[Dshield] Exchange Open Relay

Tom dshield at oitc.com
Wed Feb 22 20:36:24 GMT 2006


At 11:53 AM -0800 2/22/06, Arthur Neville wrote:
>Greetings
>   Q:
>   I posted before about how my domain is being whacked by Spam and 
>how some users are contsantly getting hammered
>   I checked our public facing email server to see if its an Open Relay....
>   I was able to telnet into 25 and send mail from the outside hmmmmm
>   We use an intranet and within that intranet there is windows 
>integrated authenticated, we are using Outlook Web Access and 
>Outlook Mobile Access for our smartphones
>   
>   I heard one of the WinAdmins speak about needing SMTP to 
>communicate between the servers and that there are no open 
>relay's.... duhhhh guess what
>   I went to one of the sites that checks the site to see if it is on 
>any DNSBNL's and voila we are on about 50 dnsbl's on the net.....
>   Does that mean we have someone using our server as an open relay ???
>   Or we have someone who has some bots on his box or boxes....
>

Could be all of the above and/or an open proxy.  What do the DNSbl's say?

Exchange is notorious in coming out of the box as an open relay and 
not a good network citizen in that it violates many RFCs (such as not 
announcing itself with a FQDN, etc) if not configured.

Tom




More information about the list mailing list