RE: My IIS SMTP is being used as a relay - need help stopping this
Hmmm i guess i misunderstood ;) Failing the #1 test is bad indeed, unfortunatly i don't have any experience on using IIS SMTP to help you solve this issue. It's weird that all mail is from hotmail accounts tho, is someone from the inside doing this? Is it possible for you to post the headers of one of those e-mails here? Bob ten Berge deVisie automatiseringsdiensten -Oorspronkelijk bericht- Van: Jesse Rink [mailto:[EMAIL PROTECTED]] Verzonden: woensdag 21 november 2001 17:20 Aan: MS-Exchange Admin Issues Onderwerp: RE: My IIS SMTP is being used as a relay - need help stopping this Hey Bob, thanks for the reply! www.abuse.net told me I failed on TEST #1. I should also mention, the messages getting loaded into the queue are not destined for my domain nor originating from my domain. The are usually from hotmail.com accounts to various other domains (but not my domain whitnall.com) and contain porn links. So I think it is a relay issue. They are not ALL originating from the exact same email address, but they are all hotmail.com accounts. Again, as far as i see it, it is tons of _incoming_ mail... this, ofcourse, is not relaying, you're just being fscked by some brainless *sshole. Tell me, at what point is your mailserver allowing relaying according to abuse.net? I'll bet it's just the last one, if this is the case than you should stop worrying about being (ab)used for relaying, instead worry about someone mailbombing you. Also, you should be able to see where those e-mails are coming from. Are they all from the same host/mailserver? Bob ten Berge deVisie automatiseringsdiensten -Oorspronkelijk bericht- Van: Jesse Rink [mailto:[EMAIL PROTECTED]] Verzonden: woensdag 21 november 2001 16:09 Aan: MS-Exchange Admin Issues Onderwerp: RE: My IIS SMTP is being used as a relay - need=20 help stopping this =20 =20 Heh, yeah... I guess so. Anyway, if you can lend a hand,=20 please let me know. This is very frustrating. My queue is getting TONS of=20 messages per minute from these spammers and I need to get it fixed as it's=20 using up to about 30% of our incoming T1 bandwidth. =20 Well, then I must modify my band camp scenario... : =20 =20 Kevinm M WLKMMAS, UCC+WCA, CKWSE =20 =20 -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]]=20 Sent: Wednesday, November 21, 2001 7:01 AM To: MS-Exchange Admin Issues Subject: RE: My IIS SMTP is being used as a relay - need=20 help stopping this =20 =20 3 reasons why I know (in order of finding them out) =20 1. The amount of incoming traffic on our T1 increased about=20 40x as of yesterday. 2. The # of messages in the IIS SMTP relay=20 /queue directory is constantly around 1500 messages and are FROM: a domain=20 that is not my domain (some dude sending hotmail.com messages about a porn=20 site). 3. I went to www.abuse.net and used their smtp relay abuse test and the results showed that my server could be used as a relay. =20 :) or should I say, :( heh.. Need help figuring out what=20 to change in IIS SMTP now.. Thanks! =20 =20 How do you know you are being used as a relay? =20 Kevinm M WLKMMAS, UCC+WCA, CKWSE =20 =20 -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 6:35 AM To: MS-Exchange Admin Issues Subject: My IIS SMTP is being used as a relay - need help stopping this =20 =20 Well, after making sure my IIS 4.0 SMTP relay server was=20 not infected by the NIMDA virus and applying all the MS01-044 IIS cumulative=20 security bulletin, I am still being used as a relay point. =20 The most confusing thing is: I can't understand how they=20 are doing it because when I telnet into the IIS SMTP relay from HOME,=20 it DOESN'T=20 allow me to relay. The following shows up: =20 220-w-smtp01.whitnall.com Microsoft SMTP MAIL ready at=20 Wed, 21 Nov=20 2001 08:16:19 -0600 Version: 5.5.1877.197.19 220 ESMTP spoken here=20 =20 At this point I try and type Helo me, Mail From:, or other=20 commands, and they ALL fail with either a) a 550 error, b) no=20 response. =20 If on the other hand, I telnet into the SMTP relay from a=20 PC here on=20 the LAN I can issue Helo me, Mail From: or other=20 commands and use it as a relay without problem. =20 What I'm looking for is someone running IIS SMTP services=20 to help me=20 out here. My IIS SMTP relay is in my DMZ Interface and my (1)=20 Exchange server is on the Inside Interface of the firewall. I'm=20 worried that our domain will start getting banned or=20 black listed (I=20 heard
My IIS SMTP is being used as a relay - need help stopping this
Well, after making sure my IIS 4.0 SMTP relay server was not infected by the NIMDA virus and applying all the MS01-044 IIS cumulative security bulletin, I am still being used as a relay point. The most confusing thing is: I can't understand how they are doing it because when I telnet into the IIS SMTP relay from HOME, it DOESN'T allow me to relay. The following shows up: 220-w-smtp01.whitnall.com Microsoft SMTP MAIL ready at Wed, 21 Nov 2001 08:16:19 -0600 Version: 5.5.1877.197.19 220 ESMTP spoken here At this point I try and type Helo me, Mail From:, or other commands, and they ALL fail with either a) a 550 error, b) no response. If on the other hand, I telnet into the SMTP relay from a PC here on the LAN I can issue Helo me, Mail From: or other commands and use it as a relay without problem. What I'm looking for is someone running IIS SMTP services to help me out here. My IIS SMTP relay is in my DMZ Interface and my (1) Exchange server is on the Inside Interface of the firewall. I'm worried that our domain will start getting banned or black listed (I heard this happens) because we are being used as a relay point. This is the 2nd day it's been occuring and I need to get this fixed soon. If you can help, please let me know. Thanks. Jesse Rink [EMAIL PROTECTED] List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: My IIS SMTP is being used as a relay - need help stopping this
