Unknown emails - Microsoft Exchange

Hi,

You need to look at these outgoing mails. Are they coming from the outside
for external users?
If yes you are being used as a relay - see these articles:

http://www.msexchange.org/tutorials/MF005.html
http://www.vamsoft.com/authattack.asp

The mails from the postmaster are NDR's sent in response to spam mails sent
to non existing users on your server.

Leif


"itnewbie via WinServerKB.com" <u23362@uwe> wrote in message
news:696c817ea355f@uwe...
>I just recently checked my queue on my exchange server 2003 and I am seeing
> email's going out to unknown domains. I know that it is not someone from
> inside the company sending out the emails. I also noticed that there are
> alot
> of other emails tying to go out with the postmaster return address. I have
> checked and there is not unathorized access. I have seen some errors in my
> security log file (i.e. below). Can someone please give me some advise to
> see
> how I can stop this?
>
> Source Event ID Last Occurrence Total Occurrences
> Security 529 11/16/2006 11:12 PM 133 *
>
> Logon Failure:
> Reason: Unknown user name or bad password
> User Name: guest
> Domain: SERVER-HANCOCK
> Logon Type: 3
> Logon Process: NtLmSsp
> Authentication Package: NTLM
> Workstation Name: SERVER-HANCOCK
> Caller User Name: -
> Caller Domain: -
> Caller Logon ID: -
> Caller Process ID: -
> Transited Services: -
> Source Network Address: 66.122.129.50
> Source Port: 0
>
> --
> Message posted via WinServerKB.com
> http://www.winserverkb.com/Uwe/Forum...hange/200611/1
>

Hi Leif,

I don't know how to check and see if they are coming from the outside for
external users. When I check the Queue, I see email's pending to be delivered
to domains that I don't know. When I click on the domain and do a find
message, I can see the properties and that the postmaster@domain.com is on it.
I don't know who the email is addressed to. I also have an account at
www.mxtoolbox.com and it checks my server with several test to see if it is
up and running and if it is an open relay or not. I when I see the report it
is telling me that the server is not an open relay.

Do you know of anyother things I can do to stop the emails from coming from
my server? I don't want my server to be blacklisted.


Thanks,

Leif Pedersen [MVP] wrote:
>Hi,
>
>You need to look at these outgoing mails. Are they coming from the outside
>for external users?
>If yes you are being used as a relay - see these articles:
>
>http://www.msexchange.org/tutorials/MF005.html
>http://www.vamsoft.com/authattack.asp
>
>The mails from the postmaster are NDR's sent in response to spam mails sent
>to non existing users on your server.
>
>Leif
>
>>I just recently checked my queue on my exchange server 2003 and I am seeing
>> email's going out to unknown domains. I know that it is not someone from
>[quoted text clipped - 24 lines]
>> Source Network Address: 66.122.129.50
>> Source Port: 0

--
Message posted via WinServerKB.com
http://www.winserverkb.com/Uwe/Forum...hange/200611/1

Hi,

If the mails are sent from the postmaster user on your mail server they are
NDR's sent to spammers and should not get you blacklistet.

If you want to get rid of these you will need to implement some antispam
measures so that you don't get the spam mails into your system in the first
place.

Leif

"Joe via WinServerKB.com" <u23362@uwe> wrote in message
news:699fc3a7b06b0@uwe...
> Hi Leif,
>
> I don't know how to check and see if they are coming from the outside for
> external users. When I check the Queue, I see email's pending to be
> delivered
> to domains that I don't know. When I click on the domain and do a find
> message, I can see the properties and that the postmaster@domain.com is on
> it.
> I don't know who the email is addressed to. I also have an account at
> www.mxtoolbox.com and it checks my server with several test to see if it
> is
> up and running and if it is an open relay or not. I when I see the report
> it
> is telling me that the server is not an open relay.
>
> Do you know of anyother things I can do to stop the emails from coming
> from
> my server? I don't want my server to be blacklisted.
>
>
> Thanks,
>
> Leif Pedersen [MVP] wrote:
>>Hi,
>>
>>You need to look at these outgoing mails. Are they coming from the outside
>>for external users?
>>If yes you are being used as a relay - see these articles:
>>
>>http://www.msexchange.org/tutorials/MF005.html
>>http://www.vamsoft.com/authattack.asp
>>
>>The mails from the postmaster are NDR's sent in response to spam mails
>>sent
>>to non existing users on your server.
>>
>>Leif
>>
>>>I just recently checked my queue on my exchange server 2003 and I am
>>>seeing
>>> email's going out to unknown domains. I know that it is not someone from
>>[quoted text clipped - 24 lines]
>>> Source Network Address: 66.122.129.50
>>> Source Port: 0
>
> --
> Message posted via WinServerKB.com
> http://www.winserverkb.com/Uwe/Forum...hange/200611/1
>