Hi I had a similar problem as we have a lot of mobile users. Unfortunately the authentication seemed temperamental depending on which ISP you were using, so forced everybody to use the VPN and restricted routing to internal IP's only.
I think that did the trick, but I wouldn't be surprised if the spammers find a way around it. Bye Ali ----- Original Message ----- From: "Jay Kulsh" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Monday, November 03, 2003 12:11 PM Subject: Re: Spam Clogging the IMC Queue -- Feigning Open Relay > Let me answer my own question. Those spammers were using authentication to > logon to SMTP server of our Exchange. Once we saw what user account was > being used and disabled it, problem went away. (Due to POP3 users, we have > to allow routing thru authentication.) > > Jay Kulsh > > Please visit http://www.cancer-treatment.net > > ----- Original Message ----- > From: Jay Kulsh > To: Exchange Discussions > Sent: Sunday, November 02, 2003 9:17 PM > Subject: Spam Clogging the IMC Queue -- Feigning Open Relay > > > > Hi folks, > > We do not have open relay on our two Exchange servers (5.5 SP4) as tested by > various tools. However in the queue of IMC, there are thousand of messages > that have outside domains in both source and destination addresses. The > addresses of originators are obviously computer generated with words like > [EMAIL PROTECTED], [EMAIL PROTECTED] etc. We have no proof yet that any of these > messages are actually delivered -- as if we were open realy -- to the > destination domain but that is a possibility. > > Symantec techsupport stated that they are not aware of any virus or worm > that can do this. > > If we are not allowing open-relay what is causing these messages to get to > our IMC queue? Please help! > > Jay > __________ > Jay Kulsh > iLAN > Pasadena, CA > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
