 32 0 SMTP - - - -
    2004-10-22 18:58:36 66.17.206.80 post3.hotshoppingdirect.com SMTPSVC1 CAELWYN01 208.57.69.164 0 MAIL 250 0 53 40 0 SMTP - - - -
    2004-10-22 18:58:36 66.17.206.80 post3.hotshoppingdirect.com SMTPSVC1 CAELWYN01 208.57.69.164 0 RCPT 250 0 30 27 0 SMTP - - - -
    2004-10-22 18:58:36 66.17.206.80 post3.hotshoppingdirect.com SMTPSVC1 CAELWYN01 208.57.69.164 0 DATA 250 0 83 4139 328 SMTP - - - -
    2004-10-22 18:58:36 66.17.206.80 post3.hotshoppingdirect.com SMTPSVC1 CAELWYN01 208.57.69.164 0 QUIT 240 719 70 4 0 SMTP - - - -
    2004-10-22 18:58:51 211.41.82.122 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 31 0 453 SMTP - - - -
    2004-10-22 18:58:51 211.41.82.122 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 EHLO 0 0 4 0 453 SMTP - - - -
    2004-10-22 18:58:51 211.41.82.122 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 65 0 906 SMTP - - - -
    2004-10-22 18:58:52 211.41.82.122 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 20 0 1562 SMTP - - - -
    2004-10-22 18:58:52 211.41.82.122 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 MAIL 0 0 4 0 1562 SMTP - - - -
    2004-10-22 18:58:52 211.41.82.122 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 199 0 2078 SMTP - - - -
    2004-10-22 18:58:53 211.41.82.119 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 31 0 484 SMTP - - - -
    2004-10-22 18:58:53 211.41.82.119 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 EHLO 0 0 4 0 484 SMTP - - - -
    2004-10-22 18:58:53 211.41.82.119 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 65 0 984 SMTP - - - -
    2004-10-22 18:58:54 211.41.82.119 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 20 0 1625 SMTP - - - -
    2004-10-22 18:58:54 211.41.82.119 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 MAIL 0 0 4 0 1625 SMTP - - - -
    2004-10-22 18:58:54 211.41.82.119 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 199 0 2109 SMTP - - - -
    2004-10-22 18:58:56 211.41.82.118 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 31 0 485 SMTP - - - -
    2004-10-22 18:58:56 211.41.82.118 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 EHLO 0 0 4 0 485 SMTP - - - -
    2004-10-22 18:58:56 211.41.82.118 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 65 0 969 SMTP - - - -
    2004-10-22 18:58:57 211.41.82.118 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 20 0 1563 SMTP - - - -
    2004-10-22 18:58:57 211.41.82.118 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 MAIL 0 0 4 0 1563 SMTP - - - -
    2004-10-22 18:58:57 211.41.82.118 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 199 0 1985 SMTP - - - -
    2004-10-22 18:58:58 211.41.82.121 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 31 0 390 SMTP - - - -
    2004-10-22 18:58:58 211.41.82.121 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 EHLO 0 0 4 0 390 SMTP - - - -
    2004-10-22 18:58:58 211.41.82.121 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 65 0 781 SMTP - - - -
    2004-10-22 18:58:58 211.41.82.121 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 20 0 1359 SMTP - - - -
    2004-10-22 18:58:58 211.41.82.121 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 MAIL 0 0 4 0 1359 SMTP - - - -
    2004-10-22 18:59:00 211.41.82.121 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 199 0 1843 SMTP - - - -
    2004-10-22 18:59:00 211.41.82.123 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 31 0 454 SMTP - - - -
    2004-10-22 18:59:00 211.41.82.123 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 EHLO 0 0 4 0 454 SMTP - - - -
    2004-10-22 18:59:01 211.41.82.123 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 65 0 922 SMTP - - - -
    2004-10-22 18:59:01 211.41.82.123 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 20 0 1516 SMTP - - - -
    2004-10-22 18:59:01 211.41.82.123 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 MAIL 0 0 4 0 1516 SMTP - - - -
    2004-10-22 18:59:02 211.41.82.123 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 199 0 2016 SMTP - - - -
