Thank you guys for all your help. I shoulda called Barracuda first. Had one setting that was a "little" unsecure and that's why the bastards were flagging me. I think it is beer thirty even though it is 1:00
Chris Drobny Network/System Administrator LMS Intellibound, Inc. office 770.724.0562 cell 404.797.9710 cdro...@lmsintellibound.com From: King's Kid [mailto:kingskid1002...@yahoo.com] Sent: Wednesday, September 30, 2009 12:41 PM To: MS-Exchange Admin Issues Subject: Re: Blacklisted out of the blue Could it be a bot? We were recently blacklisted. After doing some digging I found that one of our machines had a spambot on it that was causing the problem. BJ No trees were killed in the sending of this message, but a large number of electrons were terribly inconvenienced. ________________________________ From: Chris Drobny <cdro...@lmsintellibound.com> To: MS-Exchange Admin Issues <exchangelist@lyris.sunbelt-software.com> Sent: Wed, September 30, 2009 10:01:42 AM Subject: RE: Blacklisted out of the blue Currently my people using email do have to VPN in so that isn't a problem. The barracuda is just for filtering spam coming in I don't think I have it relaying mail out. But maybe I am confused. Again nothing has changed in 3 years and I am just getting these open relay messages now. I fought this when I first put the box up and thought I had closed everything off. Chris Drobny Network/System Administrator LMS Intellibound, Inc. office 770.724.0562 cell 404.797.9710 cdro...@lmsintellibound.com -----Original Message----- From: Jason Gurtz [mailto:jasongu...@npumail.com] Sent: Wednesday, September 30, 2009 10:42 AM To: MS-Exchange Admin Issues Subject: RE: Blacklisted out of the blue > Ok so we are having trouble emailing some of our customers so I do a > quick check to find out why. Seems http://njabl.org/ is saying we are an > open relay which I had thought I had closed up years ago. Looks like you should go through those barracuda settings again because spammers are likely abusing your public service. If you need to have mobile users relay mail from the field, you need to enable and require some kind of LDAP/AD authentication for all senders. If the barracuda doesn't support authenticated relaying via AD you will have to turn off all relaying except from your exchange server. In this case, the remote users will have to use a vpn of some sort in order to send mail as though they were in the office ============================================================ 220 barracuda.mail.lmsintellibound.com <http://barracuda.mail.lmsintellibound.com/> ESMTP Service ready helo lmsintellibound.com <http://lmsintellibound.com/> 250 Requested mail action okay, completed mail from: administra...@lmsintellibound.com 250 Requested mail action okay, completed rcpt to: xxxxx...@gmail.com 250 Requested mail action okay, completed data 354 Start mail input; end with <CRLF>.<CRLF> To: xxxxx...@gmail.com From: administra...@lmsintellibound.com Subject: Sent from an open relay Testing out the body cheers . 250 Requested mail action okay, completed quit ------------------------------------------------------------ Found in a mailbox moments later...woops ------------------------------------------------------------ Delivered-To: xxxxx...@gmail.com Received: by 10.231.16.65 with SMTP id n1cs224076iba; Wed, 30 Sep 2009 07:22:15 -0700 (PDT) Received: by 10.224.8.136 with SMTP id h8mr5707464qah.25.1254320534533; Wed, 30 Sep 2009 07:22:14 -0700 (PDT) Return-Path: <administra...@lmsintellibound.com> Received: from barracuda.mail.lmsintellibound.com (mail.lmsintellibound.com <http://mail.lmsintellibound.com/> [66.64.158.244]) by mx.google.com <http://mx.google.com/> with ESMTP id 27si8524489ywh.104.2009.09.30.07.22.14; Wed, 30 Sep 2009 07:22:14 -0700 (PDT) Received-SPF: pass (google.com <http://google.com/> : best guess record for domain of administra...@lmsintellibound.com designates 66.64.158.244 as permitted sender) client-ip=66.64.158.244; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of administra...@lmsintellibound.com designates 66.64.158.244 as permitted sender) smtp.mail=administra...@lmsintellibound.com To: xxxxx...@gmail.com From: administra...@lmsintellibound.com Subject: Sent from an open relay Message-Id: <20090930142153.4f3d923b...@barracuda.mail.lmsintellibound.com> Date: Wed, 30 Sep 2009 10:21:53 -0400 (EDT) Testing out the body cheers ============================================================ What's really bad here is that all the spam comes from your IP and the sender is also spoofed as you since you have locked down relaying from senders with a domain other than yours. Some chickenboner has probably discovered your service lately... ~JasonG