How do you know you are being used as a relay? Kevinm M WLKMMAS, UCC+WCA, CKWSE -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 6:35 AM To: MS-Exchange Admin Issues Subject: My IIS SMTP is being used as a relay - need help stopping this Well, after making sure my IIS 4.0 SMTP relay server was not infected by the NIMDA virus and applying all the MS01-044 IIS cumulative security bulletin, I am still being used as a relay point. The most confusing thing is: I can't understand how they are doing it because when I telnet into the IIS SMTP relay from HOME, it DOESN'T allow me to relay. The following shows up: 220-w-smtp01.whitnall.com Microsoft SMTP MAIL ready at Wed, 21 Nov 2001 08:16:19 -0600 Version: 5.5.1877.197.19 220 ESMTP spoken here At this point I try and type Helo me, Mail From:, or other commands, and they ALL fail with either a) a 550 error, b) no response. If on the other hand, I telnet into the SMTP relay from a PC here on the LAN I can issue Helo me, Mail From: or other commands and use it as a relay without problem. What I'm looking for is someone running IIS SMTP services to help me out here. My IIS SMTP relay is in my DMZ Interface and my (1) Exchange server is on the Inside Interface of the firewall. I'm worried that our domain will start getting banned or black listed (I heard this happens) because we are being used as a relay point. This is the 2nd day it's been occuring and I need to get this fixed soon. If you can help, please let me know. Thanks. Jesse Rink [EMAIL PROTECTED] List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: My IIS SMTP is being used as a relay - need help stopping this
3 reasons why I know (in order of finding them out) 1. The amount of incoming traffic on our T1 increased about 40x as of yesterday. 2. The # of messages in the IIS SMTP relay /queue directory is constantly around 1500 messages and are FROM: a domain that is not my domain (some dude sending hotmail.com messages about a porn site). 3. I went to www.abuse.net and used their smtp relay abuse test and the results showed that my server could be used as a relay. :) or should I say, :( heh.. Need help figuring out what to change in IIS SMTP now.. Thanks! How do you know you are being used as a relay? Kevinm M WLKMMAS, UCC+WCA, CKWSE -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 6:35 AM To: MS-Exchange Admin Issues Subject: My IIS SMTP is being used as a relay - need help stopping this Well, after making sure my IIS 4.0 SMTP relay server was not infected by the NIMDA virus and applying all the MS01-044 IIS cumulative security bulletin, I am still being used as a relay point. The most confusing thing is: I can't understand how they are doing it because when I telnet into the IIS SMTP relay from HOME, it DOESN'T allow me to relay. The following shows up: 220-w-smtp01.whitnall.com Microsoft SMTP MAIL ready at Wed, 21 Nov 2001 08:16:19 -0600 Version: 5.5.1877.197.19 220 ESMTP spoken here At this point I try and type Helo me, Mail From:, or other commands, and they ALL fail with either a) a 550 error, b) no response. If on the other hand, I telnet into the SMTP relay from a PC here on the LAN I can issue Helo me, Mail From: or other commands and use it as a relay without problem. What I'm looking for is someone running IIS SMTP services to help me out here. My IIS SMTP relay is in my DMZ Interface and my (1) Exchange server is on the Inside Interface of the firewall. I'm worried that our domain will start getting banned or black listed (I heard this happens) because we are being used as a relay point. This is the 2nd day it's been occuring and I need to get this fixed soon. If you can help, please let me know. Thanks. Jesse Rink [EMAIL PROTECTED] List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: My IIS SMTP is being used as a relay - need help stopping this
I think he _wants_ to be used as a relay ;) Cuz as far as i can tell, relaying is _not_ allowed on his server (I tried it myself). Bob ten Berge deVisie automatiseringsdiensten -Oorspronkelijk bericht- Van: Kevin Miller [mailto:[EMAIL PROTECTED]] Verzonden: woensdag 21 november 2001 15:41 Aan: MS-Exchange Admin Issues Onderwerp: RE: My IIS SMTP is being used as a relay - need help stopping this How do you know you are being used as a relay? Kevinm M WLKMMAS, UCC+WCA, CKWSE -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 6:35 AM To: MS-Exchange Admin Issues Subject: My IIS SMTP is being used as a relay - need help stopping this Well, after making sure my IIS 4.0 SMTP relay server was not infected by the NIMDA virus and applying all the MS01-044 IIS cumulative security bulletin, I am still being used as a relay point. The most confusing thing is: I can't understand how they are doing it because when I telnet into the IIS SMTP relay from HOME, it DOESN'T allow me to relay. The following shows up: 220-w-smtp01.whitnall.com Microsoft SMTP MAIL ready at Wed, 21 Nov 2001 08:16:19 -0600 Version: 5.5.1877.197.19 220 ESMTP spoken here At this point I try and type Helo me, Mail From:, or other commands, and they ALL fail with either a) a 550 error, b) no response. If on the other hand, I telnet into the SMTP relay from a PC here on the LAN I can issue Helo me, Mail From: or other commands and use it as a relay without problem. What I'm looking for is someone running IIS SMTP services to help me out here. My IIS SMTP relay is in my DMZ Interface and my (1) Exchange server is on the Inside Interface of the firewall. I'm worried that our domain will start getting banned or black listed (I heard this happens) because we are being used as a relay point. This is the 2nd day it's been occuring and I need to get this fixed soon. If you can help, please let me know. Thanks. Jesse Rink [EMAIL PROTECTED] List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: My IIS SMTP is being used as a relay - need help stopping this