    2004-10-22 18:59:02 211.41.82.120 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 31 0 406 SMTP - - - -
    2004-10-22 18:59:02 211.41.82.120 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 EHLO 0 0 4 0 406 SMTP - - - -
    2004-10-22 18:59:03 211.41.82.120 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 65 0 828 SMTP - - - -
    2004-10-22 18:59:03 211.41.82.120 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 20 0 1453 SMTP - - - -
    2004-10-22 18:59:03 211.41.82.120 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 MAIL 0 0 4 0 1453 SMTP - - - -
    2004-10-22 18:59:04 211.41.82.120 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 199 0 1922 SMTP - - - -
    2004-10-22 18:59:04 211.41.82.124 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 31 0 468 SMTP - - - -
    2004-10-22 18:59:04 211.41.82.124 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 EHLO 0 0 4 0 468 SMTP - - - -
    2004-10-22 18:59:06 211.41.82.124 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 65 0 937 SMTP - - - -
    2004-10-22 18:59:06 211.41.82.124 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 20 0 1609 SMTP - - - -
    2004-10-22 18:59:06 211.41.82.124 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 MAIL 0 0 4 0 1609 SMTP - - - -
    2004-10-22 18:59:07 211.41.82.124 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 199 0 2109 SMTP - - - -
    2004-10-22 18:59:07 211.41.82.124 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 QUIT 0 0 4 0 2109 SMTP - - - -
    2004-10-22 18:59:08 193.249.135.93 netcentral.com.au SMTPSVC1 CAELWYN01 208.57.69.164 0 HELO 250 0 50 22 0 SMTP - - - -
    2004-10-22 18:59:19 193.249.135.93 netcentral.com.au SMTPSVC1 CAELWYN01 208.57.69.164 0 MAIL 250 0 53 41 0 SMTP - - - -
    2004-10-22 18:59:37 193.249.135.93 netcentral.com.au SMTPSVC1 CAELWYN01 208.57.69.164 0 RCPT 250 0 30 28 0 SMTP - - - -
    2004-10-22 18:59:55 193.249.135.93 netcentral.com.au SMTPSVC1 CAELWYN01 208.57.69.164 0 DATA 250 0 134 1016 12594 SMTP - - - -
    2004-10-22 19:00:00 193.249.135.93 netcentral.com.au SMTPSVC1 CAELWYN01 208.57.69.164 0 QUIT 240 56891 70 4 0 SMTP - - - -
    2004-10-22 19:00:12 24.61.118.80 h0050da2be85b.ne.client2.attbi.com SMTPSVC1 CAELWYN01 208.57.69.164 0 HELO 250 0 48 39 0 SMTP - - - -
    2004-10-22 19:00:15 206.190.38.82 web50506.mail.yahoo.com SMTPSVC1 CAELWYN01 208.57.69.164 0 HELO 250 0 49 28 0 SMTP - - - -
    2004-10-22 19:00:15 206.190.38.82 web50506.mail.yahoo.com SMTPSVC1 CAELWYN01 208.57.69.164 0 MAIL 250 0 46 33 0 SMTP - - - -
    2004-10-22 19:00:15 206.190.38.82 web50506.mail.yahoo.com SMTPSVC1 CAELWYN01 208.57.69.164 0 RCPT 250 0 33 30 0 SMTP - - - -
    2004-10-22 19:00:15 24.61.118.80 h0050da2be85b.ne.client2.attbi.com SMTPSVC1 CAELWYN01 208.57.69.164 0 MAIL 250 0 41 29 0 SMTP - - - -
    2004-10-22 19:00:15 206.190.38.82 web50506.mail.yahoo.com SMTPSVC1 CAELWYN01 208.57.69.164 0 DATA 250 0 136 1717 563 SMTP - - - -
    2004-10-22 19:00:15 206.190.38.82 web50506.mail.yahoo.com SMTPSVC1 CAELWYN01 208.57.69.164 0 QUIT 240 1062 70 4 0 SMTP - - - -
    2004-10-22 19:00:16 24.61.118.80 h0050da2be85b.ne.client2.attbi.com SMTPSVC1 CAELWYN01 208.57.69.164 0 RCPT 250 0 30 28 0 SMTP - - - -
    2004-10-22 19:00:21 24.61.118.80 h0050da2be85b.ne.client2.attbi.com SMTPSVC1 CAELWYN01 208.57.69.164 0 DATA 250 0 117 1011 3937 SMTP - - - -
    2004-10-22 19:00:21 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 EHLO 250 0 323 13 0 SMTP - - - -
    2004-10-22 19:00:24 24.61.118.80 h0050da2be85b.ne.client2.attbi.com SMTPSVC1 CAELWYN01 208.57.69.164 0 QUIT 240 12922 70 4 0 SMTP - - - -
    2004-10-22 19:00:32 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 MAIL 250 0 52 40 0 SMTP - - - -
    2004-10-22 19:00:34 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 RCPT 250 0 33 30 0 SMTP - - - -
    2004-10-22 19:00:38 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 DATA 250 0 134 497 2797 SMTP - - - -
