Exchange 2K open relay problems and @[192.1.1.1] 2

[JoeTech64]

We're running Ecxchange 2K with SP4 and last week we were
hit with thousands of unwanted spam, due to an open relay
problem on our server. Since then, we've changed our server's SMTP virtual server's setting: \Access\Relay, and
selected "only the list below" with the list blank and I
unchecked the "Allow all computers which successfully
authenticate to relay." I even tried re-checking this
option and still no success.

Our open relay seems to be resolved (Telnet test from the
outside did not open our ip) and our over flooded queue's
cleared. We reomved ourselves from black list sites, all
accept for one.

http://www.dsbl.org

wants to send us an email to postmaster@ourdomain.com or abuse@ourdomain.com, but is unable to due to an error, "confirmation email refused. Please fix your server to accept removal request mail."
Such email accounts do exist but still can't receive mail.
I can't figure out how to do this and hence, can't remove
our server from said black list.

Everything indicates all is well but we can not send or
receive any mail. Plus, any mail sent from the outside in,
does not get delivered or returned to original sender.

I've tried re-starting all the services with no success.
Does anyone have any suggestions on to what the problem(s)
could be?

Thanks in advance.

 

[STF26]

I think that this is an easy fix. (I maybe misunderstanding) Add the address abuse@ourdomain.com to your account or your admins account. The e-mail that you need to get will come in and you will be in good shape.

 

[TheBartman]

STF26 is correct. I had the same issue when we had an open relay.

Good luck

 

[JoeTech64]

You would think it's that simple, but it's not.

http://www.dsbl.org

wants to send mail to "postmaster@X.x.x.x." (x's represent our Public IP addy) rather then the domain itself. I've found an article on how to do this and I still have not had success.

http://dsbl.org/cgi-bin/ezmlm-brows...301&msgnum=3174&threadid=lbiojkffhphhjjohchaf

 

[STF26]

Which Account in your organization is setup as the postmaster?

 

[darren97]

either create a postmaster account or add to an existing account and go to e-mail addresses>new e-mail address. Select custom and type in an e-mail address of postmaster@[your exchange public ip address]Type smtp in the e-mail type box. Try sending an e-mail address to postmaster@exchange public ip address. It is important to use the brackets when specifying the address. I have just tried it on one of our clients servers, when I send an e-mail to postmaster@[x.x.x.x]it arrives at the administrators mailbox.
We had a nightmare with open relay a while back so if u need any more help, let me know.
BTW are you able to send/receive mail now?

 

[BruceB7]

You might have disabled Anonymous access on your virtual server, you will need this to receive mail via SMTP.
Have a look at this link for closing relay, it works perfectly.

http://www.msexchange.org/pages/article.asp?id=54

Good Luck

 

[PhilEvelyn]

Bruce. We are having a relay problem. I have checked through the document on the URL you gave and the setup of my E2K server follows that to the letter. However, I still have about another 7 queue's from various people that are using my server as a relay. However, when I try to telnet into port 25 it is blocked! How is that possible?

 

[crobin1]

PhilEvelyn, what exactly do you mean when you port 25 is blocked? Do you mean that you can't telnet to that port at all, or that you can telnet to it but not submit a message for relay?

It is possible that someone has compromised an account on your system. See thread858-713155 or thread858-657670 for more information on this.

 

[dixson]

Please refer to the thread thread181-27567

 

[PhilEvelyn]

Ok, I have looked at all the threads and talked to the engineer who is actually monitoring the exchange server and whilst the emails from the additionally created queues no longer get sent, new queues are still being added into the system.

I am told that we cannot prevent that from happening? Is this true, do I just have to wait for the spammers to get bored of their emails not being sent before they give up and go away?

 

[paul123456]

Yes it is true...you have to wait it out for all the ques to disappear..There is one thing you can do though. you can delete your log files in your database folder..but make sure you backup before you do that..microsoft does not recomend you do that

Thanks, PAUL

 

[dkediger]

Turn off NDRs to the internet as well. Another common spamming technique that does not require the spammer to have user access to your server.

 

[paul123456]

Indeed turn off all ndr..i think there is 3 in total.

Thanks, PAUL

 

[PhilEvelyn]

hmmm, god I hate to show complete ignorance but what is an NDR?

 

[JillofAllTrades]

NDR = Non-Delivery Reports - the messages sent back to the senders saying "Hey - user@ourdomain.com is not a valid address!"

Go to Exchange System Manager > Global Seettings > Internet Message Formats > Right-click on Default > select Properties > Advanced tab > uncheck Allow non-delivery reports.

Good luck!

 

[PhilEvelyn]

ahhhhhhhh, Thanks.

 

[VikingBrad]

Star to TKSAdmin. Nice to see someone helping by explaining how to turn NDRs off. I've had a number of emails sitting in my queues all trying to be returned to spammers.
I'm sure they are NDRs but couldn't find the setting under the SMTP Virtual Server, thanks for the advice

Cheers
VikingBrad

 

[EverquestAddict]

Wouldn't turning off NDR's be a bad thing for legitimate NDR's? NDR's help me pinpoint problems such as bad addresses, relaying, message queue is full, ect. Just a thought.

"I live in my own little world. But it's ok, they know me there"

 

[JillofAllTrades]

In a perfect world, NDR's are great. However, since 85% of my incoming mail is SPAM and my filter can't catch all of it, I have chosen to disable it. To each their own.

Christine