There was this one time at band, I thought I was a relay and I was not. It was really funny Kevinm M WLKMMAS, UCC+WCA, CKWSE -Original Message- From: Bob t. Berge [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 6:55 AM To: MS-Exchange Admin Issues Subject: RE: My IIS SMTP is being used as a relay - need help stopping this I think he _wants_ to be used as a relay ;) Cuz as far as i can tell, relaying is _not_ allowed on his server (I tried it myself). Bob ten Berge deVisie automatiseringsdiensten -Oorspronkelijk bericht- Van: Kevin Miller [mailto:[EMAIL PROTECTED]] Verzonden: woensdag 21 november 2001 15:41 Aan: MS-Exchange Admin Issues Onderwerp: RE: My IIS SMTP is being used as a relay - need help stopping this How do you know you are being used as a relay? Kevinm M WLKMMAS, UCC+WCA, CKWSE -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 6:35 AM To: MS-Exchange Admin Issues Subject: My IIS SMTP is being used as a relay - need help stopping this Well, after making sure my IIS 4.0 SMTP relay server was not infected by the NIMDA virus and applying all the MS01-044 IIS cumulative security bulletin, I am still being used as a relay point. The most confusing thing is: I can't understand how they are doing it because when I telnet into the IIS SMTP relay from HOME, it DOESN'T allow me to relay. The following shows up: 220-w-smtp01.whitnall.com Microsoft SMTP MAIL ready at Wed, 21 Nov 2001 08:16:19 -0600 Version: 5.5.1877.197.19 220 ESMTP spoken here At this point I try and type Helo me, Mail From:, or other commands, and they ALL fail with either a) a 550 error, b) no response. If on the other hand, I telnet into the SMTP relay from a PC here on the LAN I can issue Helo me, Mail From: or other commands and use it as a relay without problem. What I'm looking for is someone running IIS SMTP services to help me out here. My IIS SMTP relay is in my DMZ Interface and my (1) Exchange server is on the Inside Interface of the firewall. I'm worried that our domain will start getting banned or black listed (I heard this happens) because we are being used as a relay point. This is the 2nd day it's been occuring and I need to get this fixed soon. If you can help, please let me know. Thanks. Jesse Rink [EMAIL PROTECTED] List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: My IIS SMTP is being used as a relay - need help stopping this
Well, then I must modify my band camp scenario... : Kevinm M WLKMMAS, UCC+WCA, CKWSE -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 7:01 AM To: MS-Exchange Admin Issues Subject: RE: My IIS SMTP is being used as a relay - need help stopping this 3 reasons why I know (in order of finding them out) 1. The amount of incoming traffic on our T1 increased about 40x as of yesterday. 2. The # of messages in the IIS SMTP relay /queue directory is constantly around 1500 messages and are FROM: a domain that is not my domain (some dude sending hotmail.com messages about a porn site). 3. I went to www.abuse.net and used their smtp relay abuse test and the results showed that my server could be used as a relay. :) or should I say, :( heh.. Need help figuring out what to change in IIS SMTP now.. Thanks! How do you know you are being used as a relay? Kevinm M WLKMMAS, UCC+WCA, CKWSE -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 6:35 AM To: MS-Exchange Admin Issues Subject: My IIS SMTP is being used as a relay - need help stopping this Well, after making sure my IIS 4.0 SMTP relay server was not infected by the NIMDA virus and applying all the MS01-044 IIS cumulative security bulletin, I am still being used as a relay point. The most confusing thing is: I can't understand how they are doing it because when I telnet into the IIS SMTP relay from HOME, it DOESN'T allow me to relay. The following shows up: 220-w-smtp01.whitnall.com Microsoft SMTP MAIL ready at Wed, 21 Nov 2001 08:16:19 -0600 Version: 5.5.1877.197.19 220 ESMTP spoken here At this point I try and type Helo me, Mail From:, or other commands, and they ALL fail with either a) a 550 error, b) no response. If on the other hand, I telnet into the SMTP relay from a PC here on the LAN I can issue Helo me, Mail From: or other commands and use it as a relay without problem. What I'm looking for is someone running IIS SMTP services to help me out here. My IIS SMTP relay is in my DMZ Interface and my (1) Exchange server is on the Inside Interface of the firewall. I'm worried that our domain will start getting banned or black listed (I heard this happens) because we are being used as a relay point. This is the 2nd day it's been occuring and I need to get this fixed soon. If you can help, please let me know. Thanks. Jesse Rink [EMAIL PROTECTED] List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: My IIS SMTP is being used as a relay - need help stopping this
Heh, yeah... I guess so. Anyway, if you can lend a hand, please let me know. This is very frustrating. My queue is getting TONS of messages per minute from these spammers and I need to get it fixed as it's using up to about 30% of our incoming T1 bandwidth. Well, then I must modify my band camp scenario... : Kevinm M WLKMMAS, UCC+WCA, CKWSE -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 7:01 AM To: MS-Exchange Admin Issues Subject: RE: My IIS SMTP is being used as a relay - need help stopping this 3 reasons why I know (in order of finding them out) 1. The amount of incoming traffic on our T1 increased about 40x as of yesterday. 2. The # of messages in the IIS SMTP relay /queue directory is constantly around 1500 messages and are FROM: a domain that is not my domain (some dude sending hotmail.com messages about a porn site). 3. I went to www.abuse.net and used their smtp relay abuse test and the results showed that my server could be used as a relay. :) or should I say, :( heh.. Need help figuring out what to change in IIS SMTP now.. Thanks! How do you know you are being used as a relay? Kevinm M WLKMMAS, UCC+WCA, CKWSE -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 6:35 AM To: MS-Exchange Admin Issues Subject: My IIS SMTP is being used as a relay - need help stopping this Well, after making sure my IIS 4.0 SMTP relay server was not infected by the NIMDA virus and applying all the MS01-044 IIS cumulative security bulletin, I am still being used as a relay point. The most confusing thing is: I can't understand how they are doing it because when I telnet into the IIS SMTP relay from HOME, it DOESN'T allow me to relay. The following shows up: 220-w-smtp01.whitnall.com Microsoft SMTP MAIL ready at Wed, 21 Nov 2001 08:16:19 -0600 Version: 5.5.1877.197.19 220 ESMTP spoken here At this point I try and type Helo me, Mail From:, or other commands, and they ALL fail with either a) a 550 error, b) no response. If on the other hand, I telnet into the SMTP relay from a PC here on the LAN I can issue Helo me, Mail From: or other commands and use it as a relay without problem. What I'm looking for is someone running IIS SMTP services to help me out here. My IIS SMTP relay is in my DMZ Interface and my (1) Exchange server is on the Inside Interface of the firewall. I'm worried that our domain will start getting banned or black listed (I heard this happens) because we are being used as a relay point. This is the 2nd day it's been occuring and I need to get this fixed soon. If you can help, please let me know. Thanks. Jesse Rink [EMAIL PROTECTED] List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: My IIS SMTP is being used as a relay - need help stopping thi s
