RE: From NTbugtraq, but any thoughts for him ?
Hi, Struggle with the same thing before. It turn up there are some regitry keys need to verify first before the settings in "Routings" in IMS will work correctly. Do not know whether it is Microsoft fault or not, after all like Williams say it may be the Administrator's fault i.e. my fault. I may have change something before. The key to verify get from some text books, (only for Exchange 5.5) RelayFlags, RelayDenyLists, RelayAllowLists. Info from the following technet articles - Q193922. Ong LB Singapore -Original Message- From: David N Precht [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 12, 2001 1:38 AM To: MS-Exchange Admin Issues Subject: From NTbugtraq, but any thoughts for him ? Team, I am trying to find out how someone managed to use my Exchange server as a relay for sending spam. I am running Exchange 5.5 with service pack 4.0 . The only thing this Exchange server does is act as a relay point for an application. This server sits behind a firewall. I looked at the firewall ACL and found that the external IP address had SMTP traffic open to the world. That answers the questions as to how they managed to get SMTP access to the server. I have since blocked this ACL. What I don't understand is how MS Exchange Server 5.5 allowed the traffic to pass through? I specified by host IP in Exchange what servers where allowed to relay mail. How did someone manage to use my Exchange server to spam without being on the list of allowed servers? I noticed that 10,000 e-mails were stuck in the que and I could not delete them. I uninstalled the "Internet Mail" connector and re-installed, but the backed up messages were still there? What directory are these messages stored so I can delete them from Windows Explorer? Any information provided is greatly appreciated. Thanks...JS __ Do You Yahoo!? Check out Yahoo! Shopping and Yahoo! Auctions for all of your unique holiday gifts! Buy at http://shopping.yahoo.com or bid at http://auctions.yahoo.com List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: From NTbugtraq, but any thoughts for him ?
Yeah as far as the problem goes you are right but as far as solution to the problem given by you is wrong u better hire a good Exchange Admin who can atleast delete the bulk mail for you .if u cant find any try Monster.com or www.monster.co.in u will find loads of them. Sonu Singh "Lefkovics, William" To: "MS-Exchange Admin Issues" re.com> cc: 11/12/2001 11:24 Subject: RE: From NTbugtraq, PMbut any thoughts for him ? Please respond to "MS-Exchange Admin Issues" I read the original post on bugtraq. He blames Microsoft, and he may have a point, but I can't blame the vendor without eliminating admin error first (yes, personal experience). This isn't a sendmail box. You don't just go into windows explorer and delete things. William -Original Message- From: David N Precht [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 11, 2001 9:46 AM To: MS-Exchange Admin Issues Subject: RE: From NTbugtraq, but any thoughts for him ? William, I knew you or Martin, would come back with something like that. That is the precise reason I sent it ! (BTW, are you a comedian on the side or in a past life ?) Dave --- "Lefkovics, William" <[EMAIL PROTECTED]> wrote: > Yes. Hire an Exchange admin. > > > -Original Message- > From: David N Precht [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, December 11, 2001 9:38 AM > To: MS-Exchange Admin Issues > Subject: From NTbugtraq, but any thoughts for him ? > > > Team, > > I am trying to find out how someone managed to use > my > Exchange server as a relay for sending spam. I am > running Exchange 5.5 with service pack 4.0 . The > only > thing this Exchange server does is act as a relay > point for an application. This server sits behind a > firewall. I looked at the firewall ACL and found > that > the external IP address had SMTP traffic open to the > world. That answers the questions as to how they > managed to get SMTP access to the server. I have > since > blocked this ACL. > > What I don't understand is how MS Exchange Server > 5.5 > allowed the traffic to pass through? I specified by > host IP in Exchange what servers where allowed to > relay mail. How did someone manage to use my > Exchange > server to spam without being on the list of allowed > servers? I noticed that 10,000 e-mails were stuck in > the que and I could not delete them. I uninstalled > the > "Internet Mail" connector and re-installed, but the > backed up messages were still there? What directory > are these messages stored so I can delete them from > Windows Explorer? Any information provided is > greatly > appreciated. > > Thanks...JS > > __ > Do You Yahoo!? > Check out Yahoo! Shopping and Yahoo! Auctions for > all of > your unique holiday gifts! Buy at > http://shopping.yahoo.com > or bid at http://auctions.yahoo.com > > List Charter and FAQ at: > http://www.sunbelt-software.com/exchange_list_charter.htm > > List Charter and FAQ at: > http://www.sunbelt-software.com/exchange_list_charter.htm > __ Do You Yahoo!? Check out Yahoo! Shopping and Yahoo! Auctions for all of your unique holiday gifts! Buy at http://shopping.yahoo.com or bid at http://auctions.yahoo.com List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: From NTbugtraq, but any thoughts for him ?
Now that's not nice...lol -Original Message- From: David N Precht [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 11, 2001 11:13 AM To: MS-Exchange Admin Issues Subject: RE: From NTbugtraq, but any thoughts for him ? I-d- 10-t error ? --- "Lefkovics, William" <[EMAIL PROTECTED]> wrote: > I read the original post on bugtraq. > > He blames Microsoft, and he may have a point, but I > can't blame the vendor > without eliminating admin error first (yes, personal experience). > This isn't a sendmail box. You don't just go into > windows explorer and delete > things. > > William > > > > > -Original Message- > From: David N Precht [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, December 11, 2001 9:46 AM > To: MS-Exchange Admin Issues > Subject: RE: From NTbugtraq, but any thoughts for > him ? > > > William, > I knew you or Martin, would come back with something > like that. That is the precise reason I sent it ! > (BTW, are you a comedian on the side or in a past > life > ?) > > Dave > > > --- "Lefkovics, William" > <[EMAIL PROTECTED]> > wrote: > > Yes. Hire an Exchange admin. > > > > > > -Original Message- > > From: David N Precht > [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, December 11, 2001 9:38 AM > > To: MS-Exchange Admin Issues > > Subject: From NTbugtraq, but any thoughts for him > ? > > > > > > Team, > > > > I am trying to find out how someone managed to use > > my > > Exchange server as a relay for sending spam. I am > > running Exchange 5.5 with service pack 4.0 . The > > only > > thing this Exchange server does is act as a relay > > point for an application. This server sits behind > a > > firewall. I looked at the firewall ACL and found > > that > > the external IP address had SMTP traffic open to > the > > world. That answers the questions as to how they > > managed to get SMTP access to the server. I have > > since > > blocked this ACL. > > > > What I don't understand is how MS Exchange Server > > 5.5 > > allowed the traffic to pass through? I specified > by > > host IP in Exchange what servers where allowed to > > relay mail. How did someone manage to use my > > Exchange > > server to spam without being on the list of > allowed > > servers? I noticed that 10,000 e-mails were stuck > in > > the que and I could not delete them. I uninstalled > > the > > "Internet Mail" connector and re-installed, but > the > > backed up messages were still there? What > directory > > are these messages stored so I can delete them > from > > Windows Explorer? Any information provided is > > greatly > > appreciated. > > > > Thanks...JS > > > > __ > > Do You Yahoo!? > > Check out Yahoo! Shopping and Yahoo! Auctions for > > all of > > your unique holiday gifts! Buy at > > http://shopping.yahoo.com > > or bid at http://auctions.yahoo.com > > > > List Charter and FAQ at: > > > http://www.sunbelt-software.com/exchange_list_charter.htm > > > > List Charter and FAQ at: > > > http://www.sunbelt-software.com/exchange_list_charter.htm > > > > > __ > Do You Yahoo!? > Check out Yahoo! Shopping and Yahoo! Auctions for > all of > your unique holiday gifts! Buy at > http://shopping.yahoo.com > or bid at http://auctions.yahoo.com > > List Charter and FAQ at: > http://www.sunbelt-software.com/exchange_list_charter.htm > > List Charter and FAQ at: > http://www.sunbelt-software.com/exchange_list_charter.htm > __ Do You Yahoo!? Check out Yahoo! Shopping and Yahoo! Auctions for all of your unique holiday gifts! Buy at http://shopping.yahoo.com or bid at http://auctions.yahoo.com List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: From NTbugtraq, but any thoughts for him ?
