pasands
asked on
Exchange 2003 Mail Queues....Not Open Relay
I have tested and re-tested my Exchange Server for Open Relay....Everything I have checked says my Server is secure. If that is the case, Then how do my mail queues keep filling up with junk mail from other domains ????
I have over 1000 Queues, one to AOL with 18000 messages in it, and I have no idea how they got there or where they came from.
Any help would be greatly appreciated.
Parry Sands
I have over 1000 Queues, one to AOL with 18000 messages in it, and I have no idea how they got there or where they came from.
Any help would be greatly appreciated.
Parry Sands
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I went to the website, and followed the steps for checking my server. Everything appears to be closed to relay, all of the tests from the Web, and using telnet responded with ...Unable to Relay....as they were supposed to... I went through and checked all of my settings as well, and they look ok. I deleted the queues, and watched it until about 1 this morning, and it looked ok, but when I checked this morning, the queues we again over 200, and the event logs we filling up as well.
Here are some samples of what I am getting in the Application Log. There are literally hundreds in there, but this appears to be a good sample..
This is an SMTP protocol error log for virtual server ID 1, connection #1. The remote host "207.115.57.16", responded to the SMTP command "rcpt" with "553 5.3.0 <may2254@swbell.net>... Addressee unknown, relay=[My IP Address] ". The full command sent was "RCPT TO:<may2254@swbell.net> ". This will probably cause the connection to fail
A non-delivery report with a status code of 5.3.0 was generated for recipient rfc822;may2254@swbell.net (Message-ID <LANTZfogkJXrRjbDt3H000000
Causes: Exchange mistakenly attempted mail delivery to an incorrect MTA route.
For more information, click http://www.microsoft.com/contentredirect.asp.
Solution: Check your route and topology; use the winroute tool to ensure the routes are properly replicated between servers and routing groups.
This is an SMTP protocol error log for virtual server ID 1, connection #2. The remote host "207.218.192.49", responded to the SMTP command "rcpt" with "550 unknown user <debvanatta@ev1.net> ". The full command sent was "RCPT TO:<debvanatta@ev1.net> ". This will probably cause the connection to fail.
This is an SMTP protocol error log for virtual server ID 1, connection #3. The remote host "208.45.133.107", responded to the SMTP command "rcpt" with "550 <pattyjgvox@excite.com>: Recipient address rejected: User unknown in virtual alias table ". The full command sent was "RCPT TO:<pattyjgvox@excite.com>
A non-delivery report with a status code of 5.3.0 was generated for recipient rfc822;cangy@swbell.net (Message-ID <LANTZIkyPzGNsokLQ8a000000
Causes: Exchange mistakenly attempted mail delivery to an incorrect MTA route.
For more information, click http://www.microsoft.com/contentredirect.asp.
Solution: Check your route and topology; use the winroute tool to ensure the routes are properly replicated between servers and routing groups.
This is an SMTP protocol error log for virtual server ID 1, connection #7. The remote host "207.69.200.82", responded to the SMTP command "rcpt" with "550 sfcl494811@mindspring.com.
This is an SMTP protocol warning log for virtual server ID 1, connection #19. The remote host "208.36.123.55", responded to the SMTP command "rcpt" with "450 <sapidlest@att.net>: No thank you rejected: Domain not found ". The full command sent was "RCPT TO:<jaldal1060@mailcity.co
Here are some samples of what I am getting in the Application Log. There are literally hundreds in there, but this appears to be a good sample..
This is an SMTP protocol error log for virtual server ID 1, connection #1. The remote host "207.115.57.16", responded to the SMTP command "rcpt" with "553 5.3.0 <may2254@swbell.net>... Addressee unknown, relay=[My IP Address] ". The full command sent was "RCPT TO:<may2254@swbell.net> ". This will probably cause the connection to fail
A non-delivery report with a status code of 5.3.0 was generated for recipient rfc822;may2254@swbell.net (Message-ID <LANTZfogkJXrRjbDt3H000000
Causes: Exchange mistakenly attempted mail delivery to an incorrect MTA route.
For more information, click http://www.microsoft.com/contentredirect.asp.
Solution: Check your route and topology; use the winroute tool to ensure the routes are properly replicated between servers and routing groups.
This is an SMTP protocol error log for virtual server ID 1, connection #2. The remote host "207.218.192.49", responded to the SMTP command "rcpt" with "550 unknown user <debvanatta@ev1.net> ". The full command sent was "RCPT TO:<debvanatta@ev1.net> ". This will probably cause the connection to fail.
This is an SMTP protocol error log for virtual server ID 1, connection #3. The remote host "208.45.133.107", responded to the SMTP command "rcpt" with "550 <pattyjgvox@excite.com>: Recipient address rejected: User unknown in virtual alias table ". The full command sent was "RCPT TO:<pattyjgvox@excite.com>
A non-delivery report with a status code of 5.3.0 was generated for recipient rfc822;cangy@swbell.net (Message-ID <LANTZIkyPzGNsokLQ8a000000
Causes: Exchange mistakenly attempted mail delivery to an incorrect MTA route.
For more information, click http://www.microsoft.com/contentredirect.asp.
Solution: Check your route and topology; use the winroute tool to ensure the routes are properly replicated between servers and routing groups.
This is an SMTP protocol error log for virtual server ID 1, connection #7. The remote host "207.69.200.82", responded to the SMTP command "rcpt" with "550 sfcl494811@mindspring.com.
This is an SMTP protocol warning log for virtual server ID 1, connection #19. The remote host "208.36.123.55", responded to the SMTP command "rcpt" with "450 <sapidlest@att.net>: No thank you rejected: Domain not found ". The full command sent was "RCPT TO:<jaldal1060@mailcity.co
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I turned on logging per the doc on your website...spam-cleanup.htm
Are there more options I need to turn on ?
I looked at the link in the last post for filtering..I logged into the server and checked, and I do have it configured like that..
Not real sure how and where to turn on the logging for message tracking, or smpt logging....
I do have remote users relaying ( authenticated ) through this server froma remote office, so i have to leave that option on.
Are there more options I need to turn on ?
I looked at the link in the last post for filtering..I logged into the server and checked, and I do have it configured like that..
Not real sure how and where to turn on the logging for message tracking, or smpt logging....
I do have remote users relaying ( authenticated ) through this server froma remote office, so i have to leave that option on.
SMTP logging...
ESM, Admin Groups, <your admin group>, Servers, <your server>, Protocols, SMTP. Right click on <default SMTP virtual server> and choose Properties. SMTP logging is on the first tab. You will need to run it for a little while. Check the properties of the logging to ensure that username is being logged as well.
This is starting to look like authenticated user, but you need to find which account it is, or ask all of your users to change passwords. This will have to include the administrator account and any test or dormant accounts that you may have.
Simon.
ESM, Admin Groups, <your admin group>, Servers, <your server>, Protocols, SMTP. Right click on <default SMTP virtual server> and choose Properties. SMTP logging is on the first tab. You will need to run it for a little while. Check the properties of the logging to ensure that username is being logged as well.
This is starting to look like authenticated user, but you need to find which account it is, or ask all of your users to change passwords. This will have to include the administrator account and any test or dormant accounts that you may have.
Simon.
ASKER
Here is a cut from the SMTP Logging:
2004-11-03 20:44:29 219.133.133.63 techniques LANTZ 192.168.10.10 0 0 2078 SMTP - - - -
2004-11-03 20:44:31 219.133.133.63 techniques LANTZ 192.168.10.10 0 0 0 SMTP - - - -
2004-11-03 20:44:31 200.121.144.252 creamer LANTZ 192.168.10.10 0 0 0 SMTP - - - -
2004-11-03 20:44:32 219.133.133.63 techniques LANTZ 192.168.10.10 0 0 0 SMTP - - - -
2004-11-03 20:44:33 200.121.144.252 creamer LANTZ 192.168.10.10 0 0 0 SMTP - - - -
2004-11-03 20:44:33 204.127.134.23 OutboundConnectionResponse
2004-11-03 20:44:33 204.127.134.23 OutboundConnectionCommand LANTZ - 25 0 5203 SMTP - - - -
2004-11-03 20:44:35 219.133.133.63 techniques LANTZ 192.168.10.10 0 0 2094 SMTP - - - -
2004-11-03 20:44:36 219.133.133.63 techniques LANTZ 192.168.10.10 0 0 0 SMTP - - - -
2004-11-03 20:44:36 65.32.1.52 OutboundConnectionResponse
2004-11-03 20:44:36 65.32.1.52 OutboundConnectionCommand LANTZ - 25 0 80516 SMTP - - - -
2004-11-03 20:44:36 65.32.1.52 OutboundConnectionResponse
2004-11-03 20:44:36 65.32.1.52 OutboundConnectionCommand LANTZ - 25 0 80578 SMTP - - - -
2004-11-03 20:44:37 219.133.133.63 techniques LANTZ 192.168.10.10 0 0 0 SMTP - - - -
2004-11-03 20:44:39 64.12.138.57 OutboundConnectionResponse
2004-11-03 20:44:39 64.12.138.57 OutboundConnectionCommand LANTZ - 25 0 161844 SMTP - - - -
2004-11-03 20:44:39 64.12.138.57 OutboundConnectionResponse
2004-11-03 20:44:39 64.12.138.57 OutboundConnectionCommand LANTZ - 25 0 161937 SMTP - - - -
2004-11-03 20:44:39 64.12.138.57 OutboundConnectionResponse
2004-11-03 20:44:39 64.12.138.57 OutboundConnectionCommand LANTZ - 25 0 161969 SMTP - - - -
2004-11-03 20:44:39 64.12.138.57 OutboundConnectionResponse
2004-11-03 20:44:39 64.12.138.57 OutboundConnectionCommand LANTZ - 25 0 162000 SMTP - - - -
2004-11-03 20:44:39 64.12.138.57 OutboundConnectionResponse
2004-11-03 20:44:40 219.133.133.63 techniques LANTZ 192.168.10.10 0 0 2171 SMTP - - - -
2004-11-03 20:44:40 216.148.227.126 OutboundConnectionResponse
2004-11-03 20:44:40 216.148.227.126 OutboundConnectionCommand LANTZ - 25 0 125 SMTP - - - -
2004-11-03 20:44:40 200.121.144.252 creamer LANTZ 192.168.10.10 0 0 3328 SMTP - - - -