When was the last time you deleted the all of the emails in the queue directory, to see how many you are actually getting a day? Do you actually get 1500 new emails in the queue a day? Are the address that the spammer is sending to, internal addresses of your users, or external ones, or both? If the messages are in the queue directory, doesn't that may mean that they are being caught there and not being relayed? In which case you can edit the registry to limit the number of messages that the queue can hold (Q258748). This may also help your processor utilization, because it will quit trying to send these caught emails. Just ideas to look into. Doug -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 9:09 AM To: MS-Exchange Admin Issues Subject: RE: My IIS SMTP is being used as a relay - need help stopping this Heh, yeah... I guess so. Anyway, if you can lend a hand, please let me know. This is very frustrating. My queue is getting TONS of messages per minute from these spammers and I need to get it fixed as it's using up to about 30% of our incoming T1 bandwidth. Well, then I must modify my band camp scenario... : Kevinm M WLKMMAS, UCC+WCA, CKWSE -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 7:01 AM To: MS-Exchange Admin Issues Subject: RE: My IIS SMTP is being used as a relay - need help stopping this 3 reasons why I know (in order of finding them out) 1. The amount of incoming traffic on our T1 increased about 40x as of yesterday. 2. The # of messages in the IIS SMTP relay /queue directory is constantly around 1500 messages and are FROM: a domain that is not my domain (some dude sending hotmail.com messages about a porn site). 3. I went to www.abuse.net and used their smtp relay abuse test and the results showed that my server could be used as a relay. :) or should I say, :( heh.. Need help figuring out what to change in IIS SMTP now.. Thanks! How do you know you are being used as a relay? Kevinm M WLKMMAS, UCC+WCA, CKWSE -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 6:35 AM To: MS-Exchange Admin Issues Subject: My IIS SMTP is being used as a relay - need help stopping this Well, after making sure my IIS 4.0 SMTP relay server was not infected by the NIMDA virus and applying all the MS01-044 IIS cumulative security bulletin, I am still being used as a relay point. The most confusing thing is: I can't understand how they are doing it because when I telnet into the IIS SMTP relay from HOME, it DOESN'T allow me to relay. The following shows up: 220-w-smtp01.whitnall.com Microsoft SMTP MAIL ready at Wed, 21 Nov 2001 08:16:19 -0600 Version: 5.5.1877.197.19 220 ESMTP spoken here At this point I try and type Helo me, Mail From:, or other commands, and they ALL fail with either a) a 550 error, b) no response. If on the other hand, I telnet into the SMTP relay from a PC here on the LAN I can issue Helo me, Mail From: or other commands and use it as a relay without problem. What I'm looking for is someone running IIS SMTP services to help me out here. My IIS SMTP relay is in my DMZ Interface and my (1) Exchange server is on the Inside Interface of the firewall. I'm worried that our domain will start getting banned or black listed (I heard this happens) because we are being used as a relay point. This is the 2nd day it's been occuring and I need to get this fixed soon. If you can help, please let me know. Thanks. Jesse Rink [EMAIL PROTECTED] List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm ### This message has been scanned by F-Secure Anti-Virus for Microsoft Exchange. For more information, connect to http://www.F-Secure.com/ List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: My IIS SMTP is being used as a relay - need help stopping this
Again, as far as i see it, it is tons of _incoming_ mail... this, ofcourse, is not relaying, you're just being fscked by some brainless *sshole. Tell me, at what point is your mailserver allowing relaying according to abuse.net? I'll bet it's just the last one, if this is the case than you should stop worrying about being (ab)used for relaying, instead worry about someone mailbombing you. Also, you should be able to see where those e-mails are coming from. Are they all from the same host/mailserver? Bob ten Berge deVisie automatiseringsdiensten -Oorspronkelijk bericht- Van: Jesse Rink [mailto:[EMAIL PROTECTED]] Verzonden: woensdag 21 november 2001 16:09 Aan: MS-Exchange Admin Issues Onderwerp: RE: My IIS SMTP is being used as a relay - need help stopping this Heh, yeah... I guess so. Anyway, if you can lend a hand, please let me know. This is very frustrating. My queue is getting TONS of messages per minute from these spammers and I need to get it fixed as it's using up to about 30% of our incoming T1 bandwidth. Well, then I must modify my band camp scenario... : Kevinm M WLKMMAS, UCC+WCA, CKWSE -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 7:01 AM To: MS-Exchange Admin Issues Subject: RE: My IIS SMTP is being used as a relay - need help stopping this 3 reasons why I know (in order of finding them out) 1. The amount of incoming traffic on our T1 increased about 40x as of yesterday. 2. The # of messages in the IIS SMTP relay /queue directory is constantly around 1500 messages and are FROM: a domain that is not my domain (some dude sending hotmail.com messages about a porn site). 