Not receiving email after NDR attack - Exchange 2003
Hi,
A server we look after was the victim of an NDR attack and / or open SMTP relay attack today. Since around 8:30am this morning, none of the recipients have been able to receive email from external sources (mail sent internally is fine). I've completed the steps explained at:-
http://support.microsoft.com/kb/886208
and
http://support.microsoft.com/kb/324958
Now, the queues no longer fill with NDR's, but it still hasn't resolved the problem where email is not being received. I'm sending emails to the recipients connected to this Server, but the emails aren't reaching their inboxes.
Any suggestions?
A server we look after was the victim of an NDR attack and / or open SMTP relay attack today. Since around 8:30am this morning, none of the recipients have been able to receive email from external sources (mail sent internally is fine). I've completed the steps explained at:-
http://support.microsoft.com/kb/886208
and
http://support.microsoft.com/kb/324958
Now, the queues no longer fill with NDR's, but it still hasn't resolved the problem where email is not being received. I'm sending emails to the recipients connected to this Server, but the emails aren't reaching their inboxes.
Any suggestions?
ASKER
I can telnet in, and email is sent OK from Exchange, so SMTP is ok - it's just incoming mail that's the issue. Internal mail is sent to the inbox, but mail sent from external sources don't reach the inbox.
ASKER
These are the results when running an SMTP check on mxtoolbox.com:-
220 exchange.<domain>.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Thu, 22 Apr 2010 17:00:16 +0100
Not an open relay.
0 seconds - Good on Connection time
0.281 seconds - Good on Transaction time
OK - <IP Address> resolves to exchange.<domain>.com
OK - Reverse DNS matches SMTP Banner
Session Transcript:
HELO please-read-policy.mxtoolb
250 exchange.<domain>.com Hello [64.20.227.133] [140 ms]
MAIL FROM: <supertool@mxtoolbox.com>
454 5.7.3 Client does not have permission to submit mail to this server. [125 ms]
220 exchange.<domain>.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Thu, 22 Apr 2010 17:00:16 +0100
Not an open relay.
0 seconds - Good on Connection time
0.281 seconds - Good on Transaction time
OK - <IP Address> resolves to exchange.<domain>.com
OK - Reverse DNS matches SMTP Banner
Session Transcript:
HELO please-read-policy.mxtoolb
250 exchange.<domain>.com Hello [64.20.227.133] [140 ms]
MAIL FROM: <supertool@mxtoolbox.com>
454 5.7.3 Client does not have permission to submit mail to this server. [125 ms]
Here is your issue...if your mail server is 64.20.227.133 it is not accepting SMTP traffic...
When I run telnet 64.20.227.133 25 fails to connect. You didn't modifiy the firewall did you?
Looks like this is Exchange 2003...is the SMTP Virtual server running? SMTP running?
Locally from a workstation can you run telnet exchangeserver 25 do you get a banner?
When I run telnet 64.20.227.133 25 fails to connect. You didn't modifiy the firewall did you?
Looks like this is Exchange 2003...is the SMTP Virtual server running? SMTP running?
Locally from a workstation can you run telnet exchangeserver 25 do you get a banner?
ASKER
I think 64.20.227.133 is mxtoolbox.com's IP address..... The Server's IP address is 213.152.36.177. I can telnet into this IP address on port 25 both locally and externally. I've not touched the firewall... I've run a port scan on the IP and this is the result:-
5 open ports:
25 smtp Success 140 ms
80 http Success 140 ms
110 pop3 Success 140 ms
143 imap Success 140 ms
389 ldap Success 140 ms
This shows that port 25 is open...
The SMTP Virtual Server and SMTP Connector's are running...
5 open ports:
25 smtp Success 140 ms
80 http Success 140 ms
110 pop3 Success 140 ms
143 imap Success 140 ms
389 ldap Success 140 ms
This shows that port 25 is open...
The SMTP Virtual Server and SMTP Connector's are running...
There we go...your connector is not set to allow Anonymous....
Exchange 2007...to set this go to Server Config --> Hub Transport --> Receive connector --> Default receive connector check box Anonoymous
Exchange 2003 --> Default SMTP Virtual Server --> Properties --> Access Tab --> Auth button...check Anonymous
Let me know what you find...
Exchange 2007...to set this go to Server Config --> Hub Transport --> Receive connector --> Default receive connector check box Anonoymous
Exchange 2003 --> Default SMTP Virtual Server --> Properties --> Access Tab --> Auth button...check Anonymous
Let me know what you find...
ASKER
Should the "Resolve anonymous e-mail" also be checked (in Exchange 2003, under "Anonymous Access")?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Works great now, thanks.
Who knows I have seen ISP turn off SMTP if they are hit with spam...