    2004-10-22 19:00:39 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 MAIL 250 0 56 44 16 SMTP - - - -
    2004-10-22 19:00:41 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 RCPT 250 0 29 26 0 SMTP - - - -
    2004-10-22 19:00:41 64.164.98.53 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 100 0 187 SMTP - - - -
    2004-10-22 19:00:41 64.164.98.53 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 EHLO 0 0 4 0 187 SMTP - - - -
    2004-10-22 19:00:41 64.164.98.53 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 101 0 234 SMTP - - - -
    2004-10-22 19:00:41 64.164.98.53 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 MAIL 0 0 4 0 234 SMTP - - - -
    2004-10-22 19:00:41 64.164.98.53 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 52 0 312 SMTP - - - -
    2004-10-22 19:00:41 64.164.98.53 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 RCPT 0 0 4 0 312 SMTP - - - -
    2004-10-22 19:00:42 64.164.98.53 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 76 0 468 SMTP - - - -
    2004-10-22 19:00:42 64.164.98.53 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 RSET 0 0 4 0 468 SMTP - - - -
    2004-10-22 19:00:42 64.164.98.53 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 21 0 515 SMTP - - - -
    2004-10-22 19:00:42 64.164.98.53 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 QUIT 0 0 4 0 750 SMTP - - - -
    2004-10-22 19:00:42 64.164.98.53 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 46 0 781 SMTP - - - -
    2004-10-22 19:00:48 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 DATA 250 0 134 462 4562 SMTP - - - -
    2004-10-22 19:00:48 205.188.156.185 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 82 0 109 SMTP - - - -
    2004-10-22 19:00:48 205.188.156.185 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 EHLO 0 0 4 0 109 SMTP - - - -
    2004-10-22 19:00:48 205.188.156.185 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 60 0 203 SMTP - - - -
    2004-10-22 19:00:48 205.188.156.185 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 MAIL 0 0 4 0 203 SMTP - - - -
    2004-10-22 19:00:48 205.188.156.185 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 6 0 312 SMTP - - - -
    2004-10-22 19:00:48 205.188.156.185 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 RCPT 0 0 4 0 312 SMTP - - - -
    2004-10-22 19:00:48 205.188.156.185 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 6 0 406 SMTP - - - -
    2004-10-22 19:00:48 205.188.156.185 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 DATA 0 0 4 0 406 SMTP - - - -
    2004-10-22 19:00:48 205.188.156.185 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 54 0 500 SMTP - - - -
    2004-10-22 19:00:48 205.188.156.185 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 6 0 640 SMTP - - - -
    2004-10-22 19:00:48 205.188.156.185 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 QUIT 0 0 4 0 671 SMTP - - - -
    2004-10-22 19:00:49 205.188.156.185 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 27 0 781 SMTP - - - -
    2004-10-22 19:00:52 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 MAIL 250 0 54 42 0 SMTP - - - -
    2004-10-22 19:00:53 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 RCPT 250 0 27 24 0 SMTP - - - -
    2004-10-22 19:00:59 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 DATA 250 0 134 462 4609 SMTP - - - -
    2004-10-22 19:00:59 12.102.240.23 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 64 0 94 SMTP - - - -
    2004-10-22 19:00:59 12.102.240.23 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 EHLO 0 0 4 0 94 SMTP - - - -
    2004-10-22 19:00:59 12.102.240.23 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 20 0 188 SMTP - - - -
    2004-10-22 19:00:59 12.102.240.23 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 MAIL 0 0 4 0 188 SMTP - - - -
    2004-10-22 19:00:59 12.102.240.23 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 6 0 282 SMTP - - - -
    2004-10-22 19:00:59 12.102.240.23 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 RCPT 0 0 4 0 282 SMTP - - - -