3. I went to www.abuse.net and used their smtp relay abuse test and the results showed that my server could be used as a relay. :) or should I say, :( heh.. Need help figuring out what to change in IIS SMTP now.. Thanks! How do you know you are being used as a relay? Kevinm M WLKMMAS, UCC+WCA, CKWSE -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 6:35 AM To: MS-Exchange Admin Issues Subject: My IIS SMTP is being used as a relay - need help stopping this Well, after making sure my IIS 4.0 SMTP relay server was not infected by the NIMDA virus and applying all the MS01-044 IIS cumulative security bulletin, I am still being used as a relay point. The most confusing thing is: I can't understand how they are doing it because when I telnet into the IIS SMTP relay from HOME, it DOESN'T allow me to relay. The following shows up: 220-w-smtp01.whitnall.com Microsoft SMTP MAIL ready at Wed, 21 Nov 2001 08:16:19 -0600 Version: 5.5.1877.197.19 220 ESMTP spoken here At this point I try and type Helo me, Mail From:, or other commands, and they ALL fail with either a) a 550 error, b) no response. If on the other hand, I telnet into the SMTP relay from a PC here on the LAN I can issue Helo me, Mail From: or other commands and use it as a relay without problem. What I'm looking for is someone running IIS SMTP services to help me out here. My IIS SMTP relay is in my DMZ Interface and my (1) Exchange server is on the Inside Interface of the firewall. I'm worried that our domain will start getting banned or black listed (I heard this happens) because we are being used as a relay point. This is the 2nd day it's been occuring and I need to get this fixed soon. If you can help, please let me know. Thanks. Jesse Rink [EMAIL PROTECTED] List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: My IIS SMTP is being used as a relay - need help stopping this
Block the IP at the router... Kevinm M WLKMMAS, UCC+WCA, CKWSE -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 7:09 AM To: MS-Exchange Admin Issues Subject: RE: My IIS SMTP is being used as a relay - need help stopping this Heh, yeah... I guess so. Anyway, if you can lend a hand, please let me know. This is very frustrating. My queue is getting TONS of messages per minute from these spammers and I need to get it fixed as it's using up to about 30% of our incoming T1 bandwidth. Well, then I must modify my band camp scenario... : Kevinm M WLKMMAS, UCC+WCA, CKWSE -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 7:01 AM To: MS-Exchange Admin Issues Subject: RE: My IIS SMTP is being used as a relay - need help stopping this 3 reasons why I know (in order of finding them out) 1. The amount of incoming traffic on our T1 increased about 40x as of yesterday. 2. The # of messages in the IIS SMTP relay /queue directory is constantly around 1500 messages and are FROM: a domain that is not my domain (some dude sending hotmail.com messages about a porn site). 3. I went to www.abuse.net and used their smtp relay abuse test and the results showed that my server could be used as a relay. :) or should I say, :( heh.. Need help figuring out what to change in IIS SMTP now.. Thanks! How do you know you are being used as a relay? Kevinm M WLKMMAS, UCC+WCA, CKWSE -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 6:35 AM To: MS-Exchange Admin Issues Subject: My IIS SMTP is being used as a relay - need help stopping this Well, after making sure my IIS 4.0 SMTP relay server was not infected by the NIMDA virus and applying all the MS01-044 IIS cumulative security bulletin, I am still being used as a relay point. The most confusing thing is: I can't understand how they are doing it because when I telnet into the IIS SMTP relay from HOME, it DOESN'T allow me to relay. The following shows up: 220-w-smtp01.whitnall.com Microsoft SMTP MAIL ready at Wed, 21 Nov 2001 08:16:19 -0600 Version: 5.5.1877.197.19 220 ESMTP spoken here At this point I try and type Helo me, Mail From:, or other commands, and they ALL fail with either a) a 550 error, b) no response. If on the other hand, I telnet into the SMTP relay from a PC here on the LAN I can issue Helo me, Mail From: or other commands and use it as a relay without problem. What I'm looking for is someone running IIS SMTP services to help me out here. My IIS SMTP relay is in my DMZ Interface and my (1) Exchange server is on the Inside Interface of the firewall. I'm worried that our domain will start getting banned or black listed (I heard this happens) because we are being used as a relay point. This is the 2nd day it's been occuring and I need to get this fixed soon. If you can help, please let me know. Thanks. Jesse Rink [EMAIL PROTECTED] List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: My IIS SMTP is being used as a relay - need help stopping thi---s
Actually, I'm getting more than 1500 per day left in the queue. Most eventually make it out and more new ones come into the queue. So it's like a revolving door. The addresses the spammer is sending to are all outside addresses. I have not seen one sent to whitnall.com yet. They all go to some other domain. As for limiting messages in the queue, good idea... but it still doesn't resolve the problem of the relay. It does however help my performance so thanks for the tip. :) When was the last time you deleted the all of the emails in the queue directory, to see how many you are actually getting a day? Do you actually get 1500 new emails in the queue a day? Are the address that the spammer is sending to, internal addresses of your users, or external ones, or both? If the messages are in the queue directory, doesn't that may mean that they are being caught there and not being relayed? In which case you can edit the registry to limit the number of messages that the queue can hold (Q258748). This may also help your processor utilization, because it will quit trying to send these caught emails. Just ideas to look into. Doug -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 9:09 AM To: MS-Exchange Admin Issues Subject: RE: My IIS SMTP is being used as a relay - need help stopping this Heh, yeah... I guess so. Anyway, if you can lend a hand, please let me know. This is very frustrating. My queue is getting TONS of messages per minute from these spammers and I need to get it fixed as it's using up to about 30% of our incoming T1 bandwidth. Well, then I must modify my band camp scenario... : Kevinm M WLKMMAS, UCC+WCA, CKWSE -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 7:01 AM To: MS-Exchange Admin Issues Subject: RE: My IIS SMTP is being used as a relay - need help stopping this 3 reasons why I know (in order of finding them out) 1. The amount of incoming traffic on our T1 increased about 40x as of yesterday. 2. The # of messages in the IIS SMTP relay /queue directory is constantly around 1500 messages and are FROM: a domain that is not my domain (some dude sending hotmail.com messages about a porn site). 