Well, after making sure my IIS 4.0 SMTP relay server was not infected by the NIMDA virus and applying all the MS01-044 IIS cumulative security bulletin, I am still being used as a relay point.
The most confusing thing is: I can't understand how they are doing it because when I telnet into the IIS SMTP relay from HOME, it DOESN'T allow me to relay. The following shows up: 220-w-smtp01.whitnall.com Microsoft SMTP MAIL ready at Wed, 21 Nov 2001 08:16:19 -0600 Version: 5.5.1877.197.19 220 ESMTP spoken here At this point I try and type "Helo me", "Mail From:", or other commands, and they ALL fail with either a) a 550 error, b) no response. If on the other hand, I telnet into the SMTP relay from a PC here on the LAN I can issue "Helo me", "Mail From:" or other commands and use it as a relay without problem. What I'm looking for is someone running IIS SMTP services to help me out here. My IIS SMTP relay is in my DMZ Interface and my (1) Exchange server is on the Inside Interface of the firewall. I'm worried that our domain will start getting banned or black listed (I heard this happens) because we are being used as a relay point. This is the 2nd day it's been occuring and I need to get this fixed soon. If you can help, please let me know. Thanks. Jesse Rink [EMAIL PROTECTED] List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