    2004-10-22 19:01:01 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 MAIL 250 0 59 47 0 SMTP - - - -
    2004-10-22 19:01:03 202.30.143.100 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 79 0 172 SMTP - - - -
    2004-10-22 19:01:03 202.30.143.100 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 EHLO 0 0 4 0 172 SMTP - - - -
    2004-10-22 19:01:03 202.30.143.100 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 42 0 344 SMTP - - - -
    2004-10-22 19:01:03 202.30.143.100 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 MAIL 0 0 4 0 344 SMTP - - - -
    2004-10-22 19:01:03 202.30.143.100 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 51 0 531 SMTP - - - -
    2004-10-22 19:01:03 202.30.143.100 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 RCPT 0 0 4 0 531 SMTP - - - -
    2004-10-22 19:01:03 202.30.143.100 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 42 0 703 SMTP - - - -
    2004-10-22 19:01:03 202.30.143.100 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 DATA 0 0 4 0 703 SMTP - - - -
    2004-10-22 19:01:03 202.30.143.100 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 46 0 875 SMTP - - - -
    2004-10-22 19:01:03 202.30.143.100 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 48 0 1078 SMTP - - - -
    2004-10-22 19:01:03 202.30.143.100 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 QUIT 0 0 4 0 1078 SMTP - - - -
    2004-10-22 19:01:04 202.30.143.100 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 65 0 1250 SMTP - - - -
    2004-10-22 19:01:08 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 RCPT 250 0 32 29 0 SMTP - - - -
    2004-10-22 19:01:10 12.102.240.23 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 20 0 10375 SMTP - - - -
    2004-10-22 19:01:10 12.102.240.23 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 RSET 0 0 4 0 10375 SMTP - - - -
    2004-10-22 19:01:10 12.102.240.23 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 6 0 10469 SMTP - - - -
    2004-10-22 19:01:10 12.102.240.23 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 QUIT 0 0 4 0 10657 SMTP - - - -
    2004-10-22 19:01:10 12.102.240.23 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 20 0 10750 SMTP - - - -
    2004-10-22 19:01:12 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 DATA 250 0 134 468 2984 SMTP - - - -
    2004-10-22 19:01:12 205.188.158.121 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 83 0 109 SMTP - - - -
    2004-10-22 19:01:12 205.188.158.121 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 EHLO 0 0 4 0 109 SMTP - - - -
    2004-10-22 19:01:12 205.188.158.121 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 60 0 218 SMTP - - - -
    2004-10-22 19:01:12 205.188.158.121 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 MAIL 0 0 4 0 218 SMTP - - - -
    2004-10-22 19:01:12 205.188.158.121 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 6 0 312 SMTP - - - -
    2004-10-22 19:01:12 205.188.158.121 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 RCPT 0 0 4 0 312 SMTP - - - -
    2004-10-22 19:01:12 205.188.158.121 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 6 0 406 SMTP - - - -
    2004-10-22 19:01:12 205.188.158.121 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 DATA 0 0 4 0 406 SMTP - - - -
    2004-10-22 19:01:12 205.188.158.121 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 54 0 515 SMTP - - - -
    2004-10-22 19:01:12 205.188.158.121 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 6 0 734 SMTP - - - -
    2004-10-22 19:01:12 205.188.158.121 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 QUIT 0 0 4 0 765 SMTP - - - -
    2004-10-22 19:01:13 205.188.158.121 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 27 0 859 SMTP - - - -
    2004-10-22 19:01:13 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 MAIL 250 0 43 31 0 SMTP - - - -
    2004-10-22 19:01:15 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 RCPT 250 0 31 28 0 SMTP - - - -
    2004-10-22 19:01:19 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 DATA 250 0 134 433 2750 SMTP - - - -
    2004-10-22 19:01:19 63.240.76.6 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 69 0 94 SMTP - - - -
    2004-10-22 19:01:19 63.240.76.6 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 EHLO 0 0 4 0 94 SMTP - - - -
    2004-10-22 19:01:19 63.240.76.6 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 25 0 297 SMTP - - - -
    2004-10-22 19:01:19 63.240.76.6 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 MAIL 0 0 4 0 297 SMTP - - - -
    2004-10-22 19:01:19 63.240.76.6 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 6 0 391 SMTP - - - -
    2004-10-22 19:01:19 63.240.76.6 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 RCPT 0 0 4 0 391 SMTP - - - -
    2004-10-22 19:01:23 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 MAIL 250 0 50 38 0 SMTP - - - -
    2004-10-22 19:01:24 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 RCPT 250 0 37 34 0 SMTP - - - -
    2004-10-22 19:01:29 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 DATA 250 0 134 440 2859 SMTP - - - -
    2004-10-22 19:01:29 69.156.240.34 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 94 0 344 SMTP - - - -
    2004-10-22 19:01:29 69.156.240.34 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 EHLO 0 0 4 0 344 SMTP - - - -
    2004-10-22 19:01:29 69.156.240.34 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 111 0 437 SMTP - - - -
    2004-10-22 19:01:29 69.156.240.34 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 MAIL 0 0 4 0 437 SMTP - - - -
    2004-10-22 19:01:29 69.156.240.34 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 50 0 562 SMTP - - - -
    2004-10-22 19:01:29 69.156.240.34 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 RCPT 0 0 4 0 562 SMTP - - - -
    2004-10-22 19:01:30 69.156.240.34 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 52 0 672 SMTP - - - -
    2004-10-22 19:01:30 69.156.240.34 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 RSET 0 0 4 0 672 SMTP - - - -
    2004-10-22 19:01:30 69.156.240.34 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 21 0 765 SMTP - - - -
    2004-10-22 19:01:30 69.156.240.34 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 QUIT 0 0 4 0 890 SMTP - - - -
    2004-10-22 19:01:30 69.156.240.34 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 56 0 984 SMTP - - - -
    2004-10-22 19:01:30 63.240.76.6 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 20 0 10484 SMTP - - - -
    2004-10-22 19:01:30 63.240.76.6 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 RSET 0 0 4 0 10484 SMTP - - - -
    2004-10-22 19:01:30 63.240.76.6 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 6 0 10563 SMTP - - - -
    2004-10-22 19:01:30 63.240.76.6 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 QUIT 0 0 4 0 10703 SMTP - - - -
    2004-10-22 19:01:30 63.240.76.6 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 25 0 10813 SMTP - - - -
    2004-10-22 19:01:32 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 MAIL 250 0 53 41 0 SMTP - - - -
    2004-10-22 19:01:34 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 RCPT 250 0 35 32 0 SMTP - - - -
    2004-10-22 19:01:47 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 DATA 250 0 134 496 8625 SMTP - - - -
    2004-10-22 19:01:47 64.12.137.89 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 82 0 110 SMTP - - - -
    2004-10-22 19:01:47 64.12.137.89 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 EHLO 0 0 4 0 110 SMTP - - - -
    2004-10-22 19:01:47 64.12.137.89 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 60 0 219 SMTP - - - -
    2004-10-22 19:01:47 64.12.137.89 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 MAIL 0 0 4 0 219 SMTP - - - -
    2004-10-22 19:01:47 64.12.137.89 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 6 0 313 SMTP - - - -
    2004-10-22 19:01:47 64.12.137.89 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 RCPT 0 0 4 0 313 SMTP - - - -
