Exchange 5.5 relay

From: Joe Seal (joeseal@YAHOO.COM)
Date: 12/11/01


Date:         Mon, 10 Dec 2001 22:36:21 -0800
From: Joe Seal <joeseal@YAHOO.COM>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Team,

I am trying to find out how someone managed to use my
Exchange server as a relay for sending spam. I am
running Exchange 5.5 with service pack 4.0 . The only
thing this Exchange server does is act as a relay
point for an application. This server sits behind a
firewall. I looked at the firewall ACL and found that
the external IP address had SMTP traffic open to the
world. That answers the questions as to how they
managed to get SMTP access to the server. I have since
blocked this ACL.

What I don't understand is how MS Exchange Server 5.5
allowed the traffic to pass through? I specified by
host IP in Exchange what servers where allowed to
relay mail. How did someone manage to use my Exchange
server to spam without being on the list of allowed
servers? I noticed that 10,000 e-mails were stuck in
the que and I could not delete them. I uninstalled the
"Internet Mail" connector and re-installed, but the
backed up messages were still there? What directory
are these messages stored so I can delete them from
Windows Explorer? Any information provided is greatly
appreciated.

Thanks...JS

__________________________________________________
Do You Yahoo!?
Check out Yahoo! Shopping and Yahoo! Auctions for all of
your unique holiday gifts! Buy at http://shopping.yahoo.com
or bid at http://auctions.yahoo.com

============================================================================
Delivery co-sponsored by Trend Micro, Inc.
============================================================================
BEST-OF-BREED ANTIVIRUS SOLUTION FOR MICROSOFT EXCHANGE 2000
Earn 5% rebate on licenses purchased for Trend Micro ScanMail for
Microsoft Exchange 2000 between October 1 and November 16. ScanMail
ensures 100% scanning of inbound and outbound traffic and provides
remote software management. For program details or to download your
30-day FREE evaluation copy:
http://www.antivirus.com/banners/tracking.asp?si=53&bi=245&ul=http://www.a
ntivirus.com/smex2000_rebate



Relevant Pages

  • Re: Exchange issues
    ... Are you up to date on all your Service Packs, both Windows and Exchange? ... > all traffic on port 25 to the SBS Exhange server. ... I suspected SMTP relaying becuase ... > You should verify that the server really isn't an open relay: ...
    (microsoft.public.exchange2000.admin)
  • Re: Help! Being Used As A Relay
    ... Make sure that your Guest account is disabled. ... Installing malwares on the server that could enable me to ... Oh, remove Relay completely. ... address that exists in your org, your Exchange will deliver the mail. ...
    (microsoft.public.exchange.admin)
  • Re: Relay Question
    ... An open relay ... is an SMTP e-mail server that allows third-party relay of e-mail messages. ... Exchange 2003 is by default configured to prevent open relay. ... Microsoft does not control these sites ...
    (microsoft.public.windows.server.sbs)
  • Re: Exchange Disaster Recovery Server
    ... The backup server is setup also in the lab so I ... >>> The Microsoft Exchange Server computer is not available. ... >>> Microsoft Exchange Server Information Store ...
    (microsoft.public.exchange2000.admin)
  • Re: SMTP Relay Best Practice Question
    ... logging enabled on your Exchange server, and see what is happening when you ... MFP device attempts to relay. ... With such a configuration you can have an open relay ...
    (microsoft.public.exchange.admin)