3. I went to www.abuse.net and used their smtp relay abuse test and the results showed that my server could be used as a relay. :) or should I say, :( heh.. Need help figuring out what to change in IIS SMTP now.. Thanks! How do you know you are being used as a relay? Kevinm M WLKMMAS, UCC+WCA, CKWSE -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 6:35 AM To: MS-Exchange Admin Issues Subject: My IIS SMTP is being used as a relay - need help stopping this Well, after making sure my IIS 4.0 SMTP relay server was not infected by the NIMDA virus and applying all the MS01-044 IIS cumulative security bulletin, I am still being used as a relay point. The most confusing thing is: I can't understand how they are doing it because when I telnet into the IIS SMTP relay from HOME, it DOESN'T allow me to relay. The following shows up: 220-w-smtp01.whitnall.com Microsoft SMTP MAIL ready at Wed, 21 Nov 2001 08:16:19 -0600 Version: 5.5.1877.197.19 220 ESMTP spoken here At this point I try and type Helo me, Mail From:, or other commands, and they ALL fail with either a) a 550 error, b) no response. If on the other hand, I telnet into the SMTP relay from a PC here on the LAN I can issue Helo me, Mail From: or other commands and use it as a relay without problem. What I'm looking for is someone running IIS SMTP services to help me out here. My IIS SMTP relay is in my DMZ Interface and my (1) Exchange server is on the Inside Interface of the firewall. I'm worried that our domain will start getting banned or black listed (I heard this happens) because we are being used as a relay point. This is the 2nd day it's been occuring and I need to get this fixed soon. If you can help, please let me know. Thanks. Jesse Rink [EMAIL PROTECTED] List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm ### This message has been scanned by F-Secure Anti-Virus for Microsoft Exchange. For more information, connect to http://www.F-Secure.com/ List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: My IIS SMTP is being used as a relay - need help stopping this
Hey Bob, thanks for the reply! www.abuse.net told me I failed on TEST #1. I should also mention, the messages getting loaded into the queue are not destined for my domain nor originating from my domain. The are usually from hotmail.com accounts to various other domains (but not my domain whitnall.com) and contain porn links. So I think it is a relay issue. They are not ALL originating from the exact same email address, but they are all hotmail.com accounts. Again, as far as i see it, it is tons of _incoming_ mail... this, ofcourse, is not relaying, you're just being fscked by some brainless *sshole. Tell me, at what point is your mailserver allowing relaying according to abuse.net? I'll bet it's just the last one, if this is the case than you should stop worrying about being (ab)used for relaying, instead worry about someone mailbombing you. Also, you should be able to see where those e-mails are coming from. Are they all from the same host/mailserver? Bob ten Berge deVisie automatiseringsdiensten -Oorspronkelijk bericht- Van: Jesse Rink [mailto:[EMAIL PROTECTED]] Verzonden: woensdag 21 november 2001 16:09 Aan: MS-Exchange Admin Issues Onderwerp: RE: My IIS SMTP is being used as a relay - need=20 help stopping this =20 =20 Heh, yeah... I guess so. Anyway, if you can lend a hand,=20 please let me know. This is very frustrating. My queue is getting TONS of=20 messages per minute from these spammers and I need to get it fixed as it's=20 using up to about 30% of our incoming T1 bandwidth. =20 Well, then I must modify my band camp scenario... : =20 =20 Kevinm M WLKMMAS, UCC+WCA, CKWSE =20 =20 -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]]=20 Sent: Wednesday, November 21, 2001 7:01 AM To: MS-Exchange Admin Issues Subject: RE: My IIS SMTP is being used as a relay - need=20 help stopping this =20 =20 3 reasons why I know (in order of finding them out) =20 1. The amount of incoming traffic on our T1 increased about=20 40x as of yesterday. 2. The # of messages in the IIS SMTP relay=20 /queue directory is constantly around 1500 messages and are FROM: a domain=20 that is not my domain (some dude sending hotmail.com messages about a porn=20 site). 3. I went to www.abuse.net and used their smtp relay abuse test and the results showed that my server could be used as a relay. =20 :) or should I say, :( heh.. Need help figuring out what=20 to change in IIS SMTP now.. Thanks! =20 =20 How do you know you are being used as a relay? =20 Kevinm M WLKMMAS, UCC+WCA, CKWSE =20 =20 -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 6:35 AM To: MS-Exchange Admin Issues Subject: My IIS SMTP is being used as a relay - need help stopping this =20 =20 Well, after making sure my IIS 4.0 SMTP relay server was=20 not infected by the NIMDA virus and applying all the MS01-044 IIS cumulative=20 security bulletin, I am still being used as a relay point. =20 The most confusing thing is: I can't understand how they=20 are doing it because when I telnet into the IIS SMTP relay from HOME,=20 it DOESN'T=20 allow me to relay. The following shows up: =20 220-w-smtp01.whitnall.com Microsoft SMTP MAIL ready at=20 Wed, 21 Nov=20 2001 08:16:19 -0600 Version: 5.5.1877.197.19 220 ESMTP spoken here=20 =20 At this point I try and type Helo me, Mail From:, or other=20 commands, and they ALL fail with either a) a 550 error, b) no=20 response. =20 If on the other hand, I telnet into the SMTP relay from a=20 PC here on=20 the LAN I can issue Helo me, Mail From: or other=20 commands and use it as a relay without problem. =20 What I'm looking for is someone running IIS SMTP services=20 to help me=20 out here. My IIS SMTP relay is in my DMZ Interface and my (1)=20 Exchange server is on the Inside Interface of the firewall. I'm=20 worried that our domain will start getting banned or=20 black listed (I=20 heard this happens) because we are being used as a relay=20 point. This is the 2nd day it's been occuring and I need to get this=20 fixed soon. =20 If you can help, please let me know. Thanks. =20 Jesse Rink [EMAIL PROTECTED] =20 List Charter and FAQ at:=20 http://www.sunbelt-software.com/exchange_list_charter.htm =20 List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm =20 List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm =20 =20 List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: My IIS SMTP is being used as a relay - need help stopping this
