Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

An actual NEW spam issue

Status
Not open for further replies.
MQCarpenter

MQCarpenter

MIS
Sep 26, 2001
61
US
Here is a new one....I think

I am using Exch 5.5 SP6

SMTP routing is enabled to my domain. Routing restrictions are set to authenticated users only.

Well....that is my problem.

We have 2 NICs. One lets mail in, and one let's it out (don't ask I didn't set it up) The spam is STILL passing (though in lower volume) because the 2nd NIC is available to spammers somehow. My telnet tests with mail-abuse.org fail on test 8 because it uses a valid hostname in the receipt (the hostname of the 2nd NIC). I can not find ANY documentation on this issue. Does anyone have any experience or ideas?? TIA
 
Sort by date Sort by votes
For example, the spam is passing through the system now in only one form: it show the "rcpt to" as

spammer@localhostXXX.mydomain.com (with my IP addy attached)

How can I stop this traffic??

TIA
 
Upvote 0 Downvote
Does that actually go through or get sent to your admin box as a failure to go through?

Is this really spam or real emails coming in to your box with return receipts on? They get fired back automatically but you can disallow them going out again as they weren't originated on your server.

Where did you get Exch 5.5 SP6 from?
 
Upvote 0 Downvote
NO. I am not getting failures. I am getting forwards from other admins who are receiving spam via our server. The header info shows that we are passing it to them, as well as the smtp tests I have run.

How can I specifically deny traffic that did not originate here? in connections on IMS?

I am sorry, I meant SP3....
 
Upvote 0 Downvote
OK. Check the IMC properties. On the routing tab, are you rerouting or not?
 
Upvote 0 Downvote
This may not be a feasable solution for you, but why don't you simply remove the second nic, or disable it, and let your firewall take care of the Network Address Translation and forward the email sent to your public IP to the Exchange server internally. That should resolve the problem.

I am assuming both nics in your Exchange server have public IP's? If so, that is a huge security risk. If not, why have two nics? If you have a good firewall you should be able to do what I describe above quite easily.

Ashley
 
Upvote 0 Downvote
Yes I am rerouting with the following restrictions:

Authenticated users and my host IP ranges...

Unfortunately Ashley, we are in a restructure project. We are replacing the firewall, as well as changing our IP scheme, so changes such as that are tough. The removal of the NIC is the best option, but I need to verify what exactly it is doing there in the first place.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DrB0b
  • Locked
  • Question
Issue removing large deleted items folder's contents
Replies
1
Views
2K
DrB0b
DrB0b
sreejay2211
  • Locked
  • Question
email issue
Replies
0
Views
2K
sreejay2211
sreejay2211
sreejay2211
  • Locked
  • Question
Group issue
Replies
0
Views
2K
sreejay2211
sreejay2211
sreejay2211
  • Locked
  • Question
0365 Group issue
Replies
0
Views
2K
sreejay2211
sreejay2211
david jackson
  • Locked
  • Question
Extract only the subject and recipients from a mailbox
Replies
0
Views
2K
david jackson
david jackson

Part and Inventory Search

Sponsor

Back
Top