Wasuppp!! -Original Message- From: David N Precht [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 11, 2001 9:46 AM To: MS-Exchange Admin Issues Subject: RE: From NTbugtraq, but any thoughts for him ? William, I knew you or Martin, would come back with something like that. That is the precise reason I sent it ! (BTW, are you a comedian on the side or in a past life ?) Dave --- "Lefkovics, William" <[EMAIL PROTECTED]> wrote: > Yes. Hire an Exchange admin. > > > -Original Message- > From: David N Precht [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, December 11, 2001 9:38 AM > To: MS-Exchange Admin Issues > Subject: From NTbugtraq, but any thoughts for him ? > > > Team, > > I am trying to find out how someone managed to use > my > Exchange server as a relay for sending spam. I am > running Exchange 5.5 with service pack 4.0 . The > only > thing this Exchange server does is act as a relay > point for an application. This server sits behind a > firewall. I looked at the firewall ACL and found > that > the external IP address had SMTP traffic open to the > world. That answers the questions as to how they > managed to get SMTP access to the server. I have > since > blocked this ACL. > > What I don't understand is how MS Exchange Server > 5.5 > allowed the traffic to pass through? I specified by > host IP in Exchange what servers where allowed to > relay mail. How did someone manage to use my > Exchange > server to spam without being on the list of allowed > servers? I noticed that 10,000 e-mails were stuck in > the que and I could not delete them. I uninstalled > the > "Internet Mail" connector and re-installed, but the > backed up messages were still there? What directory > are these messages stored so I can delete them from > Windows Explorer? Any information provided is > greatly > appreciated. > > Thanks...JS > > __ > Do You Yahoo!? > Check out Yahoo! Shopping and Yahoo! Auctions for > all of > your unique holiday gifts! Buy at > http://shopping.yahoo.com > or bid at http://auctions.yahoo.com > > List Charter and FAQ at: > http://www.sunbelt-software.com/exchange_list_charter.htm > > List Charter and FAQ at: > http://www.sunbelt-software.com/exchange_list_charter.htm > __ Do You Yahoo!? Check out Yahoo! Shopping and Yahoo! Auctions for all of your unique holiday gifts! Buy at http://shopping.yahoo.com or bid at http://auctions.yahoo.com List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: From NTbugtraq, but any thoughts for him ?
I-d- 10-t error ? --- "Lefkovics, William" <[EMAIL PROTECTED]> wrote: > I read the original post on bugtraq. > > He blames Microsoft, and he may have a point, but I > can't blame the vendor > without eliminating admin error first (yes, personal > experience). This > isn't a sendmail box. You don't just go into > windows explorer and delete > things. > > William > > > > > -Original Message- > From: David N Precht [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, December 11, 2001 9:46 AM > To: MS-Exchange Admin Issues > Subject: RE: From NTbugtraq, but any thoughts for > him ? > > > William, > I knew you or Martin, would come back with something > like that. That is the precise reason I sent it ! > (BTW, are you a comedian on the side or in a past > life > ?) > > Dave > > > --- "Lefkovics, William" > <[EMAIL PROTECTED]> > wrote: > > Yes. Hire an Exchange admin. > > > > > > -Original Message- > > From: David N Precht > [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, December 11, 2001 9:38 AM > > To: MS-Exchange Admin Issues > > Subject: From NTbugtraq, but any thoughts for him > ? > > > > > > Team, > > > > I am trying to find out how someone managed to use > > my > > Exchange server as a relay for sending spam. I am > > running Exchange 5.5 with service pack 4.0 . The > > only > > thing this Exchange server does is act as a relay > > point for an application. This server sits behind > a > > firewall. I looked at the firewall ACL and found > > that > > the external IP address had SMTP traffic open to > the > > world. That answers the questions as to how they > > managed to get SMTP access to the server. I have > > since > > blocked this ACL. > > > > What I don't understand is how MS Exchange Server > > 5.5 > > allowed the traffic to pass through? I specified > by > > host IP in Exchange what servers where allowed to > > relay mail. How did someone manage to use my > > Exchange > > server to spam without being on the list of > allowed > > servers? I noticed that 10,000 e-mails were stuck > in > > the que and I could not delete them. I uninstalled > > the > > "Internet Mail" connector and re-installed, but > the > > backed up messages were still there? What > directory > > are these messages stored so I can delete them > from > > Windows Explorer? Any information provided is > > greatly > > appreciated. > > > > Thanks...JS > > > > __ > > Do You Yahoo!? > > Check out Yahoo! Shopping and Yahoo! Auctions for > > all of > > your unique holiday gifts! Buy at > > http://shopping.yahoo.com > > or bid at http://auctions.yahoo.com > > > > List Charter and FAQ at: > > > http://www.sunbelt-software.com/exchange_list_charter.htm > > > > List Charter and FAQ at: > > > http://www.sunbelt-software.com/exchange_list_charter.htm > > > > > __ > Do You Yahoo!? > Check out Yahoo! Shopping and Yahoo! Auctions for > all of > your unique holiday gifts! Buy at > http://shopping.yahoo.com > or bid at http://auctions.yahoo.com > > List Charter and FAQ at: > http://www.sunbelt-software.com/exchange_list_charter.htm > > List Charter and FAQ at: > http://www.sunbelt-software.com/exchange_list_charter.htm > __ Do You Yahoo!? Check out Yahoo! Shopping and Yahoo! Auctions for all of your unique holiday gifts! Buy at http://shopping.yahoo.com or bid at http://auctions.yahoo.com List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: From NTbugtraq, but any thoughts for him ?