I'm not sure where to find the source of the IP address where the emails are coming from. In addition, blocking that one IP doesn't stop others from using my IIS SMTP relay as a relay point, just that one address I believe so I need a more permanent fix. Thanks. Block the IP at the router... Kevinm M WLKMMAS, UCC+WCA, CKWSE -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 7:09 AM To: MS-Exchange Admin Issues Subject: RE: My IIS SMTP is being used as a relay - need help stopping this Heh, yeah... I guess so. Anyway, if you can lend a hand, please let me know. This is very frustrating. My queue is getting TONS of messages per minute from these spammers and I need to get it fixed as it's using up to about 30% of our incoming T1 bandwidth. Well, then I must modify my band camp scenario... : Kevinm M WLKMMAS, UCC+WCA, CKWSE -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 7:01 AM To: MS-Exchange Admin Issues Subject: RE: My IIS SMTP is being used as a relay - need help stopping this 3 reasons why I know (in order of finding them out) 1. The amount of incoming traffic on our T1 increased about 40x as of yesterday. 2. The # of messages in the IIS SMTP relay /queue directory is constantly around 1500 messages and are FROM: a domain that is not my domain (some dude sending hotmail.com messages about a porn site). 3. I went to www.abuse.net and used their smtp relay abuse test and the results showed that my server could be used as a relay. :) or should I say, :( heh.. Need help figuring out what to change in IIS SMTP now.. Thanks! How do you know you are being used as a relay? Kevinm M WLKMMAS, UCC+WCA, CKWSE -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 6:35 AM To: MS-Exchange Admin Issues Subject: My IIS SMTP is being used as a relay - need help stopping this Well, after making sure my IIS 4.0 SMTP relay server was not infected by the NIMDA virus and applying all the MS01-044 IIS cumulative security bulletin, I am still being used as a relay point. The most confusing thing is: I can't understand how they are doing it because when I telnet into the IIS SMTP relay from HOME, it DOESN'T allow me to relay. The following shows up: 220-w-smtp01.whitnall.com Microsoft SMTP MAIL ready at Wed, 21 Nov 2001 08:16:19 -0600 Version: 5.5.1877.197.19 220 ESMTP spoken here At this point I try and type Helo me, Mail From:, or other commands, and they ALL fail with either a) a 550 error, b) no response. If on the other hand, I telnet into the SMTP relay from a PC here on the LAN I can issue Helo me, Mail From: or other commands and use it as a relay without problem. What I'm looking for is someone running IIS SMTP services to help me out here. My IIS SMTP relay is in my DMZ Interface and my (1) Exchange server is on the Inside Interface of the firewall. I'm worried that our domain will start getting banned or black listed (I heard this happens) because we are being used as a relay point. This is the 2nd day it's been occuring and I need to get this fixed soon. If you can help, please let me know. Thanks. Jesse Rink [EMAIL PROTECTED] List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: My IIS SMTP is being used as a relay - need help stopping thi s
This article discusses setting up the SMTP service to relay, so there may be some hints in here http://support.microsoft.com/support/kb/articles/q230/2/35.asp -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 11:26 AM To: MS-Exchange Admin Issues Subject: RE: My IIS SMTP is being used as a relay - need help stopping this I'm not sure where to find the source of the IP address where the emails are coming from. In addition, blocking that one IP doesn't stop others from using my IIS SMTP relay as a relay point, just that one address I believe so I need a more permanent fix. Thanks. Block the IP at the router... Kevinm M WLKMMAS, UCC+WCA, CKWSE -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 7:09 AM To: MS-Exchange Admin Issues Subject: RE: My IIS SMTP is being used as a relay - need help stopping this Heh, yeah... I guess so. Anyway, if you can lend a hand, please let me know. This is very frustrating. My queue is getting TONS of messages per minute from these spammers and I need to get it fixed as it's using up to about 30% of our incoming T1 bandwidth. Well, then I must modify my band camp scenario... : Kevinm M WLKMMAS, UCC+WCA, CKWSE -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 7:01 AM To: MS-Exchange Admin Issues Subject: RE: My IIS SMTP is being used as a relay - need help stopping this 3 reasons why I know (in order of finding them out) 1. The amount of incoming traffic on our T1 increased about 40x as of yesterday. 2. The # of messages in the IIS SMTP relay /queue directory is constantly around 1500 messages and are FROM: a domain that is not my domain (some dude sending hotmail.com messages about a porn site). 3. I went to www.abuse.net and used their smtp relay abuse test and the results showed that my server could be used as a relay. :) or should I say, :( heh.. Need help figuring out what to change in IIS SMTP now.. Thanks! How do you know you are being used as a relay? Kevinm M WLKMMAS, UCC+WCA, CKWSE -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 6:35 AM To: MS-Exchange Admin Issues Subject: My IIS SMTP is being used as a relay - need help stopping this Well, after making sure my IIS 4.0 SMTP relay server was not infected by the NIMDA virus and applying all the MS01-044 IIS cumulative security bulletin, I am still being used as a relay point. The most confusing thing is: I can't understand how they are doing it because when I telnet into the IIS SMTP relay from HOME, it DOESN'T allow me to relay. The following shows up: 220-w-smtp01.whitnall.com Microsoft SMTP MAIL ready at Wed, 21 Nov 2001 08:16:19 -0600 Version: 5.5.1877.197.19 220 ESMTP spoken here At this point I try and type Helo me, Mail From:, or other commands, and they ALL fail with either a) a 550 error, b) no response. If on the other hand, I telnet into the SMTP relay from a PC here on the LAN I can issue Helo me, Mail From: or other commands and use it as a relay without problem. What I'm looking for is someone running IIS SMTP services to help me out here. My IIS SMTP relay is in my DMZ Interface and my (1) Exchange server is on the Inside Interface of the firewall. I'm worried that our domain will start getting banned or black listed (I heard this happens) because we are being used as a relay point. This is the 2nd day it's been occuring and I need to get this fixed soon. If you can help, please let me know. Thanks. Jesse Rink [EMAIL PROTECTED] List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: My IIS SMTP is being used as a relay - need help stopping thi---s
