I seem to recall that there was a bug (fixed in sp3 maybe?) where if an SMTP packet had a forged source address of 127.0.0.1, SMTP would relay it regardless of relay settings.
I may be misremembering the details. Also, no even half-way correctly firewall would let this type of packet in. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Winzenz Sent: Thursday, December 18, 2003 11:51 AM To: Exchange Discussions Subject: RE: Open Relay/Spamcop However, I would welcome any information that proves me otherwise. i.e. configure these settings, with the guest account disabled, and prove that it actually will relay - not authenticated relay, that doesn't count. If it is authenticated relay, it is because a password was compromised. Ben Winzenz Network Engineer Gardner & White (317) 581-1580 ext 418 -----Original Message----- From: Ben Winzenz Posted At: Thursday, December 18, 2003 11:48 AM Posted To: Exchange (Swynk) Conversation: Open Relay/Spamcop Subject: RE: Open Relay/Spamcop I still think you are smoking crack on this, Greg. I have never seen a properly configured Exchange 2000 server relay UNLESS a user account was compromised, or the guest account was enabled. I've tested it and tested again, and never found Exchange to relay with those settings. Ben Winzenz Network Engineer Gardner & White (317) 581-1580 ext 418 -----Original Message----- From: Greg Deckler [mailto:[EMAIL PROTECTED] Posted At: Thursday, December 18, 2003 11:37 AM Posted To: Exchange (Swynk) Conversation: Open Relay/Spamcop Subject: RE: Open Relay/Spamcop Hey, thanks for the confirmation. People have told me that I am smoking crack and that the Exchange servers were horribly misconfigured. It's nice to know that I am not smoking crack. > I concur with greg ... our server had those settings and we were being > used as a relay ... turned off "Allow all computers which successfully > authenticate to relay, regardless of the list above." and that stopped > it ... > > Mike > > > > -----Original Message----- > From: Greg Deckler [mailto:[EMAIL PROTECTED] > Sent: Thursday, December 18, 2003 11:17 AM > To: Exchange Discussions > Subject: Re: Open Relay/Spamcop > > > This may or may not be the problem, but I have seen spammers able to > relay off an Exchange server if the following configuration applies: > > 1. If "Anonymous access" is turned on. SMTP Virtual Server properties, > Access page, Authentication. 2. And, "Allow all computers which > successfully authenticate to relay, regardless of the list above." is > checked. SMTP Virtual Server properties, Access page, Relay. > > > > > Hello All and Happy Holidays! > >=20 > > I have a colleague whos Exchange 2000 server is being reported as > >Open > > > Relay by spamcop for the past month. I have tested his relay by=20 > >setting up a POP account in Outlook, putting the server that is > >being=20 reported as Open relay as my Outgoing SMTP server. =3D20 > >=20 When I try to send a message using Outlook, I get a return > >message > that > > 550 5.7.1 Unable to relay. I am relieved that it could not relay. > > That is good, however, why then is spamcop still reporting it to > >be=20 open relay? =3D20 =20 I have checked (over the phone) all his > >Virtual SMTP Server settings=20 to verify correct configuration. > >Everything seems to be "checked" or=20 "unchecked" as recommended by > >Microsoft. > >=20 > > We have Stopped/Started Services for SMTP =20 The Exchange 2000 > >server is behind a NAT and I have looked into the=20 possibility of > >this. I have been out on the spamcop site and for the=20 life of me > >cannot find a way to make them check the server again to=20 see if > >it is closed relay like ORDB does. =3D20 =20 Any ideas or > >comments???? =3D20 =20 =20 =20 Samantha Bridges Communications > >Technician Macomb Intermediate School District > > 44001 Garfield Road > > Clinton Township MI 48038-1100 > > (586) 228-3300 > >=20 > > [EMAIL PROTECTED] > > http://www.misd.net > >=20 > >=20 > > CONFIDENTIALITY NOTICE: This email message, including any > >attachments, > > > is for the sole use of the intended recipient(s) and may contain=20 > > confidential and privileged information. Any unauthorized review, > > use, > > > disclosure or distribution is prohibited. If you are not the > >intended=20 recipient, please contact the sender by reply email and > >destroy all=20 copies of the original message. > >=20 > > =3D20 > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=3Dexchange&text_mo > de=3D= > & > lang=3Denglish > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=& lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=& lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=& lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]