Our e-mail being used as a relay..??

[cceng]

Not sure if that is the proper description or not, but here is the issue.

We have been seeing all kinds of e-mails hitting our firewall trying to get inside. The senders address is from different people and all being sent to different AOL accounts.

Why are these hitting us? I am able to keep them out and bounce them back but not sure why they are targeting us.

Any idea's?

 

[smugg]

I ran into this in my organization also. In our case, it was NIMDA traffic and eventually went away.

 

[cceng]

Thanks for the reply!

Does nimda actually know how to send e-mail to another domain even though the receipient is on a different domain?

 

[nelvinchi]

Have you got smtp mail rerouting turned on (required for POP3/IMAP)???
If so, you are being targeted because of this. This is known as open relaying. Spammers use open relays to send out mass mailings.
I suggest you stop rerouting smtp mail, unless you have pop3 users. If so, try tightening your routing security in IMS, or get your users to access by alternative means (Web access or VPN)

Cheers,
N.

 

[ShackDaddy]

Nimda was able to look through the temporary internet files cache and dig up email addresses it found in cached pages. That's why you had a lot of nimda traffic to 'sales@company.com' and 'webmaster@boink.net' and so forth.

As far as tightening routing security in the IMS, I've set a bunch of things up that should have blocked relaying, but it hasn't seemed to help. I forced users to authenticate, for example, but each day I have around 15 emails from '< >' originator that are sitting in my outbound queue because of a delivery failure. It's quite maddening.

ShackDaddy

 

[qilong]

I also facing the relay problem, I cant turn off the SMTP mail rerouting because we are using the POP3.

So, do i have any others options?
And how to tighten the routing security in IMS
Please give some advice.
Thanks.

 

[wwfilho]

I have a M$Exchange Server 5.5 that in some MAIL-ABUSE's test are open for relay. My Exchange are configured for POP3 users and I already tried everything to close my Exchange for relays.
I did all the issues of Technet but my server already accept messages to RCPT TO: abcd%domain.com for example.
There are way to block this server of spammers 100% ??

Thanks for your advance

Wellington

 

[terrellt]

This article explains how to stop the Spamming and also how to test to make sure that your not relaying.
Hope this helps.
Tom

http://schneider.technion.ac.il/Microsoft/Exchange/Relay.asp

 

[Hungster]

In some cases, yes Nimda virus could cause it.
i used Trend Micro's Nimda tool to fix it

i also noticed that those <> mail stuck in my outbound box seems to send mail to some where into China
i did a trace on it, so far i follow the Re-route SMTP suggested in

http://www.ordb.org

i sent a test to

http://www.ordb.org

and it came back of saying my relay is secured

still testing here and there

Hung

 

[Guest_imported]

http://schneider.technion.ac.il/Microsoft/Exchange/Relay.asp

I have the problem of spamming as well and I follows the article in the above link suggested and managed to stop the spamming, but I also facing the problem of prohibited relaying of our own outgoing email as well! Did I do something wrong? Or this is what actually the configuration mean? How can I configure it such a way that the server relay only incoming mail addressed to my GAL, and only relaying outgoing mail originated from one of our GAL?