[Dshield] Exchange Open Relay

Dregier, Leo A. (CMS/CTR) Leo.Dregier at CMS.hhs.gov
Fri Feb 24 21:49:20 GMT 2006

I have had a similar situation where the ISP was using a Dynamic IP and
we were blacklisted because we were hosting a website and email with a
dynamic IP.

It was a small company using a residential connection.  Once we changed
to a static IP,  The problem was immediately resolved.


Leo A. Dregier III
Computer Security Incident Response Capability (CSIRC)
- Incident Response Team - Incident Response Lead 

Centers for Medicare & Medicaid Services
Lockheed Martin CITIC Security Team
desk: 443-348-4002
e-mail: Leo.Dregier at cms.hhs.gov 

The contents of this e-mail are confidential to the ordinary user of the
e-mail address to which it was addressed and may also be privileged. If
you are not the addressee of this e-mail you may not copy, forward,
disclose or otherwise use it or any part of it in any form whatsoever.
CMS does not accept responsibility for changes made to any e-mail after
sending.  If you have received this e-mail in error please e-mail the
sender by replying to this message.

-----Original Message-----
From: Kenton Smith [mailto:listsks at yahoo.ca] 
Sent: Wednesday, February 22, 2006 5:32 PM
To: General DShield Discussion List
Subject: Re: [Dshield] Exchange Open Relay

Can you give us some details? Like what version of
Exchange you're using and if it's behind a firewall,
using public IP's, if the machine has been doing other
strange things?
Just being on a blacklist doesn't necessarily mean
you're an open relay.


--- Arthur Neville <ajnevman at yahoo.com> wrote:

> Greetings
>   Q:
>   I posted before about how my domain is being
> whacked by Spam and how some users are contsantly
> getting hammered
>   I checked our public facing email server to see if
> its an Open Relay....
>   I was able to telnet into 25 and send mail from
> the outside hmmmmm
>   We use an intranet and within that intranet there
> is windows integrated authenticated, we are using
> Outlook Web Access and Outlook Mobile Access for our
> smartphones
>   I heard one of the WinAdmins speak about needing
> SMTP to communicate between the servers and that
> there are no open relay's.... duhhhh guess what
>   I went to one of the sites that checks the site to
> see if it is on any DNSBNL's and voila we are on
> about 50 dnsbl's on the net.....
>   Does that mean we have someone using our server as
> an open relay ???
>   Or we have someone who has some bots on his box or
> boxes....
>   In any event....thats the scoopla, I am well
> versed in the art of reading so if you have some
> links or info that would be helpful that would be
> kewl
>   thanks
>   art
> ---------------------------------
> Brings words and photos together (easily) with
>  PhotoMail  - it's free and works with Yahoo! Mail.
> _________________________________________
> Learn about Intrusion Detection in Depth from the
> comfort of your own couch:
> https://www.sans.org/athome/details.php?id=1341&d=1
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or
> unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list


Find your next car at http://autos.yahoo.ca

More information about the list mailing list