    2004-10-22 19:01:47 64.12.137.89 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 6 0 422 SMTP - - - -
    2004-10-22 19:01:47 64.12.137.89 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 DATA 0 0 4 0 422 SMTP - - - -
    2004-10-22 19:01:47 64.12.137.89 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 54 0 516 SMTP - - - -
    2004-10-22 19:01:47 64.12.137.89 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 6 0 797 SMTP - - - -
    2004-10-22 19:01:47 64.12.137.89 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 QUIT 0 0 4 0 828 SMTP - - - -
    2004-10-22 19:01:48 64.12.137.89 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 27 0 922 SMTP - - - -
    2004-10-22 19:01:48 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 MAIL 250 0 47 35 0 SMTP - - - -
    2004-10-22 19:01:50 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 RCPT 250 0 27 24 0 SMTP - - - -
    2004-10-22 19:01:55 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 DATA 250 0 134 440 3375 SMTP - - - -
    2004-10-22 19:01:55 64.12.138.152 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 82 0 110 SMTP - - - -
    2004-10-22 19:01:55 64.12.138.152 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 EHLO 0 0 4 0 110 SMTP - - - -
    2004-10-22 19:01:55 64.12.138.152 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 60 0 219 SMTP - - - -
    2004-10-22 19:01:55 64.12.138.152 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 MAIL 0 0 4 0 219 SMTP - - - -
    2004-10-22 19:01:55 64.12.138.152 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 6 0 344 SMTP - - - -
    2004-10-22 19:01:55 64.12.138.152 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 RCPT 0 0 4 0 344 SMTP - - - -
    2004-10-22 19:01:55 64.12.138.152 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 6 0 438 SMTP - - - -
    2004-10-22 19:01:55 64.12.138.152 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 DATA 0 0 4 0 438 SMTP - - - -
    2004-10-22 19:01:55 64.12.138.152 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 54 0 531 SMTP - - - -
    2004-10-22 19:01:55 64.12.138.152 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 6 0 875 SMTP - - - -
    2004-10-22 19:01:56 64.12.138.152 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 QUIT 0 0 4 0 891 SMTP - - - -
    2004-10-22 19:01:56 64.12.138.152 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 27 0 1000 SMTP - - - -
    2004-10-22 19:01:58 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 MAIL 250 0 55 43 0 SMTP - - - -
    2004-10-22 19:02:03 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 RCPT 250 0 27 24 0 SMTP - - - -
    2004-10-22 19:02:08 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 DATA 250 0 134 481 3547 SMTP - - - -
    2004-10-22 19:02:08 64.4.50.239 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 118 0 32 SMTP - - - -
    2004-10-22 19:02:08 64.4.50.239 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 EHLO 0 0 4 0 32 SMTP - - - -
    2004-10-22 19:02:08 64.4.50.239 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 60 0 63 SMTP - - - -
    2004-10-22 19:02:08 64.4.50.239 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 MAIL 0 0 4 0 63 SMTP - - - -
    2004-10-22 19:02:08 64.4.50.239 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 47 0 94 SMTP - - - -
    2004-10-22 19:02:08 64.4.50.239 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 RCPT 0 0 4 0 94 SMTP - - - -
    2004-10-22 19:02:08 64.4.50.239 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 19 0 125 SMTP - - - -
    2004-10-22 19:02:08 64.4.50.239 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 BDAT 0 0 4 0 125 SMTP - - - -
    2004-10-22 19:02:08 64.4.50.239 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 81 0 204 SMTP - - - -
    2004-10-22 19:02:08 64.4.50.239 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 QUIT 0 0 4 0 235 SMTP - - - -
    2004-10-22 19:02:08 64.4.50.239 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 -

