[Dshield] Exchange Open Relay
Dregier, Leo A. (CMS/CTR)
Leo.Dregier at CMS.hhs.gov
Fri Feb 24 21:49:20 GMT 2006
I have had a similar situation where the ISP was using a Dynamic IP and
we were blacklisted because we were hosting a website and email with a
It was a small company using a residential connection. Once we changed
to a static IP, The problem was immediately resolved.
Leo A. Dregier III
Computer Security Incident Response Capability (CSIRC)
- Incident Response Team - Incident Response Lead
Centers for Medicare & Medicaid Services
Lockheed Martin CITIC Security Team
e-mail: Leo.Dregier at cms.hhs.gov
The contents of this e-mail are confidential to the ordinary user of the
e-mail address to which it was addressed and may also be privileged. If
you are not the addressee of this e-mail you may not copy, forward,
disclose or otherwise use it or any part of it in any form whatsoever.
CMS does not accept responsibility for changes made to any e-mail after
sending. If you have received this e-mail in error please e-mail the
sender by replying to this message.
From: Kenton Smith [mailto:listsks at yahoo.ca]
Sent: Wednesday, February 22, 2006 5:32 PM
To: General DShield Discussion List
Subject: Re: [Dshield] Exchange Open Relay
Can you give us some details? Like what version of
Exchange you're using and if it's behind a firewall,
using public IP's, if the machine has been doing other
Just being on a blacklist doesn't necessarily mean
you're an open relay.
--- Arthur Neville <ajnevman at yahoo.com> wrote:
> I posted before about how my domain is being
> whacked by Spam and how some users are contsantly
> getting hammered
> I checked our public facing email server to see if
> its an Open Relay....
> I was able to telnet into 25 and send mail from
> the outside hmmmmm
> We use an intranet and within that intranet there
> is windows integrated authenticated, we are using
> Outlook Web Access and Outlook Mobile Access for our
> I heard one of the WinAdmins speak about needing
> SMTP to communicate between the servers and that
> there are no open relay's.... duhhhh guess what
> I went to one of the sites that checks the site to
> see if it is on any DNSBNL's and voila we are on
> about 50 dnsbl's on the net.....
> Does that mean we have someone using our server as
> an open relay ???
> Or we have someone who has some bots on his box or
> In any event....thats the scoopla, I am well
> versed in the art of reading so if you have some
> links or info that would be helpful that would be
> Brings words and photos together (easily) with
> PhotoMail - it's free and works with Yahoo! Mail.
> Learn about Intrusion Detection in Depth from the
> comfort of your own couch:
> send all posts to list at lists.dshield.org
> To change your subscription options (or
> unsubscribe), see:
Find your next car at http://autos.yahoo.ca
More information about the list