I've gone through this before and find it to be of little help. Unfortunately I cannot grasp how to allow relay for whitnall.com ONLY and not any other domain. I'm not sure whether I should use authentication or not, and if so, what type of authentication, etc. I need someone that has IIS SMTP running to lend a hand if possible. This article discusses setting up the SMTP service to relay, so there may be some hints in here http://support.microsoft.com/support/kb/articles/q230/2/35.asp -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 11:26 AM To: MS-Exchange Admin Issues Subject: RE: My IIS SMTP is being used as a relay - need help stopping this I'm not sure where to find the source of the IP address where the emails are coming from. In addition, blocking that one IP doesn't stop others from using my IIS SMTP relay as a relay point, just that one address I believe so I need a more permanent fix. Thanks. Block the IP at the router... Kevinm M WLKMMAS, UCC+WCA, CKWSE -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 7:09 AM To: MS-Exchange Admin Issues Subject: RE: My IIS SMTP is being used as a relay - need help stopping this Heh, yeah... I guess so. Anyway, if you can lend a hand, please let me know. This is very frustrating. My queue is getting TONS of messages per minute from these spammers and I need to get it fixed as it's using up to about 30% of our incoming T1 bandwidth. Well, then I must modify my band camp scenario... : Kevinm M WLKMMAS, UCC+WCA, CKWSE -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 7:01 AM To: MS-Exchange Admin Issues Subject: RE: My IIS SMTP is being used as a relay - need help stopping this 3 reasons why I know (in order of finding them out) 1. The amount of incoming traffic on our T1 increased about 40x as of yesterday. 2. The # of messages in the IIS SMTP relay /queue directory is constantly around 1500 messages and are FROM: a domain that is not my domain (some dude sending hotmail.com messages about a porn site). 3. I went to www.abuse.net and used their smtp relay abuse test and the results showed that my server could be used as a relay. :) or should I say, :( heh.. Need help figuring out what to change in IIS SMTP now.. Thanks! How do you know you are being used as a relay? Kevinm M WLKMMAS, UCC+WCA, CKWSE -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 6:35 AM To: MS-Exchange Admin Issues Subject: My IIS SMTP is being used as a relay - need help stopping this Well, after making sure my IIS 4.0 SMTP relay server was not infected by the NIMDA virus and applying all the MS01-044 IIS cumulative security bulletin, I am still being used as a relay point. The most confusing thing is: I can't understand how they are doing it because when I telnet into the IIS SMTP relay from HOME, it DOESN'T allow me to relay. The following shows up: 220-w-smtp01.whitnall.com Microsoft SMTP MAIL ready at Wed, 21 Nov 2001 08:16:19 -0600 Version: 5.5.1877.197.19 220 ESMTP spoken here At this point I try and type Helo me, Mail From:, or other commands, and they ALL fail with either a) a 550 error, b) no response. If on the other hand, I telnet into the SMTP relay from a PC here on the LAN I can issue Helo me, Mail From: or other commands and use it as a relay without problem. What I'm looking for is someone running IIS SMTP services to help me out here. My IIS SMTP relay is in my DMZ Interface and my (1) Exchange server is on the Inside Interface of the firewall. I'm worried that our domain will start getting banned or black listed (I heard this happens) because we are being used as a relay point. This is the 2nd day it's been occuring and I need to get this fixed soon. If you can help, please let me know. Thanks. Jesse Rink [EMAIL PROTECTED] List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: My IIS SMTP is being used as a relay - need help stopping this
http://www.exchangeadmin.com/Articles/Index.cfm?ArticleID=7696 did someone send you this? This was the easiest for me to understand... W. Andrew Philips Customer Service Manager Networks Plus Phone: (785) 587-4121 x202 (785) 267-6800 x202 Fax: (785) 565-2902 Email: mailto:[EMAIL PROTECTED] -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 8:35 AM To: MS-Exchange Admin Issues Subject: My IIS SMTP is being used as a relay - need help stopping this Well, after making sure my IIS 4.0 SMTP relay server was not infected by the NIMDA virus and applying all the MS01-044 IIS cumulative security bulletin, I am still being used as a relay point. The most confusing thing is: I can't understand how they are doing it because when I telnet into the IIS SMTP relay from HOME, it DOESN'T allow me to relay. The following shows up: 220-w-smtp01.whitnall.com Microsoft SMTP MAIL ready at Wed, 21 Nov 2001 08:16:19 -0600 Version: 5.5.1877.197.19 220 ESMTP spoken here At this point I try and type Helo me, Mail From:, or other commands, and they ALL fail with either a) a 550 error, b) no response. If on the other hand, I telnet into the SMTP relay from a PC here on the LAN I can issue Helo me, Mail From: or other commands and use it as a relay without problem. What I'm looking for is someone running IIS SMTP services to help me out here. My IIS SMTP relay is in my DMZ Interface and my (1) Exchange server is on the Inside Interface of the firewall. I'm worried that our domain will start getting banned or black listed (I heard this happens) because we are being used as a relay point. This is the 2nd day it's been occuring and I need to get this fixed soon. If you can help, please let me know. Thanks. Jesse Rink [EMAIL PROTECTED] List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm