[Dshield] Exchange Open Relay

Arthur Neville ajnevman at yahoo.com
Fri Feb 24 16:36:13 GMT 2006


Thanks to the list for your assist...... I now have some info to at least start my investigation
  Awesome 

Deb Hale <haled at pionet.net> wrote:
  Arthur - I believe you maybe. I am not sure what you used to find check,
but I recommend www.dnsstuff.com. They have a place to check to see if an
IP shows up in the spam databases. 

I am not sure what you are using. Is it MS Exchange? If it is there are
some good resources for securing your Exchange server. 

http://support.microsoft.com/kb/304897/en-us

http://support.microsoft.com/kb/895853/en-us

http://support.microsoft.com/kb/313395/en-us

These are just a few. There are many more at MS web site: 
http://support.microsoft.com/search/default.aspx?catalog=LCID%3D1033&ast=1%2
C2%2C3&spid=1760&mode=a&cat=false&kt=ALL&title=false&mdt=&pwt=False&comm=1&q
uery=open+relay&srch=sup

Hope this helps. Deb




-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Arthur Neville
Sent: Wednesday, February 22, 2006 1:53 PM
To: list at lists.dshield.org
Subject: [Dshield] Exchange Open Relay

Greetings
Q:
I posted before about how my domain is being whacked by Spam and how some
users are contsantly getting hammered
I checked our public facing email server to see if its an Open Relay....
I was able to telnet into 25 and send mail from the outside hmmmmm
We use an intranet and within that intranet there is windows integrated
authenticated, we are using Outlook Web Access and Outlook Mobile Access for
our smartphones

I heard one of the WinAdmins speak about needing SMTP to communicate
between the servers and that there are no open relay's.... duhhhh guess what
I went to one of the sites that checks the site to see if it is on any
DNSBNL's and voila we are on about 50 dnsbl's on the net.....
Does that mean we have someone using our server as an open relay ???
Or we have someone who has some bots on his box or boxes....

In any event....thats the scoopla, I am well versed in the art of reading
so if you have some links or info that would be helpful that would be kewl
thanks
art



---------------------------------
Brings words and photos together (easily) with PhotoMail - it's free and
works with Yahoo! Mail.
_________________________________________
Learn about Intrusion Detection in Depth from the comfort of your own couch:
https://www.sans.org/athome/details.php?id=1341&d=1

_______________________________________________
send all posts to list at lists.dshield.org To change your subscription options
(or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list

_________________________________________
Learn about Intrusion Detection in Depth from the comfort of your own couch:
https://www.sans.org/athome/details.php?id=1341&d=1

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list


		
---------------------------------
Brings words and photos together (easily) with
 PhotoMail  - it's free and works with Yahoo! Mail.


More information about the list mailing list