Microsoft
Software
Hardware
Network
Question : General Spam questions
I am getting several undeliverable notifications on several users inboxes recently. There is clearly a spam problem going on and i am not sure of what was breached. The problem was really noticeable yesterday and I have already done the following.
Tested for open relay on Exchange 2000. It is not an open relay. I went through a similar article on this website and found a link to a MS webcast on how to ensure that the default settings were in place. I also changed my smtp connector settings to forward all msgs to a fake IP address, and to hold everything until midnight so that i could flush out the bad messages that were showing up (as shown on another webcase on the same post). Once flushed i put those settings back to normal. I updated my virus definitions and scanned my server, as well as a couple of the client pcs in question, and came up with no viruses. All of this was done after hours yesterday. Today I come in and i am still getting undeliverable notifications!
Now i can deal with incoming spam, but I HAVE to get rid of this outgoing spam as it is having a significant impact on the orginization. What backdoor do i have open for the spammers to go through? My open relay test is as follows
HELO ortest.checkor.com
* 250 server.domain.com Hello [204.16.252.112]
RSET
250 2.0.0 Resetting
MAIL FROM:
[email protected]
250 2.1.0
[email protected]
OK
RCPT TO:
[email protected]
550 5.7.1 Unable to relay for
[email protected]
--------------------------
----------
----------
----------
----------
----------
----
RSET
250 2.0.0 Resetting
MAIL FROM:
501 5.5.4 Invalid Address
RCPT TO:
[email protected]
503 5.5.2 Need Mail From: first
--------------------------
----------
----------
----------
----------
----------
----
RSET
250 2.0.0 Resetting
MAIL FROM:
[email protected]
250 2.1.0
[email protected]
er OK
RCPT TO:
[email protected]
550 5.7.1 Unable to relay for
[email protected]
--------------------------
----------
----------
----------
----------
----------
----
RSET
250 2.0.0 Resetting
MAIL FROM:
[email protected]
250 2.1.0
[email protected]
er OK
RCPT TO:
[email protected]
550 5.7.1 Unable to relay for
[email protected]
--------------------------
----------
----------
----------
----------
----------
----
RSET
250 2.0.0 Resetting
MAIL FROM:
[email protected]
250 2.1.0
[email protected]
er OK
RCPT TO:
[email protected]
550 5.7.1 Unable to relay for
[email protected]
--------------------------
----------
----------
----------
----------
----------
----
RSET
250 2.0.0 Resetting
MAIL FROM:
[email protected]
250 2.1.0
[email protected]
er OK
RCPT TO: "
[email protected]
"@75.xxx.xx
x.xx
550 5.7.1 Unable to relay for "
[email protected]
"@75.xxx.xx
x.xx
--------------------------
----------
----------
----------
----------
----------
----
RSET
250 2.0.0 Resetting
MAIL FROM:
[email protected]
250 2.1.0
[email protected]
er OK
RCPT TO: @75.xxx.xxx.xx:spamtest@ch
eckor.com
550 5.7.1 Unable to relay for
[email protected]
Answer : General Spam questions
Question PAQ'd, 500 points refunded, and stored in the solution database.
Random Solutions
Good Apache Guide for mod_proxy on Windows?
SSL for a hosted application
internet sharing, wireless 2 LAN
DNS server - AD replication issues
Problems with windows 2003 Group policy to terminal servers using security filters and Containers
Linksys wireless connection problem
difference between Windows account and Active Directory
IIS and Remote Desktop unavailable
Option 161 in Windows 2000 DHCP Server?
Share an Internet connection from my laptop to my PVP