[Dshield] Exchange Open Relay

Arthur Neville ajnevman at yahoo.com
Thu Feb 23 16:54:49 GMT 2006


List here are the details of our setup......
  Exchange 2003
  Exchange server behind a firewall however we have an Internet address that users access via OWA that connects to our Exchange Servers
  We are running Symantec AV Enterprise along with Symantec Mail Security ( not configured properly obviously) actually Symantec mentioned that we have to go through some sort of config because of incompatibilities with the way Exchange handles SMTP 
  No Malware/ Spyware apps enterprise level just yet....
   
  Arthur

Kenton Smith <listsks at yahoo.ca> wrote:
  Can you give us some details? Like what version of
Exchange you're using and if it's behind a firewall,
using public IP's, if the machine has been doing other
strange things?
Just being on a blacklist doesn't necessarily mean
you're an open relay.

Kenton

--- Arthur Neville wrote:

> Greetings
> Q:
> I posted before about how my domain is being
> whacked by Spam and how some users are contsantly
> getting hammered
> I checked our public facing email server to see if
> its an Open Relay....
> I was able to telnet into 25 and send mail from
> the outside hmmmmm
> We use an intranet and within that intranet there
> is windows integrated authenticated, we are using
> Outlook Web Access and Outlook Mobile Access for our
> smartphones
> 
> I heard one of the WinAdmins speak about needing
> SMTP to communicate between the servers and that
> there are no open relay's.... duhhhh guess what
> I went to one of the sites that checks the site to
> see if it is on any DNSBNL's and voila we are on
> about 50 dnsbl's on the net.....
> Does that mean we have someone using our server as
> an open relay ???
> Or we have someone who has some bots on his box or
> boxes....
> 
> In any event....thats the scoopla, I am well
> versed in the art of reading so if you have some
> links or info that would be helpful that would be
> kewl
> thanks
> art
> 
> 
> 
> ---------------------------------
> Brings words and photos together (easily) with
> PhotoMail - it's free and works with Yahoo! Mail.
> _________________________________________
> Learn about Intrusion Detection in Depth from the
> comfort of your own couch:
> https://www.sans.org/athome/details.php?id=1341&d=1
> 
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or
> unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> 







__________________________________________________________ 
Find your next car at http://autos.yahoo.ca
_________________________________________
Learn about Intrusion Detection in Depth from the comfort of your own couch:
https://www.sans.org/athome/details.php?id=1341&d=1

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


More information about the list mailing list