Secure Relay Issue (Being used as a relay)

Secure Relay Issue (Being used as a relay)

Post by Mike Hyslo » Thu, 11 Dec 2003 03:57:03


I have a server with exchange 2000, (sp2), windows 2000 advanced server
(sp3) and all current hot fixes installed.

I have not had a problem with relaying before, (I have secure relaying
turned on), the guest account is disabled, and has had the password changed,
the server passes all relay checks, and is most definately not an open
relay.

but it is an open relay and people can send spam through it... how?

I have got full logging on for log on / off, and I can't see people logging
on there (I can see the guest account being locked every 3 attempts)

I have got the SMTP server logging all data into its log files, and I can
see unsuccessful attempts to authenticate to the server, but no successful
ones, how is the spam getting thru my server, I'm rapidly running out of
ideas.

any ideas you guys?
 
 
 

Secure Relay Issue (Being used as a relay)

Post by Leif Peder » Thu, 11 Dec 2003 04:36:43

Hi,

Most likely a SMTP auth attack, see:
http://www.yqcomputer.com/

Leif

"Mike Hyslop" <mike[at]technetworks.co.youkay> skrev i en meddelelse

changed,
logging

 
 
 

Secure Relay Issue (Being used as a relay)

Post by Mike Hyslo » Thu, 11 Dec 2003 06:53:57

I have followed all that, no successful logon is recorded, but the relaying
only happens with 'allow relaying for computers who authenticate' turned on

the SMTP logs make it look like they try a few times then voila it lets them
thru..

very very odd.



can
successful
 
 
 

Secure Relay Issue (Being used as a relay)

Post by Karakas, G » Thu, 11 Dec 2003 18:15:16

_disable_ the guest account anyway, it might allow relaying.

http://www.yqcomputer.com/

Gyula Karakas
orf support
www.vamsoft.com/orf

"Mike Hyslop" <mike[at]technetworks.co.youkay> wrote
relaying
on
them
 
 
 

Secure Relay Issue (Being used as a relay)

Post by Mike Hyslo » Thu, 11 Dec 2003 18:38:47

the guest, is disabled, relaying is turned, and relay checks agree with
this, but still spam comes through the server, it doesn't even need to
authenticate, it just lets it through.

"Karakas, Gyula [Vamsoft]" < XXXX@XXXXX.COM > wrote in