3 reasons why I know (in order of finding them out) 1. The amount of incoming traffic on our T1 increased about 40x as of yesterday. 2. The # of messages in the IIS SMTP relay /queue directory is constantly around 1500 messages and are FROM: a domain that is not my domain (some dude sending hotmail.com messages about a porn site). 3. I went to www.abuse.net and used their smtp relay abuse test and the results showed that my server could be used as a relay.
:) or should I say, :( heh.. Need help figuring out what to change in IIS SMTP now.. Thanks! > How do you know you are being used as a relay? > > Kevinm M WLKMMAS, UCC+WCA, CKWSE > > > -----Original Message----- > From: Jesse Rink [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, November 21, 2001 6:35 AM > To: MS-Exchange Admin Issues > Subject: My IIS SMTP is being used as a relay - need help stopping this > > > Well, after making sure my IIS 4.0 SMTP relay server was not infected by > the NIMDA virus and applying all the MS01-044 IIS cumulative security > bulletin, I am still being used as a relay point. > > The most confusing thing is: I can't understand how they are doing it > because when I telnet into the IIS SMTP relay from HOME, it DOESN'T > allow me to relay. The following shows up: > > 220-w-smtp01.whitnall.com Microsoft SMTP MAIL ready at Wed, 21 Nov 2001 > 08:16:19 -0600 Version: 5.5.1877.197.19 > 220 ESMTP spoken here > > At this point I try and type "Helo me", "Mail From:", or other commands, > and they ALL fail with either a) a 550 error, b) no response. > > If on the other hand, I telnet into the SMTP relay from a PC here on the > LAN I can issue "Helo me", "Mail From:" or other commands and use it as > a relay without problem. > > What I'm looking for is someone running IIS SMTP services to help me out > here. My IIS SMTP relay is in my DMZ Interface and my (1) Exchange > server is on the Inside Interface of the firewall. I'm worried that our > domain will start getting banned or black listed (I heard this happens) > because we are being used as a relay point. This is the 2nd day it's > been occuring and I need to get this fixed soon. > > If you can help, please let me know. Thanks. > > Jesse Rink > [EMAIL PROTECTED] > > List Charter and FAQ at: > http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
