Microsoft
Software
Hardware
Network
Question : General Spam questions
I am getting several undeliverable notifications on several users inboxes recently. There is clearly a spam problem going on and i am not sure of what was breached. The problem was really noticeable yesterday and I have already done the following.
Tested for open relay on Exchange 2000. It is not an open relay. I went through a similar article on this website and found a link to a MS webcast on how to ensure that the default settings were in place. I also changed my smtp connector settings to forward all msgs to a fake IP address, and to hold everything until midnight so that i could flush out the bad messages that were showing up (as shown on another webcase on the same post). Once flushed i put those settings back to normal. I updated my virus definitions and scanned my server, as well as a couple of the client pcs in question, and came up with no viruses. All of this was done after hours yesterday. Today I come in and i am still getting undeliverable notifications!
Now i can deal with incoming spam, but I HAVE to get rid of this outgoing spam as it is having a significant impact on the orginization. What backdoor do i have open for the spammers to go through? My open relay test is as follows
HELO ortest.checkor.com
* 250 server.domain.com Hello [204.16.252.112]
RSET
250 2.0.0 Resetting
MAIL FROM:
[email protected]
250 2.1.0
[email protected]
OK
RCPT TO:
[email protected]
550 5.7.1 Unable to relay for
[email protected]
--------------------------
----------
----------
----------
----------
----------
----
RSET
250 2.0.0 Resetting
MAIL FROM:
501 5.5.4 Invalid Address
RCPT TO:
[email protected]
503 5.5.2 Need Mail From: first
--------------------------
----------
----------
----------
----------
----------
----
RSET
250 2.0.0 Resetting
MAIL FROM:
[email protected]
250 2.1.0
[email protected]
er OK
RCPT TO:
[email protected]
550 5.7.1 Unable to relay for
[email protected]
--------------------------
----------
----------
----------
----------
----------
----
RSET
250 2.0.0 Resetting
MAIL FROM:
[email protected]
250 2.1.0
[email protected]
er OK
RCPT TO:
[email protected]
550 5.7.1 Unable to relay for
[email protected]
--------------------------
----------
----------
----------
----------
----------
----
RSET
250 2.0.0 Resetting
MAIL FROM:
[email protected]
250 2.1.0
[email protected]
er OK
RCPT TO:
[email protected]
550 5.7.1 Unable to relay for
[email protected]
--------------------------
----------
----------
----------
----------
----------
----
RSET
250 2.0.0 Resetting
MAIL FROM:
[email protected]
250 2.1.0
[email protected]
er OK
RCPT TO: "
[email protected]
"@75.xxx.xx
x.xx
550 5.7.1 Unable to relay for "
[email protected]
"@75.xxx.xx
x.xx
--------------------------
----------
----------
----------
----------
----------
----
RSET
250 2.0.0 Resetting
MAIL FROM:
[email protected]
250 2.1.0
[email protected]
er OK
RCPT TO: @75.xxx.xxx.xx:spamtest@ch
eckor.com
550 5.7.1 Unable to relay for
[email protected]
Answer : General Spam questions
Question PAQ'd, 500 points refunded, and stored in the solution database.
Random Solutions
Cannot establish a FTP connection from AS/400 to a Laptop
Network printer install. Group policy / Login script
Apache + IIS problems
Setting up Netware/IP services on NW4.11
Recommend IP PoE camera?
Netware 5.1 Routing/IP issue
SMS AT Commands - how can i identify which index number a new message is stored under.
Should DMZ servers be part of the company domain?
How can i trace gmail sender IP
NetBIOS name resoltion issue in domain environment
