Educause Security Discussion mailing list archives
Re: Blacklisted as a Mail Relay - help!
From: "King, Dennis C." <dck22 () ALFRED EDU>
Date: Tue, 17 Feb 2004 15:15:24 -0500
We were doing exactly the same thing and sad to say with the same result. I was told by the operator of one of the blacklists that some spammers will run brute force password attacks until they get a valid one, then spam away. I believe that is what happened to us. Implementing a strong(er) password policy may be a solution. Dennis C King Information Security Officer IT Project Manager Alfred University McMahon 247 , Alfred, NY 14802 email: dck22 () alfred edu - phone: 607.871.2379 -----Original Message----- From: Barros, Jacob [mailto:jkbarros () GRACE EDU] Sent: Tuesday, February 17, 2004 3:05 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Blacklisted as a Mail Relay - help!
From our mail admin...
We're running Exchange 2000 server (SP3) running on Windows 2000 Server (SP4). In the Properties of the "Default SMTP Virtual Server" we changed the "Relay Restrictions" by checking the box that says "Allow all computers which successfully authenticate to relay, regardless of the list above." This allowed those students using POP3 to send messages to off-campus addresses using our Exchange server as their relay host. We have been running this way for several years without a problem. That is until about 2 weeks ago... All of a sudden we were being used as a relay host for a spammer. We've turned off all relay ability for the time being. -- We'd like to re-enable the 'authenticated' mail relaying but not if it continues to cause a problem. The best scenario would be to find who was using us and stop them. The first thing I did was check for viruses on the mail server. I didn't find any and there are no 'weird' process running that I can see. I'd like to find out if this is an internal or external problem. Is there any auditing I can set up on the Win2K box or in Exchange itself? Is there any specific type of traffic I can be watching for? This is over my head. Can anyone point me in a direction? Jake Barros Network Security Administrator Grace College 574-372-5100 x 6178 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Attachment:
smime.p7s
Description:
Current thread:
- Blacklisted as a Mail Relay - help! Barros, Jacob (Feb 17)
- <Possible follow-ups>
- Re: Blacklisted as a Mail Relay - help! King, Dennis C. (Feb 17)
- Re: Blacklisted as a Mail Relay - help! Wehner, Paul (wehnerpl) (Feb 17)