Microsoft
Software
Hardware
Network
Question : General Spam questions
I am getting several undeliverable notifications on several users inboxes recently. There is clearly a spam problem going on and i am not sure of what was breached. The problem was really noticeable yesterday and I have already done the following.
Tested for open relay on Exchange 2000. It is not an open relay. I went through a similar article on this website and found a link to a MS webcast on how to ensure that the default settings were in place. I also changed my smtp connector settings to forward all msgs to a fake IP address, and to hold everything until midnight so that i could flush out the bad messages that were showing up (as shown on another webcase on the same post). Once flushed i put those settings back to normal. I updated my virus definitions and scanned my server, as well as a couple of the client pcs in question, and came up with no viruses. All of this was done after hours yesterday. Today I come in and i am still getting undeliverable notifications!
Now i can deal with incoming spam, but I HAVE to get rid of this outgoing spam as it is having a significant impact on the orginization. What backdoor do i have open for the spammers to go through? My open relay test is as follows
HELO ortest.checkor.com
* 250 server.domain.com Hello [204.16.252.112]
RSET
250 2.0.0 Resetting
MAIL FROM:
[email protected]
250 2.1.0
[email protected]
OK
RCPT TO:
[email protected]
550 5.7.1 Unable to relay for
[email protected]
--------------------------
----------
----------
----------
----------
----------
----
RSET
250 2.0.0 Resetting
MAIL FROM:
501 5.5.4 Invalid Address
RCPT TO:
[email protected]
503 5.5.2 Need Mail From: first
--------------------------
----------
----------
----------
----------
----------
----
RSET
250 2.0.0 Resetting
MAIL FROM:
[email protected]
250 2.1.0
[email protected]
er OK
RCPT TO:
[email protected]
550 5.7.1 Unable to relay for
[email protected]
--------------------------
----------
----------
----------
----------
----------
----
RSET
250 2.0.0 Resetting
MAIL FROM:
[email protected]
250 2.1.0
[email protected]
er OK
RCPT TO:
[email protected]
550 5.7.1 Unable to relay for
[email protected]
--------------------------
----------
----------
----------
----------
----------
----
RSET
250 2.0.0 Resetting
MAIL FROM:
[email protected]
250 2.1.0
[email protected]
er OK
RCPT TO:
[email protected]
550 5.7.1 Unable to relay for
[email protected]
--------------------------
----------
----------
----------
----------
----------
----
RSET
250 2.0.0 Resetting
MAIL FROM:
[email protected]
250 2.1.0
[email protected]
er OK
RCPT TO: "
[email protected]
"@75.xxx.xx
x.xx
550 5.7.1 Unable to relay for "
[email protected]
"@75.xxx.xx
x.xx
--------------------------
----------
----------
----------
----------
----------
----
RSET
250 2.0.0 Resetting
MAIL FROM:
[email protected]
250 2.1.0
[email protected]
er OK
RCPT TO: @75.xxx.xxx.xx:spamtest@ch
eckor.com
550 5.7.1 Unable to relay for
[email protected]
Answer : General Spam questions
Question PAQ'd, 500 points refunded, and stored in the solution database.
Random Solutions
Changing Registry Permissions with SubInACL.exe - Part 2
routers
How do I monitor a networked broadband connection?
Does each Novell GW 6.5 mailbox require a Netware User object, when GW is doing its own authentication?
Force Windows XP workstations to use a specific DHCP server
Extract Longtitude and Latitude from GPS device (Mobile 2003)
Ways to stress test a network
Wireless vs hardwire network connection
How do I set up a Forgotten Password Policy in Netware 6.5?
Recommendations for VoIP.
