Well, then I must modify my band camp scenario... : > Kevinm M WLKMMAS, UCC+WCA, CKWSE
-----Original Message----- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 7:01 AM To: MS-Exchange Admin Issues Subject: RE: My IIS SMTP is being used as a relay - need help stopping this 3 reasons why I know (in order of finding them out) 1. The amount of incoming traffic on our T1 increased about 40x as of yesterday. 2. The # of messages in the IIS SMTP relay /queue directory is constantly around 1500 messages and are FROM: a domain that is not my domain (some dude sending hotmail.com messages about a porn site). 3. I went to www.abuse.net and used their smtp relay abuse test and the results showed that my server could be used as a relay. :) or should I say, :( heh.. Need help figuring out what to change in IIS SMTP now.. Thanks! > How do you know you are being used as a relay? > > Kevinm M WLKMMAS, UCC+WCA, CKWSE > > > -----Original Message----- > From: Jesse Rink [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, November 21, 2001 6:35 AM > To: MS-Exchange Admin Issues > Subject: My IIS SMTP is being used as a relay - need help stopping this > > > Well, after making sure my IIS 4.0 SMTP relay server was not infected > by the NIMDA virus and applying all the MS01-044 IIS cumulative > security bulletin, I am still being used as a relay point. > > The most confusing thing is: I can't understand how they are doing it > because when I telnet into the IIS SMTP relay from HOME, it DOESN'T > allow me to relay. The following shows up: > > 220-w-smtp01.whitnall.com Microsoft SMTP MAIL ready at Wed, 21 Nov > 2001 08:16:19 -0600 Version: 5.5.1877.197.19 > 220 ESMTP spoken here > > At this point I try and type "Helo me", "Mail From:", or other > commands, and they ALL fail with either a) a 550 error, b) no > response. > > If on the other hand, I telnet into the SMTP relay from a PC here on > the LAN I can issue "Helo me", "Mail From:" or other commands and use > it as a relay without problem. > > What I'm looking for is someone running IIS SMTP services to help me > out here. My IIS SMTP relay is in my DMZ Interface and my (1) > Exchange server is on the Inside Interface of the firewall. I'm > worried that our domain will start getting banned or black listed (I > heard this happens) because we are being used as a relay point. This > is the 2nd day it's been occuring and I need to get this fixed soon. > > If you can help, please let me know. Thanks. > > Jesse Rink > [EMAIL PROTECTED] > > List Charter and FAQ at: > http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm