Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Exchange 5.5 mail relay 1

Status
Not open for further replies.
Joelomatic

Joelomatic

Technical User
Feb 12, 2004
2
0
0
US
I am wondering if I am suffering some sort of mail relay. I am not open as a direct SMTP relay per the TelNet message relay test. I am concerned because I see messages flowing through my e-mail queue which have no ORIGINATOR address listed. Although the following example shows a delivery failure, some seem to succeed.

Here is a sample of the log entries that are giving me this concern:

1:39:30 event ID 2001
Delivery of message from in temporary file 1LYL7MFG was attempted to host(s) 80.189.94.100 (for breathwk.globalnet.co.uk) with 0 recipients delivered and 1 undeliverable.

1:39:29 event ID 4031
The following message could not be delivered to <562slcom@breathwk.globalnet.co.uk>. The destination server reported: 550 Unknown local part 562slcom in <562slcom@breathwk.globalnet.co.uk> From: <> Subject: Undeliverable: 90% discounts on Microsoft, Adobe, Autodesk, Corel software! vxdcaixnttrw

1:39:28 Event ID 2003
A new TCP/IP SMTP connection has been made to host 80.189.94.100 (for breathwk.globalnet.co.uk). Logfile: <none>

1:39:20 Event ID 2002 A message from <562slcom@breathwk.globalnet.co.uk> in temporary file C:\EXCHSRVR\imcdata\in\1LYL7MF1 was received from cs671058-13.houston.rr.com with 1 local recipients.


 
Sort by date Sort by votes
I've been told that the ones with no origionator are NDR's for the failed relay attempts.

Seems like everyone has them.

They bug me too because they get retried and retried.....
 
Upvote 0 Downvote
There is a new ( well new to me as I have never had this before ) attack on mail servers happening now called a reverse NDR attack, where the spammer puts the recipients email adress into 'from'and nothiong into 'to' to use the ndr to send the spam to the person.
In the queue you will see the originator as <>.
I have been trying to get rid of this for 3 days now and have only found an application that seems to be able to stop the email getting in in the first place. I too have relaying stopped (from threads on this site) and pass all tests. More info on this reverse ndr attack can be found
Hope this helps you out.

Yosh
 
Upvote 0 Downvote
Yosh,

This maybe far-fetched, but can you remember which threads you used to help stop relaying at your end?

Ryan
 
Upvote 0 Downvote
als have a look at this thread
thread10-764953 use advanced search and look for open relay.

a good place to test your relay is here it will just test and not list you if you happen to be open.

good luck and if you need a hand just ask.
 
Upvote 0 Downvote
try appriver.com its only $50/month but worth every penny of it. others will charge you and arm and a leg such as postini...etc.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

PatrickRoggers
  • Locked
  • Helpful tip
Safest Way to Import PST file into Exchange Online
Replies
0
Views
575
PatrickRoggers
PatrickRoggers
ComputersUnlimited
  • Locked
  • Question
Migrating to Exchange 2019
Replies
0
Views
528
ComputersUnlimited
ComputersUnlimited
Brent Fletcher
  • Locked
  • Question
Exchange rule to remove &quot;✉&quot; icon when it appears in a subject title from a supplier
Replies
0
Views
571
Brent Fletcher
Brent Fletcher
DrB0b
  • Locked
  • Question
Moved to 365 in cloud, cannot get iPhones default mail app to connect
Replies
2
Views
528
Priyanka_Chauhan
Priyanka_Chauhan
stanlyn
  • Locked
  • Question
How to do Certificates on MultiDomain Exchange with Least Cost
Replies
1
Views
529
Wesaf
Wesaf

Part and Inventory Search

Sponsor

Back
Top