[Dshield] Exchange Open Relay
dshield at oitc.com
Wed Feb 22 20:36:24 GMT 2006
At 11:53 AM -0800 2/22/06, Arthur Neville wrote:
> I posted before about how my domain is being whacked by Spam and
>how some users are contsantly getting hammered
> I checked our public facing email server to see if its an Open Relay....
> I was able to telnet into 25 and send mail from the outside hmmmmm
> We use an intranet and within that intranet there is windows
>integrated authenticated, we are using Outlook Web Access and
>Outlook Mobile Access for our smartphones
> I heard one of the WinAdmins speak about needing SMTP to
>communicate between the servers and that there are no open
>relay's.... duhhhh guess what
> I went to one of the sites that checks the site to see if it is on
>any DNSBNL's and voila we are on about 50 dnsbl's on the net.....
> Does that mean we have someone using our server as an open relay ???
> Or we have someone who has some bots on his box or boxes....
Could be all of the above and/or an open proxy. What do the DNSbl's say?
Exchange is notorious in coming out of the box as an open relay and
not a good network citizen in that it violates many RFCs (such as not
announcing itself with a FQDN, etc) if not configured.
More information about the list