Educause Security Discussion mailing list archives
Re: Blacklisted as a Mail Relay - help!
From: "Wehner, Paul (wehnerpl)" <WEHNERPL () UCMAIL UC EDU>
Date: Tue, 17 Feb 2004 15:31:22 -0500
Check the SMTP Connector config-go to the "Address Space" tab and make sure "Allow messages to be relayed to these domains" is *not* checked. If it is checked that means "Allow authenticated to relay" is over-ridden. http://www.msexchange.org/pages/article.asp?id=54 http://www.jsiinc.com/SUBJ/tip4800/rh4881.htm http://www.spamabuse.org/content_PreventUnsolicitedE-MailinExchange2000.htm Paul Wehner Mail Administrator University of Cincinnati -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Barros, Jacob Sent: Tuesday, February 17, 2004 3:05 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Blacklisted as a Mail Relay - help!
From our mail admin...
We're running Exchange 2000 server (SP3) running on Windows 2000 Server (SP4). In the Properties of the "Default SMTP Virtual Server" we changed the "Relay Restrictions" by checking the box that says "Allow all computers which successfully authenticate to relay, regardless of the list above." This allowed those students using POP3 to send messages to off-campus addresses using our Exchange server as their relay host. We have been running this way for several years without a problem. That is until about 2 weeks ago... All of a sudden we were being used as a relay host for a spammer. We've turned off all relay ability for the time being. -- We'd like to re-enable the 'authenticated' mail relaying but not if it continues to cause a problem. The best scenario would be to find who was using us and stop them. The first thing I did was check for viruses on the mail server. I didn't find any and there are no 'weird' process running that I can see. I'd like to find out if this is an internal or external problem. Is there any auditing I can set up on the Win2K box or in Exchange itself? Is there any specific type of traffic I can be watching for? This is over my head. Can anyone point me in a direction? Jake Barros Network Security Administrator Grace College 574-372-5100 x 6178 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Blacklisted as a Mail Relay - help! Barros, Jacob (Feb 17)
- <Possible follow-ups>
- Re: Blacklisted as a Mail Relay - help! King, Dennis C. (Feb 17)
- Re: Blacklisted as a Mail Relay - help! Wehner, Paul (wehnerpl) (Feb 17)