Solved

MSX 2K3 relays even thought open relays have been blocked

Posted on 2013-06-05
7
300 Views
Last Modified: 2013-06-12
I have been fighting a problem with my mail server for a couple of weeks now and need some assistance.

My MSX 2K3 server passes a 16 point open relay test, however, about once a week, I have to go to the ESM and inspect the SMTP connections.  I will see an IP that is making several concurrent connections and I get alerted from MX Toolbox that I am now a spammer.

I will go into the properties of the smtp virtual server and block that IP for incoming connections and the problems will subside until another spammer starts the process all over again.

I have trend micro WFBS 8.0 and the server passes weekly malware scans, however I am aware that if there is already an infection, the system may be ignoring the condition, thinking that "all's well".

So, other than my system having a possible infection, what else can I do?  I have followed all lockdown procedures outlined in several documents from MS and EE and it appears as if the open relay issue is not an issue...  I am now getting reported as a spamming server and this is causing a breakage in the business.

What am I missing?
0
Comment
Question by:CandSNetworking
  • 4
  • 3
7 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39222607
Have you completely disabled authenticated relaying?
Do you have any systems listed in the allow relay list on the SMTP VS in ESM?

Simon.
0
 

Author Comment

by:CandSNetworking
ID: 39222887
Simon,

Please let me know which feature is configured to disallow authenticated relaying and I will look and see.  


We have the IP of the router and the localhost (127.0.0.1) as "allowed" in the SMTP VS...

Is this what you were asking?
0
 

Author Comment

by:CandSNetworking
ID: 39222951
Simon,

Is this what you were asking me about?
Screen shot of my SMTP relay config
Also, authenticated users from the  "users" button are enabled for submit only, not relay.  And I was incorrect about the ip addresses... we've used the NAT address of the server internally and Localhost.
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39222997
You don't need either 127.0.0.1 or the router in the list for Exchange to work.
In some cases having the router listed can turn the server in to an open relay, because of how Exchange sees the traffic. Therefore I would remove the two entries and then restart the SMTP Server service and test again.

Simon.
0
 

Author Comment

by:CandSNetworking
ID: 39223033
I'll be happy to remove these two ip addresses (even the NAT address?  I was told that this had to be in the SMTP VS)

I am not sure how to test this, as all relay testing already shows that I have a closed relay....  recommendations?

To date, the "test" has been, "hey admin, I can't send email to xxxx@xxx.xx"  :)
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39223496
Who told you they had to be in the list? As who or whatever the source was, is incorrect.
You may not have an open relay, it could be an authenticated relay, unfortunately you will have to wait to see whether the problem goes away.

Worst case is you have compromised account and the attacker is actually logging in to OWA or using Outlook to send the messages. Not unheard of as the result of a phishing attack.

Simon.
0
 

Author Closing Comment

by:CandSNetworking
ID: 39241385
Simon,

Thank you for bringing these misconfigurations to our attention... up until now, we did not realize that relays could be authenticated through several mechanisms.

We believe that we are ready to close this question and appreciate the assist!

Sky
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question