    0
     

    Author Comment

    by:gqchris
    When I click on Connection, it is clicked on "Allow all except list below".

    What would I pointt hat to, the ip of the server?
    0
     

    Author Comment

    by:gqchris
    Ok I pointed it to the IP of the server, only allowing it to connect. Should that clear it up? And what was happening so I can prevent this next time:) Thanks for the help!!
    0
     
    LVL 10

    Expert Comment

    by:munichpostman
    You use the Connection button to specify which IP addresses your Virtual server will or will not talk to. Choose the only the list below option means that you want to allow connections from the listed servers and no one else. In my organisation we list only the Exchange 2003 systems which will connect to the Bridgehead server, and the Smarthost which connects to the Server to deliver mail from the Internet to the Exchange Organisation.

    This stops rogue application servers in your organisation, or users within your organisation connecting to your Exchange Server and using it to relay mail. It could be that someone has developed an application within your organisation that has carried out a DNS lookup for an MXrecord, found your server and was using it to incorrectly relay mails.

    Always lock down your exchange server so that only hosts which you approve connect to it.
    0
     
    LVL 104

    Accepted Solution

    by:
    What is "blustery" in the logs? Is that a username on your domain? If so, get its password changed. You might be the victim of a authenticated user relay.
    Do you have any users connecting to your server to send email via SMTP - using Outlook Express or something like that? If not then you can disable "authenticated users can relay" option as well.

    Simon.
    0
     

    Author Comment

    by:gqchris
    Hey Sembee,

    The only Outlook Express we have going is a user using his Earhlink acount to ping his personal box, otherwise we dotn use that, only Outlook. I have no idea who blustery is, and I will disable the authenticated users can relay option right now....

    Thanks..
    Chris
    0
     
    LVL 10

    Expert Comment

    by:munichpostman
    I would also turn on account auditing, then look for event ID 528. The SMTP service logs failed logons when auditing is enabled.
    0
     

    Author Comment

    by:gqchris
    Ok Guys,

    I had locked down the Connection button to only allow the server to be able to talk to the SMTP Virtual, well I realized that by doing that, no other mail can come in from the internet! So I had to unapply that so we can continue to receive mail. Do I need to use the smart host to lock the server down? How do I set that up? Not even sure what that is:) I am stumped here on how to clear the issue up. If I lock down thew connection button, no other mail servers can send mail into the organization right? When I only allow the server to talk, I cant even telent into port 25:(
    0
     
    LVL 104

    Expert Comment

    by:Sembee
    You locked it down too hard.

    On authentication on the SMTP virtual server you need to have all three options enabled - including anonymous.
    That should be it.
    On the relay restrictions, the "Only the list below" should be selected and the list should be empty. If you don't have any users sending email via SMTP from Outlook Express then you can disable authenticated user option as well.

    Under connection it should be "All except the list below" and the list below will usually be empty, unless you want to filter out specific systems from connecting to your server.

    Simon.
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Course: MongoDB Object-Document Mapper for NodeJS

    NodeJS (JavaScript on the server) is awesome, but some developers get confused about NoSQL when it comes to working in Node with MongoDB (NoSQL database). Do you need a better explanation of how to use Node.js with MongoDB? The most popular choice is the Mongoose library.

    Use email signature images to promote corporate certifications and industry awards.
    "Migrate" an SMTP relay receive connector to a new server using info from an old server.
    In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
    In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

    884 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now