I'm not sure where to find the source of the IP address where the emails are coming from. In addition, blocking that one IP doesn't stop others from using my IIS SMTP relay as a relay point, just that one address I believe so I need a more permanent fix. Thanks.
> Block the IP at the router... > > Kevinm M WLKMMAS, UCC+WCA, CKWSE > > > -----Original Message----- > From: Jesse Rink [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, November 21, 2001 7:09 AM > To: MS-Exchange Admin Issues > Subject: RE: My IIS SMTP is being used as a relay - need help stopping > this > > > Heh, yeah... I guess so. Anyway, if you can lend a hand, please let me > know. This is very frustrating. My queue is getting TONS of messages > per minute from these spammers and I need to get it fixed as it's using > up to about 30% of our incoming T1 bandwidth. > > > Well, then I must modify my band camp scenario... : > > > > > Kevinm M WLKMMAS, UCC+WCA, CKWSE > > > > > > -----Original Message----- > > From: Jesse Rink [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, November 21, 2001 7:01 AM > > To: MS-Exchange Admin Issues > > Subject: RE: My IIS SMTP is being used as a relay - need help stopping > > this > > > > > > 3 reasons why I know (in order of finding them out) > > > > 1. The amount of incoming traffic on our T1 increased about 40x as of > > yesterday. 2. The # of messages in the IIS SMTP relay /queue directory > > > is constantly around 1500 messages and are FROM: a domain that is not > > my domain (some dude sending hotmail.com messages about a porn site). > > 3. I went to www.abuse.net and used their smtp relay abuse test and > > the results showed that my server could be used as a relay. > > > > :) or should I say, :( heh.. Need help figuring out what to change in > > > IIS SMTP now.. Thanks! > > > > > > > How do you know you are being used as a relay? > > > > > > Kevinm M WLKMMAS, UCC+WCA, CKWSE > > > > > > > > > -----Original Message----- > > > From: Jesse Rink [mailto:[EMAIL PROTECTED]] > > > Sent: Wednesday, November 21, 2001 6:35 AM > > > To: MS-Exchange Admin Issues > > > Subject: My IIS SMTP is being used as a relay - need help stopping > > this > > > > > > > > > Well, after making sure my IIS 4.0 SMTP relay server was not > > > infected by the NIMDA virus and applying all the MS01-044 IIS > > > cumulative security bulletin, I am still being used as a relay > > > point. > > > > > > The most confusing thing is: I can't understand how they are doing > > > it because when I telnet into the IIS SMTP relay from HOME, it > > > DOESN'T allow me to relay. The following shows up: > > > > > > 220-w-smtp01.whitnall.com Microsoft SMTP MAIL ready at Wed, 21 Nov > > > 2001 08:16:19 -0600 Version: 5.5.1877.197.19 > > > 220 ESMTP spoken here > > > > > > At this point I try and type "Helo me", "Mail From:", or other > > > commands, and they ALL fail with either a) a 550 error, b) no > > > response. > > > > > > If on the other hand, I telnet into the SMTP relay from a PC here on > > > the LAN I can issue "Helo me", "Mail From:" or other commands and > use > > > it as a relay without problem. > > > > > > What I'm looking for is someone running IIS SMTP services to help me > > > out here. My IIS SMTP relay is in my DMZ Interface and my (1) > > > Exchange server is on the Inside Interface of the firewall. I'm > > > worried that our domain will start getting banned or black listed (I > > > > heard this happens) because we are being used as a relay point. > This > > > is the 2nd day it's been occuring and I need to get this fixed soon. > > > > > > If you can help, please let me know. Thanks. > > > > > > Jesse Rink > > > [EMAIL PROTECTED] > > > > > > List Charter and FAQ at: > > > http://www.sunbelt-software.com/exchange_list_charter.htm > > > > List Charter and FAQ at: > > http://www.sunbelt-software.com/exchange_list_charter.htm > > List Charter and FAQ at: > http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