2004-11-03 20:44:40 65.32.1.52 OutboundConnectionResponse
2004-11-03 20:44:40 65.32.1.52 OutboundConnectionCommand LANTZ - 25 0 84719 SMTP - - - -
2004-11-03 20:44:40 216.148.227.126 OutboundConnectionResponse
2004-11-03 20:44:40 216.148.227.126 OutboundConnectionCommand LANTZ - 25 0 343 SMTP - - - -
2004-11-03 20:44:42 219.133.133.63 techniques LANTZ 192.168.10.10 0 0 0 SMTP - - - -
2004-11-03 20:44:42 219.133.133.63 techniques LANTZ 192.168.10.10 0 0 0 SMTP - - - -
2004-11-03 20:44:43 200.121.144.252 creamer LANTZ 192.168.10.10 0 0 0 SMTP - - - -
2004-11-03 20:44:45 200.121.144.252 creamer LANTZ 192.168.10.10 0 0 0 SMTP - - - -
2004-11-03 20:44:45 65.32.1.52 OutboundConnectionResponse
2004-11-03 20:44:45 65.32.1.52 OutboundConnectionCommand LANTZ - 25 0 89000 SMTP - - - -
2004-11-03 20:44:45 65.32.1.52 OutboundConnectionResponse
2004-11-03 20:44:46 219.133.133.63 techniques LANTZ 192.168.10.10 0 0 2437 SMTP - - - -
2004-11-03 20:44:46 216.148.227.126 OutboundConnectionResponse
2004-11-03 20:44:46 216.148.227.126 OutboundConnectionCommand LANTZ - 25 0 5703 SMTP - - - -
2004-11-03 20:44:47 65.32.1.52 OutboundConnectionResponse
2004-11-03 20:44:47 65.32.1.52 OutboundConnectionCommand LANTZ - 25 0 91328 SMTP - - - -
2004-11-03 20:44:47 219.133.133.63 techniques LANTZ 192.168.10.10 0 0 0 SMTP - - - -
2004-11-03 20:44:29 219.133.133.63 techniques LANTZ 192.168.10.10 0 0 2078 SMTP - - - -
2004-11-03 20:44:31 219.133.133.63 techniques LANTZ 192.168.10.10 0 0 0 SMTP - - - -
2004-11-03 20:44:31 200.121.144.252 creamer LANTZ 192.168.10.10 0 0 0 SMTP - - - -
2004-11-03 20:44:32 219.133.133.63 techniques LANTZ 192.168.10.10 0 0 0 SMTP - - - -
2004-11-03 20:44:33 200.121.144.252 creamer LANTZ 192.168.10.10 0 0 0 SMTP - - - -
2004-11-03 20:44:33 204.127.134.23 OutboundConnectionResponse
2004-11-03 20:44:33 204.127.134.23 OutboundConnectionCommand LANTZ - 25 0 5203 SMTP - - - -
2004-11-03 20:44:35 219.133.133.63 techniques LANTZ 192.168.10.10 0 0 2094 SMTP - - - -
2004-11-03 20:44:36 219.133.133.63 techniques LANTZ 192.168.10.10 0 0 0 SMTP - - - -
2004-11-03 20:44:36 65.32.1.52 OutboundConnectionResponse
2004-11-03 20:44:36 65.32.1.52 OutboundConnectionCommand LANTZ - 25 0 80516 SMTP - - - -
2004-11-03 20:44:36 65.32.1.52 OutboundConnectionResponse
2004-11-03 20:44:36 65.32.1.52 OutboundConnectionCommand LANTZ - 25 0 80578 SMTP - - - -
2004-11-03 20:44:37 219.133.133.63 techniques LANTZ 192.168.10.10 0 0 0 SMTP - - - -
2004-11-03 20:44:39 64.12.138.57 OutboundConnectionResponse
2004-11-03 20:44:39 64.12.138.57 OutboundConnectionCommand LANTZ - 25 0 161844 SMTP - - - -
2004-11-03 20:44:39 64.12.138.57 OutboundConnectionResponse
2004-11-03 20:44:39 64.12.138.57 OutboundConnectionCommand LANTZ - 25 0 161937 SMTP - - - -
2004-11-03 20:44:39 64.12.138.57 OutboundConnectionResponse
2004-11-03 20:44:39 64.12.138.57 OutboundConnectionCommand LANTZ - 25 0 161969 SMTP - - - -
2004-11-03 20:44:39 64.12.138.57 OutboundConnectionResponse
2004-11-03 20:44:39 64.12.138.57 OutboundConnectionCommand LANTZ - 25 0 162000 SMTP - - - -
2004-11-03 20:44:39 64.12.138.57 OutboundConnectionResponse
2004-11-03 20:44:40 219.133.133.63 techniques LANTZ 192.168.10.10 0 0 2171 SMTP - - - -
2004-11-03 20:44:40 216.148.227.126 OutboundConnectionResponse
2004-11-03 20:44:40 216.148.227.126 OutboundConnectionCommand LANTZ - 25 0 125 SMTP - - - -
2004-11-03 20:44:40 200.121.144.252 creamer LANTZ 192.168.10.10 0 0 3328 SMTP - - - -
2004-11-03 20:44:40 65.32.1.52 OutboundConnectionResponse
2004-11-03 20:44:40 65.32.1.52 OutboundConnectionCommand LANTZ - 25 0 84719 SMTP - - - -
2004-11-03 20:44:40 216.148.227.126 OutboundConnectionResponse
2004-11-03 20:44:40 216.148.227.126 OutboundConnectionCommand LANTZ - 25 0 343 SMTP - - - -
2004-11-03 20:44:42 219.133.133.63 techniques LANTZ 192.168.10.10 0 0 0 SMTP - - - -
2004-11-03 20:44:42 219.133.133.63 techniques LANTZ 192.168.10.10 0 0 0 SMTP - - - -
2004-11-03 20:44:43 200.121.144.252 creamer LANTZ 192.168.10.10 0 0 0 SMTP - - - -
2004-11-03 20:44:45 200.121.144.252 creamer LANTZ 192.168.10.10 0 0 0 SMTP - - - -
2004-11-03 20:44:45 65.32.1.52 OutboundConnectionResponse
2004-11-03 20:44:45 65.32.1.52 OutboundConnectionCommand LANTZ - 25 0 89000 SMTP - - - -
2004-11-03 20:44:45 65.32.1.52 OutboundConnectionResponse
2004-11-03 20:44:46 219.133.133.63 techniques LANTZ 192.168.10.10 0 0 2437 SMTP - - - -
2004-11-03 20:44:46 216.148.227.126 OutboundConnectionResponse
2004-11-03 20:44:46 216.148.227.126 OutboundConnectionCommand LANTZ - 25 0 5703 SMTP - - - -
2004-11-03 20:44:47 65.32.1.52 OutboundConnectionResponse
2004-11-03 20:44:47 65.32.1.52 OutboundConnectionCommand LANTZ - 25 0 91328 SMTP - - - -
2004-11-03 20:44:47 219.133.133.63 techniques LANTZ 192.168.10.10 0 0 0 SMTP - - - -
ASKER
Here is an additional cut from the log after I added some of the advanced logging options:
2004-11-03 21:09:53 64.12.138.57 OutboundConnectionResponse
2004-11-03 21:09:53 64.12.138.57 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 DATA - - 0 0 4 0 348782 SMTP - - - -
2004-11-03 21:09:53 64.12.138.57 OutboundConnectionResponse
2004-11-03 21:09:55 208.45.133.107 OutboundConnectionResponse
2004-11-03 21:09:55 208.45.133.107 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 RSET - - 0 0 4 0 2562 SMTP - - - -
2004-11-03 21:09:57 200.121.211.252 hypocrites SMTPSVC1 LANTZ 192.168.10.10 0 MAIL - +FROM:+<thalliumbertie@t-o
2004-11-03 21:09:59 209.112.183.93 OutboundConnectionResponse
2004-11-03 21:09:59 209.112.183.93 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 HELO - lantzquest.com 0 0 4 0 3125 SMTP - - - -
2004-11-03 21:09:59 209.112.183.93 OutboundConnectionResponse
2004-11-03 21:09:59 209.112.183.93 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 MAIL - FROM:<evolutionsidiosyncra
2004-11-03 21:09:59 209.112.183.93 OutboundConnectionResponse
2004-11-03 21:09:59 209.112.183.93 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 RCPT - TO:<jamiea@ptialaska.net> 0 0 4 0 4000 SMTP - - - -
2004-11-03 21:10:00 209.112.183.93 OutboundConnectionResponse
2004-11-03 21:10:00 209.112.183.93 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 RSET - - 0 0 4 0 4375 SMTP - - - -
2004-11-03 21:10:00 209.112.183.93 OutboundConnectionResponse
2004-11-03 21:10:00 209.112.183.93 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 QUIT - - 0 0 4 0 4735 SMTP - - - -
2004-11-03 21:10:00 200.121.217.114 potlatch SMTPSVC1 LANTZ 192.168.10.10 0 DATA - <LANTZxfE9oh46YiufL000000f
2004-11-03 21:10:00 200.121.211.252 hypocrites SMTPSVC1 LANTZ 192.168.10.10 0 RCPT - +TO:<mainer820@yahoo.com> 250 0 32 29 0 SMTP - - - -
2004-11-03 21:10:00 209.112.183.93 OutboundConnectionResponse
2004-11-03 21:10:01 200.121.217.114 potlatch SMTPSVC1 LANTZ 192.168.10.10 0 MAIL - +FROM:+<courageouslysayers
2004-11-03 21:10:01 200.121.217.114 potlatch SMTPSVC1 LANTZ 192.168.10.10 0 RCPT - +TO:<vinaykumawat@yahoo.co
2004-11-03 21:09:53 64.12.138.57 OutboundConnectionResponse
2004-11-03 21:09:53 64.12.138.57 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 DATA - - 0 0 4 0 348782 SMTP - - - -
2004-11-03 21:09:53 64.12.138.57 OutboundConnectionResponse
2004-11-03 21:09:55 208.45.133.107 OutboundConnectionResponse
2004-11-03 21:09:55 208.45.133.107 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 RSET - - 0 0 4 0 2562 SMTP - - - -
2004-11-03 21:09:57 200.121.211.252 hypocrites SMTPSVC1 LANTZ 192.168.10.10 0 MAIL - +FROM:+<thalliumbertie@t-o
2004-11-03 21:09:59 209.112.183.93 OutboundConnectionResponse
2004-11-03 21:09:59 209.112.183.93 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 HELO - lantzquest.com 0 0 4 0 3125 SMTP - - - -
2004-11-03 21:09:59 209.112.183.93 OutboundConnectionResponse
2004-11-03 21:09:59 209.112.183.93 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 MAIL - FROM:<evolutionsidiosyncra
2004-11-03 21:09:59 209.112.183.93 OutboundConnectionResponse
2004-11-03 21:09:59 209.112.183.93 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 RCPT - TO:<jamiea@ptialaska.net> 0 0 4 0 4000 SMTP - - - -
2004-11-03 21:10:00 209.112.183.93 OutboundConnectionResponse
2004-11-03 21:10:00 209.112.183.93 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 RSET - - 0 0 4 0 4375 SMTP - - - -
2004-11-03 21:10:00 209.112.183.93 OutboundConnectionResponse
2004-11-03 21:10:00 209.112.183.93 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 QUIT - - 0 0 4 0 4735 SMTP - - - -
2004-11-03 21:10:00 200.121.217.114 potlatch SMTPSVC1 LANTZ 192.168.10.10 0 DATA - <LANTZxfE9oh46YiufL000000f
2004-11-03 21:10:00 200.121.211.252 hypocrites SMTPSVC1 LANTZ 192.168.10.10 0 RCPT - +TO:<mainer820@yahoo.com> 250 0 32 29 0 SMTP - - - -
2004-11-03 21:10:00 209.112.183.93 OutboundConnectionResponse
2004-11-03 21:10:01 200.121.217.114 potlatch SMTPSVC1 LANTZ 192.168.10.10 0 MAIL - +FROM:+<courageouslysayers
2004-11-03 21:10:01 200.121.217.114 potlatch SMTPSVC1 LANTZ 192.168.10.10 0 RCPT - +TO:<vinaykumawat@yahoo.co
Difficult to tell as I don't know what usernames you have on your site.
You have said that you have users on another site sending email via your server. Which IP address is that? Can you filter those out? If you have already, please state. I can take a guess which they are, but you need to confirm.
Simon.
You have said that you have users on another site sending email via your server. Which IP address is that? Can you filter those out? If you have already, please state. I can take a guess which they are, but you need to confirm.
Simon.
ASKER
I don't see any of my users in here. I have 2 remote users, ( Usernames Rita and Jeff ) All of the users that use outlook locally to the server are 1st initial + lastname, and I don't see any of them either....Everything listed here is completely unknown to me.
Parry
Parry
What are these addresses?
209.112.183.93
64.12.138.57
200.121.211.252
Have you already filtered out your local IP addresses, the IP of the other site and anything related to your ISP? If not, do so, it is very difficult to read through the log as I don't know what is valid for your site or not - only you know that.
Simon.
209.112.183.93
64.12.138.57
200.121.211.252
Have you already filtered out your local IP addresses, the IP of the other site and anything related to your ISP? If not, do so, it is very difficult to read through the log as I don't know what is valid for your site or not - only you know that.
Simon.
ASKER
None of these are mine....anything that belongs to me would be 204.95.254.xxx or 209.43.90.xxx and I don't see any of those in there. Just the private address of 192.168.10.x is the only thing I recognize.
Parry
Parry
Do you mind summerising where we are with this? I have re-read the question, but I thought it would be clear for my own mind.
1. Is filtering turned on to remove unknown users? Both bits (filter and enable filter on the virtual server).
2. What is the position regarding the relaying settings on the SMTP virtual server? IP addresses or anything else listed?
3. Are these messages continuing to come in? If so, if you disable relaying completely (ie disable authenticated users as well) do they stop? Need to verify that these aren't coming from inside.
Simon.
1. Is filtering turned on to remove unknown users? Both bits (filter and enable filter on the virtual server).
2. What is the position regarding the relaying settings on the SMTP virtual server? IP addresses or anything else listed?
3. Are these messages continuing to come in? If so, if you disable relaying completely (ie disable authenticated users as well) do they stop? Need to verify that these aren't coming from inside.
Simon.
ASKER
1. Filtering is enabled in both places...checked and double checked..
2. Only the list below is checked, and the list is empty....
The messages are still coming in...
3. I am going to disable relay for authenticated users now, and then log some more...I will post those results later...
Parry
2. Only the list below is checked, and the list is empty....
The messages are still coming in...
