Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Spontanious Email
- Thread starter Rock2447
- Start date
Hi,
Yes you can. Just fill it in in the top block on the Message Tracking Tool. You may still only get <> for the sender, but you should be able to see the recip.
We had a similar issue with an Unix sendmail function, where the sender was identified as <>.
Hope this helps a bit,
Wyz There is light at the end of the tunnel - oh wait! Is that a train?
Yes you can. Just fill it in in the top block on the Message Tracking Tool. You may still only get <> for the sender, but you should be able to see the recip.
We had a similar issue with an Unix sendmail function, where the sender was identified as <>.
Hope this helps a bit,
Wyz There is light at the end of the tunnel - oh wait! Is that a train?
- Thread starter
- #3
- Thread starter
- #4
Here is some off the message information if it helps
From: <>
To: hornyxgsmvycs@mail.de
Subject: Delivery Status Notification
Message ID: kJKqwZ1rI00000065@MailerServer.domain.com
It gets submitted every day at 8:13AM to Advanced Queing and then it goes through the normal message cycle but then gets dropped in the BadMail. This sounds oddly like a virus any ideas!!!
From: <>
To: hornyxgsmvycs@mail.de
Subject: Delivery Status Notification
Message ID: kJKqwZ1rI00000065@MailerServer.domain.com
It gets submitted every day at 8:13AM to Advanced Queing and then it goes through the normal message cycle but then gets dropped in the BadMail. This sounds oddly like a virus any ideas!!!
Could be like you are being relayed off?
It's from <> - typical spamming.
It's on it's way to some funny address. Hmmm.
Ordinarily, your system should reject (because the domain is not your doamin) it b4 it gets to be queuing.
Messages can go to BadMail when the system doesn't know where to send a NDR to.
I would confirm that your server is not an open relay.
RobbyB
It's from <> - typical spamming.
It's on it's way to some funny address. Hmmm.
Ordinarily, your system should reject (because the domain is not your doamin) it b4 it gets to be queuing.
Messages can go to BadMail when the system doesn't know where to send a NDR to.
I would confirm that your server is not an open relay.
RobbyB
- Thread starter
- #6
- Thread starter
- #8
I'll try:
Spammers are always looking for a way to get extra bandwidth without being detected. If they can connect to your server, they will send their mail through your server. This is not good because it increases traffic dramatically for you, and it looks as if you are the purveyor of the usual rubbish they send.
Out of the box, Exchange 2000 is spam proof, except if someone has inadvertently changed things on your Virtual SMTP Server.
You could check by telnetting to your server on port 25. You'll need to do this from a computer with an internet connection that is not part of your network.
Follow this link to see how to telnet to your server.
Then, whilst you are connected, try to send a message to a Hotmail account. If your server doesn't allow relaying, it will reply with words to that effect. If it accepts the hotmail address, then your server is an Open Relay.
RobbyB
Spammers are always looking for a way to get extra bandwidth without being detected. If they can connect to your server, they will send their mail through your server. This is not good because it increases traffic dramatically for you, and it looks as if you are the purveyor of the usual rubbish they send.
Out of the box, Exchange 2000 is spam proof, except if someone has inadvertently changed things on your Virtual SMTP Server.
You could check by telnetting to your server on port 25. You'll need to do this from a computer with an internet connection that is not part of your network.
Follow this link to see how to telnet to your server.
Then, whilst you are connected, try to send a message to a Hotmail account. If your server doesn't allow relaying, it will reply with words to that effect. If it accepts the hotmail address, then your server is an Open Relay.
RobbyB
- Thread starter
- #10
Mail gets transmitted along port 25. SMTP protocol chatters up and down port 25.
I reckon something along the lines of the below should return Exchange 2000 back to the default:
=======================
For your Default SMTP Virtual Server, Under relay, select 'Only the list below' and check 'Allow all computers which successfully auth..'.
Under access, the defaults are to place a check to the following:
*Anonymous Access
*Basic authentication
*Integrated Windows Authentication
If you've got an SMTP connector, then under Address Space, if you've got an * for an Address Space (the default), then DON'T check 'Allow messages to be relayed to these domains'.
===========================
But, make a note of your current settings, just in case
RobbyB
I reckon something along the lines of the below should return Exchange 2000 back to the default:
=======================
For your Default SMTP Virtual Server, Under relay, select 'Only the list below' and check 'Allow all computers which successfully auth..'.
Under access, the defaults are to place a check to the following:
*Anonymous Access
*Basic authentication
*Integrated Windows Authentication
If you've got an SMTP connector, then under Address Space, if you've got an * for an Address Space (the default), then DON'T check 'Allow messages to be relayed to these domains'.
===========================
But, make a note of your current settings, just in case
RobbyB
- Thread starter
- #12
OK. So it seems that your server is OK. Which is good!
How long has that message been returning to your queues? I must admit I'm not sure at this stage how it got into your system. That it ends up in BadMail is normal as I'll bet that hornyxgsmvycs@mail.de isn't a valid address.
At a guess, I'll say that <> sent a message to someone valid in your domain and that is how it got into your system. With a list of recipients, most mailservers would accept the message (because there was a valid recipient on the list) and relay on the message to other recipients.
I'm not sure how exchange 2000 would behave in this scenario, but this is maybe what has happened.
As Wyzard says, you won't be able to find out who <> is. Even if you could locate the message that went to one of your users, the header trail that you might obtain will likely be from servers that don't belong to the spammer.
It might be that, however it got in, it will time out within 48hrs. You can safely empty the contents of BadMail if you like.
Not much you can do.
I would still try and test your server to make sure that spammers can't relay off of it, anyway. Perhaps you can try this from a PC at home or somewhere.
Good Luck.
RobbyB
How long has that message been returning to your queues? I must admit I'm not sure at this stage how it got into your system. That it ends up in BadMail is normal as I'll bet that hornyxgsmvycs@mail.de isn't a valid address.
At a guess, I'll say that <> sent a message to someone valid in your domain and that is how it got into your system. With a list of recipients, most mailservers would accept the message (because there was a valid recipient on the list) and relay on the message to other recipients.
I'm not sure how exchange 2000 would behave in this scenario, but this is maybe what has happened.
As Wyzard says, you won't be able to find out who <> is. Even if you could locate the message that went to one of your users, the header trail that you might obtain will likely be from servers that don't belong to the spammer.
It might be that, however it got in, it will time out within 48hrs. You can safely empty the contents of BadMail if you like.
Not much you can do.
I would still try and test your server to make sure that spammers can't relay off of it, anyway. Perhaps you can try this from a PC at home or somewhere.
Good Luck.
RobbyB
- Thread starter
- #14
This is a dumb question but how can I connect to my exchange server from home with a Hardware firewall. I know that the mail has to have some way to get in and that the port 25 is open but how do I get through to the server from home. I know the firewall address but what good does that do me???
That's not a dumb question.
When you telnet, you'll telnet in on port 25. This port must already be open otherwise other mailservers won't be able to send you mail.
You won't need to know your firewall address. From home, you'll type in something like
telnet yourmailserver.domain.com 25
Where yourmailserver.domain.com is your email server, as described in DNS. (Unless mail for your domain goes to your ISP and is collected by your mailserver...).
Check out this link:
RobbyB
When you telnet, you'll telnet in on port 25. This port must already be open otherwise other mailservers won't be able to send you mail.
You won't need to know your firewall address. From home, you'll type in something like
telnet yourmailserver.domain.com 25
Where yourmailserver.domain.com is your email server, as described in DNS. (Unless mail for your domain goes to your ISP and is collected by your mailserver...).
Check out this link:
RobbyB
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question