William, You did not answer my BTW question... Hmm... --- "Lefkovics, William" <[EMAIL PROTECTED]> wrote: > I read the original post on bugtraq. > > He blames Microsoft, and he may have a point, but I > can't blame the vendor > without eliminating admin error first (yes, personal > experience). This > isn't a sendmail box. You don't just go into > windows explorer and delete > things. > > William > > > > > -Original Message- > From: David N Precht [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, December 11, 2001 9:46 AM > To: MS-Exchange Admin Issues > Subject: RE: From NTbugtraq, but any thoughts for > him ? > > > William, > I knew you or Martin, would come back with something > like that. That is the precise reason I sent it ! > (BTW, are you a comedian on the side or in a past > life > ?) > > Dave > > > --- "Lefkovics, William" > <[EMAIL PROTECTED]> > wrote: > > Yes. Hire an Exchange admin. > > > > > > -Original Message- > > From: David N Precht > [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, December 11, 2001 9:38 AM > > To: MS-Exchange Admin Issues > > Subject: From NTbugtraq, but any thoughts for him > ? > > > > > > Team, > > > > I am trying to find out how someone managed to use > > my > > Exchange server as a relay for sending spam. I am > > running Exchange 5.5 with service pack 4.0 . The > > only > > thing this Exchange server does is act as a relay > > point for an application. This server sits behind > a > > firewall. I looked at the firewall ACL and found > > that > > the external IP address had SMTP traffic open to > the > > world. That answers the questions as to how they > > managed to get SMTP access to the server. I have > > since > > blocked this ACL. > > > > What I don't understand is how MS Exchange Server > > 5.5 > > allowed the traffic to pass through? I specified > by > > host IP in Exchange what servers where allowed to > > relay mail. How did someone manage to use my > > Exchange > > server to spam without being on the list of > allowed > > servers? I noticed that 10,000 e-mails were stuck > in > > the que and I could not delete them. I uninstalled > > the > > "Internet Mail" connector and re-installed, but > the > > backed up messages were still there? What > directory > > are these messages stored so I can delete them > from > > Windows Explorer? Any information provided is > > greatly > > appreciated. > > > > Thanks...JS > > > > __ > > Do You Yahoo!? > > Check out Yahoo! Shopping and Yahoo! Auctions for > > all of > > your unique holiday gifts! Buy at > > http://shopping.yahoo.com > > or bid at http://auctions.yahoo.com > > > > List Charter and FAQ at: > > > http://www.sunbelt-software.com/exchange_list_charter.htm > > > > List Charter and FAQ at: > > > http://www.sunbelt-software.com/exchange_list_charter.htm > > > > > __ > Do You Yahoo!? > Check out Yahoo! Shopping and Yahoo! Auctions for > all of > your unique holiday gifts! Buy at > http://shopping.yahoo.com > or bid at http://auctions.yahoo.com > > List Charter and FAQ at: > http://www.sunbelt-software.com/exchange_list_charter.htm > > List Charter and FAQ at: > http://www.sunbelt-software.com/exchange_list_charter.htm > __ Do You Yahoo!? Check out Yahoo! Shopping and Yahoo! Auctions for all of your unique holiday gifts! Buy at http://shopping.yahoo.com or bid at http://auctions.yahoo.com List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: From NTbugtraq, but any thoughts for him ?
I read the original post on bugtraq. He blames Microsoft, and he may have a point, but I can't blame the vendor without eliminating admin error first (yes, personal experience). This isn't a sendmail box. You don't just go into windows explorer and delete things. William -Original Message- From: David N Precht [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 11, 2001 9:46 AM To: MS-Exchange Admin Issues Subject: RE: From NTbugtraq, but any thoughts for him ? William, I knew you or Martin, would come back with something like that. That is the precise reason I sent it ! (BTW, are you a comedian on the side or in a past life ?) Dave --- "Lefkovics, William" <[EMAIL PROTECTED]> wrote: > Yes. Hire an Exchange admin. > > > -Original Message- > From: David N Precht [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, December 11, 2001 9:38 AM > To: MS-Exchange Admin Issues > Subject: From NTbugtraq, but any thoughts for him ? > > > Team, > > I am trying to find out how someone managed to use > my > Exchange server as a relay for sending spam. I am > running Exchange 5.5 with service pack 4.0 . The > only > thing this Exchange server does is act as a relay > point for an application. This server sits behind a > firewall. I looked at the firewall ACL and found > that > the external IP address had SMTP traffic open to the > world. That answers the questions as to how they > managed to get SMTP access to the server. I have > since > blocked this ACL. > > What I don't understand is how MS Exchange Server > 5.5 > allowed the traffic to pass through? I specified by > host IP in Exchange what servers where allowed to > relay mail. How did someone manage to use my > Exchange > server to spam without being on the list of allowed > servers? I noticed that 10,000 e-mails were stuck in > the que and I could not delete them. I uninstalled > the > "Internet Mail" connector and re-installed, but the > backed up messages were still there? What directory > are these messages stored so I can delete them from > Windows Explorer? Any information provided is > greatly > appreciated. > > Thanks...JS > > __ > Do You Yahoo!? > Check out Yahoo! Shopping and Yahoo! Auctions for > all of > your unique holiday gifts! Buy at > http://shopping.yahoo.com > or bid at http://auctions.yahoo.com > > List Charter and FAQ at: > http://www.sunbelt-software.com/exchange_list_charter.htm > > List Charter and FAQ at: > http://www.sunbelt-software.com/exchange_list_charter.htm > __ Do You Yahoo!? Check out Yahoo! Shopping and Yahoo! Auctions for all of your unique holiday gifts! Buy at http://shopping.yahoo.com or bid at http://auctions.yahoo.com List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: From NTbugtraq, but any thoughts for him ?