3. I am going to disable relay for authenticated users now, and then log some more...I will post those results later...
Parry
ASKER
I disabled relaying completely, including authenticated users......I then turned on logging....and I am still getting the same thing.....here is a cut from the log:
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2004-11-04 02:16:41
#Fields: date time c-ip cs-username s-sitename s-computername s-ip s-port cs-method cs-uri-stem cs-uri-query sc-status sc-win32-status sc-bytes cs-bytes time-taken cs-version cs-host cs(User-Agent) cs(Cookie) cs(Referer)
2004-11-04 02:16:41 65.126.9.75 OutboundConnectionResponse
2004-11-04 02:16:41 65.126.9.75 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 QUIT - - 0 0 4 0 141 SMTP - - - -
2004-11-04 02:16:41 205.158.62.33 OutboundConnectionResponse
2004-11-04 02:16:41 205.158.62.33 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 HELO - lantzquest.com 0 0 4 0 250 SMTP - - - -
2004-11-04 02:16:41 205.158.62.33 OutboundConnectionResponse
2004-11-04 02:16:41 205.158.62.33 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 MAIL - FROM:<croftblair@excite.co
2004-11-04 02:16:41 205.158.62.33 OutboundConnectionResponse
2004-11-04 02:16:41 205.158.62.33 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 RCPT - TO:<asibasara98@mail.com> 0 0 4 0 406 SMTP - - - -
2004-11-04 02:16:43 205.158.62.33 OutboundConnectionResponse
2004-11-04 02:16:43 205.158.62.33 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 RSET - - 0 0 4 0 1641 SMTP - - - -
2004-11-04 02:16:43 205.158.62.33 OutboundConnectionResponse
2004-11-04 02:16:43 205.158.62.33 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 RSET - - 0 0 4 0 1750 SMTP - - - -
2004-11-04 02:16:43 205.158.62.33 OutboundConnectionResponse
2004-11-04 02:16:43 205.158.62.33 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 MAIL - FROM:<mechanistahmadabad@w
2004-11-04 02:16:43 205.158.62.33 OutboundConnectionResponse
2004-11-04 02:16:43 205.158.62.33 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 RCPT - TO:<asibasode@mail.com> 0 0 4 0 1891 SMTP - - - -
2004-11-04 02:16:44 205.158.62.33 OutboundConnectionResponse
2004-11-04 02:16:44 205.158.62.33 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 RSET - - 0 0 4 0 2984 SMTP - - - -
2004-11-04 02:16:44 205.158.62.33 OutboundConnectionResponse
2004-11-04 02:16:44 205.158.62.33 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 RSET - - 0 0 4 0 3062 SMTP - - - -
2004-11-04 02:16:44 205.158.62.33 OutboundConnectionResponse
2004-11-04 02:16:44 205.158.62.33 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 MAIL - FROM:<postconditionevapora
2004-11-04 02:16:44 205.158.62.33 OutboundConnectionResponse
2004-11-04 02:16:44 205.158.62.33 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 RCPT - TO:<asibathetic@mail.com> 0 0 4 0 3219 SMTP - - - -
2004-11-04 02:16:46 205.158.62.33 OutboundConnectionResponse
2004-11-04 02:16:46 205.158.62.33 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 RSET - - 0 0 4 0 4312 SMTP - - - -
2004-11-04 02:16:46 205.158.62.33 OutboundConnectionResponse
2004-11-04 02:16:46 205.158.62.33 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 QUIT - - 0 0 4 0 4422 SMTP - - - -
2004-11-04 02:16:46 205.158.62.33 OutboundConnectionResponse
2004-11-04 02:17:05 211.150.124.34 209.43.90.134 SMTPSVC1 LANTZ 192.168.10.10 0 HELO - +209.43.90.134 250 0 43 18 0 SMTP - - - -
2004-11-04 02:17:05 211.150.124.34 209.43.90.134 SMTPSVC1 LANTZ 192.168.10.10 0 MAIL - +FROM:+<7suggestible@arrem
2004-11-04 02:17:05 211.150.124.34 209.43.90.134 SMTPSVC1 LANTZ 192.168.10.10 0 RCPT - +TO:+<info@lantzquest.com>
2004-11-04 02:17:10 211.150.124.34 209.43.90.134 SMTPSVC1 LANTZ 192.168.10.10 0 DATA - <LANTZqd6pnOLq3XWsTZ00001b
2004-11-04 02:17:12 211.150.124.34 209.43.90.134 SMTPSVC1 LANTZ 192.168.10.10 0 QUIT - 209.43.90.134 240 9640 63 4 0 SMTP - - - -
2004-11-04 02:17:51 220.163.26.33 209.43.90.134 SMTPSVC1 LANTZ 192.168.10.10 0 HELO - +209.43.90.134 250 0 42 18 0 SMTP - - - -
2004-11-04 02:17:52 220.163.26.33 209.43.90.134 SMTPSVC1 LANTZ 192.168.10.10 0 MAIL - +FROM:+<qhillclrg@justicem
2004-11-04 02:17:53 220.163.26.33 209.43.90.134 SMTPSVC1 LANTZ 192.168.10.10 0 RCPT - +TO:+<mike@lantzquest.com>
2004-11-04 02:17:58 220.163.26.33 209.43.90.134 SMTPSVC1 LANTZ 192.168.10.10 0 DATA - +<ORGGVSUBQKBWHBVDNGRYNCUE
2004-11-04 02:17:59 220.163.26.33 209.43.90.134 SMTPSVC1 LANTZ 192.168.10.10 0 QUIT - 209.43.90.134 240 11891 63 4 0 SMTP - - - -
2004-11-04 02:18:02 65.32.1.52 OutboundConnectionResponse
2004-11-04 02:18:02 65.32.1.52 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 HELO - lantzquest.com 0 0 4 0 95828 SMTP - - - -
2004-11-04 02:18:02 65.32.1.52 OutboundConnectionResponse
2004-11-04 02:18:02 65.32.1.52 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 MAIL - FROM:<explosivelyblackfeet
2004-11-04 02:18:02 65.32.1.52 OutboundConnectionResponse
2004-11-04 02:18:02 65.32.1.52 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 RCPT - TO:<darline124@cfl.rr.com>
2004-11-04 02:18:02 65.32.1.52 OutboundConnectionResponse
2004-11-04 02:18:02 65.32.1.52 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 DATA - - 0 0 4 0 96203 SMTP - - - -
2004-11-04 02:18:02 65.32.1.52 OutboundConnectionResponse
2004-11-04 02:18:04 65.32.1.52 OutboundConnectionResponse
2004-11-04 02:18:04 65.32.1.52 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 QUIT - - 0 0 4 0 98078 SMTP - - - -
2004-11-04 02:18:04 65.32.1.52 OutboundConnectionResponse
2004-11-04 02:18:07 24.221.37.181 OutboundConnectionResponse
2004-11-04 02:18:07 24.221.37.181 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 HELO - lantzquest.com 0 0 4 0 156 SMTP - - - -
2004-11-04 02:18:07 24.221.37.181 OutboundConnectionResponse
2004-11-04 02:18:07 24.221.37.181 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 MAIL - FROM:<5thexciting@ntlworld
2004-11-04 02:18:07 24.221.37.181 OutboundConnectionResponse
2004-11-04 02:18:07 24.221.37.181 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 RCPT - TO:<ntumlin@speedchoice.co
2004-11-04 02:18:07 24.221.37.181 OutboundConnectionResponse
2004-11-04 02:18:07 24.221.37.181 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 DATA - - 0 0 4 0 359 SMTP - - - -
2004-11-04 02:18:07 24.221.37.181 OutboundConnectionResponse
2004-11-04 02:18:09 24.221.37.181 OutboundConnectionResponse
2004-11-04 02:18:09 24.221.37.181 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 QUIT - - 0 0 4 0 1843 SMTP - - - -
2004-11-04 02:18:09 24.221.37.181 OutboundConnectionResponse
2004-11-04 02:19:01 24.159.180.149 myl-c-24-159-180-149.chart
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2004-11-04 02:16:41
#Fields: date time c-ip cs-username s-sitename s-computername s-ip s-port cs-method cs-uri-stem cs-uri-query sc-status sc-win32-status sc-bytes cs-bytes time-taken cs-version cs-host cs(User-Agent) cs(Cookie) cs(Referer)
2004-11-04 02:16:41 65.126.9.75 OutboundConnectionResponse
2004-11-04 02:16:41 65.126.9.75 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 QUIT - - 0 0 4 0 141 SMTP - - - -
2004-11-04 02:16:41 205.158.62.33 OutboundConnectionResponse
2004-11-04 02:16:41 205.158.62.33 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 HELO - lantzquest.com 0 0 4 0 250 SMTP - - - -
2004-11-04 02:16:41 205.158.62.33 OutboundConnectionResponse
2004-11-04 02:16:41 205.158.62.33 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 MAIL - FROM:<croftblair@excite.co
2004-11-04 02:16:41 205.158.62.33 OutboundConnectionResponse
2004-11-04 02:16:41 205.158.62.33 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 RCPT - TO:<asibasara98@mail.com> 0 0 4 0 406 SMTP - - - -
2004-11-04 02:16:43 205.158.62.33 OutboundConnectionResponse
2004-11-04 02:16:43 205.158.62.33 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 RSET - - 0 0 4 0 1641 SMTP - - - -
2004-11-04 02:16:43 205.158.62.33 OutboundConnectionResponse
2004-11-04 02:16:43 205.158.62.33 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 RSET - - 0 0 4 0 1750 SMTP - - - -
2004-11-04 02:16:43 205.158.62.33 OutboundConnectionResponse
2004-11-04 02:16:43 205.158.62.33 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 MAIL - FROM:<mechanistahmadabad@w
2004-11-04 02:16:43 205.158.62.33 OutboundConnectionResponse
2004-11-04 02:16:43 205.158.62.33 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 RCPT - TO:<asibasode@mail.com> 0 0 4 0 1891 SMTP - - - -
2004-11-04 02:16:44 205.158.62.33 OutboundConnectionResponse
2004-11-04 02:16:44 205.158.62.33 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 RSET - - 0 0 4 0 2984 SMTP - - - -
2004-11-04 02:16:44 205.158.62.33 OutboundConnectionResponse
2004-11-04 02:16:44 205.158.62.33 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 RSET - - 0 0 4 0 3062 SMTP - - - -
2004-11-04 02:16:44 205.158.62.33 OutboundConnectionResponse
2004-11-04 02:16:44 205.158.62.33 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 MAIL - FROM:<postconditionevapora
2004-11-04 02:16:44 205.158.62.33 OutboundConnectionResponse
2004-11-04 02:16:44 205.158.62.33 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 RCPT - TO:<asibathetic@mail.com> 0 0 4 0 3219 SMTP - - - -
2004-11-04 02:16:46 205.158.62.33 OutboundConnectionResponse
2004-11-04 02:16:46 205.158.62.33 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 RSET - - 0 0 4 0 4312 SMTP - - - -
2004-11-04 02:16:46 205.158.62.33 OutboundConnectionResponse
2004-11-04 02:16:46 205.158.62.33 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 QUIT - - 0 0 4 0 4422 SMTP - - - -
2004-11-04 02:16:46 205.158.62.33 OutboundConnectionResponse
2004-11-04 02:17:05 211.150.124.34 209.43.90.134 SMTPSVC1 LANTZ 192.168.10.10 0 HELO - +209.43.90.134 250 0 43 18 0 SMTP - - - -
2004-11-04 02:17:05 211.150.124.34 209.43.90.134 SMTPSVC1 LANTZ 192.168.10.10 0 MAIL - +FROM:+<7suggestible@arrem
2004-11-04 02:17:05 211.150.124.34 209.43.90.134 SMTPSVC1 LANTZ 192.168.10.10 0 RCPT - +TO:+<info@lantzquest.com>
2004-11-04 02:17:10 211.150.124.34 209.43.90.134 SMTPSVC1 LANTZ 192.168.10.10 0 DATA - <LANTZqd6pnOLq3XWsTZ00001b
