This may very well be the case. I cannot say one way or another. When I have seen this, it has always been the case that I am there fixing something else and happen upon this problem, fix it and move on. I DO know that I have seen it on boxes where the Guest account is disabled, but that does not rule out the possibility that some other account was compromised.
> However, I would welcome any information that proves me otherwise. i.e. > configure these settings, with the guest account disabled, and prove > that it actually will relay - not authenticated relay, that doesn't > count. If it is authenticated relay, it is because a password was > compromised.=20 > > > Ben Winzenz > Network Engineer > Gardner & White > (317) 581-1580 ext 418 > > > -----Original Message----- > From: Ben Winzenz=20 > Posted At: Thursday, December 18, 2003 11:48 AM > Posted To: Exchange (Swynk) > Conversation: Open Relay/Spamcop > Subject: RE: Open Relay/Spamcop > > > I still think you are smoking crack on this, Greg. I have never seen a > properly configured Exchange 2000 server relay UNLESS a user account was > compromised, or the guest account was enabled. I've tested it and > tested again, and never found Exchange to relay with those settings.=20 > > > Ben Winzenz > Network Engineer > Gardner & White > (317) 581-1580 ext 418 > > > -----Original Message----- > From: Greg Deckler [mailto:[EMAIL PROTECTED] Posted At: Thursday, > December 18, 2003 11:37 AM Posted To: Exchange (Swynk) > Conversation: Open Relay/Spamcop > Subject: RE: Open Relay/Spamcop > > > Hey, thanks for the confirmation. People have told me that I am smoking > crack and that the Exchange servers were horribly misconfigured. It's > nice to know that I am not smoking crack. > > > I concur with greg ... our server had those settings and we were being > > > used as a relay ... turned off "Allow all computers which successfully > > > authenticate to relay, regardless of the list above." and that stopped > > > it ... > >=20 > > Mike > >=20 > >=20 > >=20 > > -----Original Message----- > > From: Greg Deckler [mailto:[EMAIL PROTECTED] > > Sent: Thursday, December 18, 2003 11:17 AM > > To: Exchange Discussions > > Subject: Re: Open Relay/Spamcop > >=20 > >=20 > > This may or may not be the problem, but I have seen spammers able to=20 > > relay off an Exchange server if the following configuration applies: > >=20 > > 1. If "Anonymous access" is turned on. SMTP Virtual Server properties, > > > Access page, Authentication. 2. And, "Allow all computers which=20 > > successfully authenticate to relay, regardless of the list above." is=20 > > checked. SMTP Virtual Server properties, Access page, Relay. > >=20 > >=20 > >=20 > > > Hello All and Happy Holidays! > > >=3D20 > > > I have a colleague whos Exchange 2000 server is being reported as=20 > > >Open > >=20 > > > Relay by spamcop for the past month. I have tested his relay = > by=3D20 > > > >setting up a POP account in Outlook, putting the server that is=20 > > >being=3D20 reported as Open relay as my Outgoing SMTP server. = > =3D3D20=20 > > >=3D20 When I try to send a message using Outlook, I get a return=20 > > >message > > that > > > 550 5.7.1 Unable to relay. I am relieved that it could not > relay. > > > That is good, however, why then is spamcop still reporting it to=20 > > >be=3D20 open relay? =3D3D20 =3D20 I have checked (over the phone) = > all his > > > >Virtual SMTP Server settings=3D20 to verify correct configuration. =20 > > >Everything seems to be "checked" or=3D20 "unchecked" as recommended = > by > > > >Microsoft. > > >=3D20 > > > We have Stopped/Started Services for SMTP =3D20 The Exchange 2000=20 > > >server is behind a NAT and I have looked into the=3D20 possibility = > of=20 > > >this. I have been out on the spamcop site and for the=3D20 life of = > me > > > >cannot find a way to make them check the server again to=3D20 see if = > > > >it is closed relay like ORDB does. =3D3D20 =3D20 Any ideas or=20 > > >comments???? =3D3D20 =3D20 =3D20 =3D20 Samantha Bridges = > Communications=20 > > >Technician Macomb Intermediate School District > > > 44001 Garfield Road > > > Clinton Township MI 48038-1100 > > > (586) 228-3300 > > >=3D20 > > > [EMAIL PROTECTED] > > > http://www.misd.net > > >=3D20 > > >=3D20 > > > CONFIDENTIALITY NOTICE: This email message, including any=20 > > >attachments, > >=20 > > > is for the sole use of the intended recipient(s) and may = > contain=3D20=20 > > > confidential and privileged information. Any unauthorized review,=20 > > > use, > >=20 > > > disclosure or distribution is prohibited. If you are not the=20 > > >intended=3D20 recipient, please contact the sender by reply email = > and=20 > > >destroy all=3D20 copies of the original message. > > >=3D20 > > > =3D3D20 > >=20 > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: > > = > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=3D3Dexchange&text_mo > > de=3D3D=3D > > & > > lang=3D3Denglish > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=3Dexchange&text_mode=3D= > & > lang=3Denglish > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=3Dexchange&text_mode=3D= > & > lang=3Denglish > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]