William, I knew you or Martin, would come back with something like that. That is the precise reason I sent it ! (BTW, are you a comedian on the side or in a past life ?) Dave --- "Lefkovics, William" <[EMAIL PROTECTED]> wrote: > Yes. Hire an Exchange admin. > > > -Original Message- > From: David N Precht [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, December 11, 2001 9:38 AM > To: MS-Exchange Admin Issues > Subject: From NTbugtraq, but any thoughts for him ? > > > Team, > > I am trying to find out how someone managed to use > my > Exchange server as a relay for sending spam. I am > running Exchange 5.5 with service pack 4.0 . The > only > thing this Exchange server does is act as a relay > point for an application. This server sits behind a > firewall. I looked at the firewall ACL and found > that > the external IP address had SMTP traffic open to the > world. That answers the questions as to how they > managed to get SMTP access to the server. I have > since > blocked this ACL. > > What I don't understand is how MS Exchange Server > 5.5 > allowed the traffic to pass through? I specified by > host IP in Exchange what servers where allowed to > relay mail. How did someone manage to use my > Exchange > server to spam without being on the list of allowed > servers? I noticed that 10,000 e-mails were stuck in > the que and I could not delete them. I uninstalled > the > "Internet Mail" connector and re-installed, but the > backed up messages were still there? What directory > are these messages stored so I can delete them from > Windows Explorer? Any information provided is > greatly > appreciated. > > Thanks...JS > > __ > Do You Yahoo!? > Check out Yahoo! Shopping and Yahoo! Auctions for > all of > your unique holiday gifts! Buy at > http://shopping.yahoo.com > or bid at http://auctions.yahoo.com > > List Charter and FAQ at: > http://www.sunbelt-software.com/exchange_list_charter.htm > > List Charter and FAQ at: > http://www.sunbelt-software.com/exchange_list_charter.htm > __ Do You Yahoo!? Check out Yahoo! Shopping and Yahoo! Auctions for all of your unique holiday gifts! Buy at http://shopping.yahoo.com or bid at http://auctions.yahoo.com List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: From NTbugtraq, but any thoughts for him ?
Yes. Hire an Exchange admin. -Original Message- From: David N Precht [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 11, 2001 9:38 AM To: MS-Exchange Admin Issues Subject: From NTbugtraq, but any thoughts for him ? Team, I am trying to find out how someone managed to use my Exchange server as a relay for sending spam. I am running Exchange 5.5 with service pack 4.0 . The only thing this Exchange server does is act as a relay point for an application. This server sits behind a firewall. I looked at the firewall ACL and found that the external IP address had SMTP traffic open to the world. That answers the questions as to how they managed to get SMTP access to the server. I have since blocked this ACL. What I don't understand is how MS Exchange Server 5.5 allowed the traffic to pass through? I specified by host IP in Exchange what servers where allowed to relay mail. How did someone manage to use my Exchange server to spam without being on the list of allowed servers? I noticed that 10,000 e-mails were stuck in the que and I could not delete them. I uninstalled the "Internet Mail" connector and re-installed, but the backed up messages were still there? What directory are these messages stored so I can delete them from Windows Explorer? Any information provided is greatly appreciated. Thanks...JS __ Do You Yahoo!? Check out Yahoo! Shopping and Yahoo! Auctions for all of your unique holiday gifts! Buy at http://shopping.yahoo.com or bid at http://auctions.yahoo.com List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm