[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 222
  • Last Modified:

Exchange 2003 re-enabling incoming email after being used as a mail relay for spamers.

We  have a 2003 small business server that was used in a mail relay spam attack. I did at least the following to disable mail relaying.
- I deleted the internet smtp conection
- changed the admin password
- disabled the security for anomyous and everyone
- turned off IUSR and IWAM accounts

Now I think I have re-enabled all of those
I created a new SMTP connector and unchecked mail relaying.

I am currently able to send mail but not able to recive mail, and when I go to dnsstuff.com I get the following error: this is the right ip address for our exchange server.

tdmconsulting.com. - 71.16.73.108  [Could not connect: Got an unknown MAIL FROM response: 454 5.7.3 Client does not have permission to submit mail to this server.

What I am thinking is happening is I disabled anonomus connections to the server in one of 100 possible locations, please give me some ideas of where to look, to open the server back up.

0
tigercomputers
Asked:
tigercomputers
  • 4
  • 3
1 Solution
 
tigermattCommented:
I can't see any issues connection wise, I can manually connect to port 25 of your server with its IP address 71.16.73.108 or tdmconsulting.com. This works fine and I receive your SMTP banner:

However, both my tests and DNS Stuff.com say that you have no MX records defined. A mail server should try to connect on port 25 to the IP of your A record, but that doesn't mean to say every mail server will. I suggest you get an MX record configured on tdmconsulting.com to point towards, say mail.tdmconsulting.com, with the mail subdomain having an A record to your IP address. It sounds pointless, I know, but it would be worthwhile.
0
 
tigermattCommented:
Hmm, just re-read the question and noticed your Mail From response. Is this through a manual test in telnet or a response from say Yahoo or some other email provider who you've tried to send a mail to tdmconsulting.com through?

-tigermatt
0
 
tigercomputersAuthor Commented:
Just did a test at http://mxtoolbox.com 
I am not reciving any incomming email at all from the outside world.
nick@tdmconsulting.com is my address, it doesn't error out from gmail but it never shows up in my email box. and checkign the server incoming logs I don't see it either

MAIL FROM: <test@mxtoolbox.com>
454 5.7.3 Client does not have permission to submit mail to this server. [62 ms]
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
tigercomputersAuthor Commented:
I re- added the mx record.
0
 
tigercomputersAuthor Commented:
DNSReport.

Mail FAIL Connect to mail servers ERROR: I could not complete a connection to any of your mailservers!

tdmconsulting.com: Timed out [Last data sent: MAIL FROM: ]

If this is a timeout problem, note that the DNSreport only waits about 40 seconds for responses, so your mail *may* work fine in this case but you will need to use testing tools specifically designed for such situations to be certain.
0
 
tigercomputersAuthor Commented:
How to Configure a Virtual SMTP server
Opposite is a diagram to help you navigate to the various Virtual Servers folders.  Once you have found your Exchange 2003 server object, expand the Protocols folder.  Each protocol has its own Virtual server.  SMTP for MAPI clients (Outlook), HTTP is for OWA (Outlook Web Access).

We are most interested in the Default SMTP Virtual Server.  As its name suggests, this is the container where you check settings for regular SMTP mail.  (See this SMTP server object at the very bottom of the screen shot.)
http://www.computerperformance.co.uk/exchange2003/exchange2003_virtual_servers.htm

found it... couldn't figure out where I unchecked anonomus access
0
 
tigermattCommented:
Ah well, all seems well now! MX records seem fine.

You may want to ask CS to edit your post above and remove the email address so the spiders don't index it and it doesn't get harvested by spammers!

:-)

-tigermatt
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now