2004-11-04 02:17:12 211.150.124.34 209.43.90.134 SMTPSVC1 LANTZ 192.168.10.10 0 QUIT - 209.43.90.134 240 9640 63 4 0 SMTP - - - -
2004-11-04 02:17:51 220.163.26.33 209.43.90.134 SMTPSVC1 LANTZ 192.168.10.10 0 HELO - +209.43.90.134 250 0 42 18 0 SMTP - - - -
2004-11-04 02:17:52 220.163.26.33 209.43.90.134 SMTPSVC1 LANTZ 192.168.10.10 0 MAIL - +FROM:+<qhillclrg@justicem
2004-11-04 02:17:53 220.163.26.33 209.43.90.134 SMTPSVC1 LANTZ 192.168.10.10 0 RCPT - +TO:+<mike@lantzquest.com>
2004-11-04 02:17:58 220.163.26.33 209.43.90.134 SMTPSVC1 LANTZ 192.168.10.10 0 DATA - +<ORGGVSUBQKBWHBVDNGRYNCUE
2004-11-04 02:17:59 220.163.26.33 209.43.90.134 SMTPSVC1 LANTZ 192.168.10.10 0 QUIT - 209.43.90.134 240 11891 63 4 0 SMTP - - - -
2004-11-04 02:18:02 65.32.1.52 OutboundConnectionResponse
2004-11-04 02:18:02 65.32.1.52 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 HELO - lantzquest.com 0 0 4 0 95828 SMTP - - - -
2004-11-04 02:18:02 65.32.1.52 OutboundConnectionResponse
2004-11-04 02:18:02 65.32.1.52 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 MAIL - FROM:<explosivelyblackfeet
2004-11-04 02:18:02 65.32.1.52 OutboundConnectionResponse
2004-11-04 02:18:02 65.32.1.52 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 RCPT - TO:<darline124@cfl.rr.com>
2004-11-04 02:18:02 65.32.1.52 OutboundConnectionResponse
2004-11-04 02:18:02 65.32.1.52 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 DATA - - 0 0 4 0 96203 SMTP - - - -
2004-11-04 02:18:02 65.32.1.52 OutboundConnectionResponse
2004-11-04 02:18:04 65.32.1.52 OutboundConnectionResponse
2004-11-04 02:18:04 65.32.1.52 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 QUIT - - 0 0 4 0 98078 SMTP - - - -
2004-11-04 02:18:04 65.32.1.52 OutboundConnectionResponse
2004-11-04 02:18:07 24.221.37.181 OutboundConnectionResponse
2004-11-04 02:18:07 24.221.37.181 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 HELO - lantzquest.com 0 0 4 0 156 SMTP - - - -
2004-11-04 02:18:07 24.221.37.181 OutboundConnectionResponse
2004-11-04 02:18:07 24.221.37.181 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 MAIL - FROM:<5thexciting@ntlworld
2004-11-04 02:18:07 24.221.37.181 OutboundConnectionResponse
2004-11-04 02:18:07 24.221.37.181 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 RCPT - TO:<ntumlin@speedchoice.co
2004-11-04 02:18:07 24.221.37.181 OutboundConnectionResponse
2004-11-04 02:18:07 24.221.37.181 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 DATA - - 0 0 4 0 359 SMTP - - - -
2004-11-04 02:18:07 24.221.37.181 OutboundConnectionResponse
2004-11-04 02:18:09 24.221.37.181 OutboundConnectionResponse
2004-11-04 02:18:09 24.221.37.181 OutboundConnectionCommand SMTPSVC1 LANTZ - 25 QUIT - - 0 0 4 0 1843 SMTP - - - -
2004-11-04 02:18:09 24.221.37.181 OutboundConnectionResponse
2004-11-04 02:19:01 24.159.180.149 myl-c-24-159-180-149.chart
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes, that is the domain....I flushed them late last night, and the night before, and they keep filling back up..
Right now, there are 140 Queues....and a few thousand messages....
I am stumped right now.....
Right now, there are 140 Queues....and a few thousand messages....
I am stumped right now.....
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Nothing seemed to fix the problem. I don't know if it is something with the install, or what, but none of the suggestions worked. Most of them I already had in place during the initial install, but it never hurts to double check just in case.
Ultimately, here is what I have done to this point, and it seems to be working really well. In Exchange System Manager, I went to Servers, ( Pick The Server ), Protocols, SMTP, Default Virt. Server.....Properties, then the Access Tab....and then the connection buton.
From here the All Except the List Below should be selected....
Then I went through all of my Logs, and collected IP Addresses of all incoming connections....If I thought they were shady, I looked them up at Arin...If they were from Overseas I added them to the list....Usually the whole net block, not just the actual IP....Currently I have a list that is 20 entries or so long, but it appears to be making all of the difference in the world....
Thanks to all who helped...
Parry
Ultimately, here is what I have done to this point, and it seems to be working really well. In Exchange System Manager, I went to Servers, ( Pick The Server ), Protocols, SMTP, Default Virt. Server.....Properties, then the Access Tab....and then the connection buton.
From here the All Except the List Below should be selected....
Then I went through all of my Logs, and collected IP Addresses of all incoming connections....If I thought they were shady, I looked them up at Arin...If they were from Overseas I added them to the list....Usually the whole net block, not just the actual IP....Currently I have a list that is 20 entries or so long, but it appears to be making all of the difference in the world....
Thanks to all who helped...
Parry
Simon.