Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: SMTP Troubles

  1. #1
    Junior Member
    Join Date
    Jan 2004
    Posts
    5

    SMTP Troubles

    I have a PIX 506e and I’m running Exchange 2003. I can see my queue filling up with messages from the postmaster (NDR’s trying to resend). I can see external connections on my SMTP virtual server. I’ve Googled spoofing and mail relays (ms Q310356). I’m coming up blank. I would appreciate it if someon e could point me in the right direction.

  2. #2
    I'm not that falimilar with exchange but if your trying to find out about open relays check www.ordb.org/ They have a faq concerning them.

  3. #3
    Senior Member
    Join Date
    Apr 2002
    Posts
    889

    Couple Things

    First it looks like the PIX may not be configured correctly and try to google Cisco on that one. Second it sounds like an open relay have you checked Exchange to make sure you did not change the default setting of allow no relays?. How about the virus scanners the latest MyDoom has it's own SMPT the connect may be from behind the firewall or some other spam bout or virus on an internal computer behind the firewall. Can you view or see in any interface of inbound and outbound traffic? A netstat -a will usually show that look there if you lack any other info.

    Peace
    I believe that one of the characteristics of the human race - possibly the one that is primarily responsible for its course of evolution - is that it has grown by creatively responding to failure.- Glen Seaborg

  4. #4
    Senior Member
    Join Date
    Apr 2002
    Posts
    889
    Oh an after thought also. By default Exchange gives you the default postmaster mail box. Well spammers love that one big time sort of rub it in your face thing. Anyway disable the account and do an alias for it if you must have it. Or pay Microsoft for Exchange spam blocking I have no idea what the license on that one costs. Anyway abuse seems to get less spam then administrator, admin, abuse but even those see their fair share of spam without a good spam scanner. One reason why I switch from Exchange this and the Store that will at some point take up all disk space on a server no matter how many emails are deleted well that was Exchange 5.5 maybe the fixed that one.
    I believe that one of the characteristics of the human race - possibly the one that is primarily responsible for its course of evolution - is that it has grown by creatively responding to failure.- Glen Seaborg

  5. #5
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    Originally posted here by Palemoon
    Oh an after thought also. By default Exchange gives you the default postmaster mail box. Well spammers love that one big time sort of rub it in your face thing. Anyway disable the account and do an alias for it if you must have it.
    I would not recommend ditching a postmaster@ address as it is required by
    RFC 2821

    Having an abuse@ address is also required by RFC 2142

    Both are a must have if following RFC's are important to ya..

    I have seen domains be email blacklisted for not having them in place.

  6. #6
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    this is a microsoft product were talking about RFCs be dammed (j/k). when you have an open relay, and as palemoon pointed out you have to go out of your way to enable it, you can expect to see 80 to 150 thousand or more messages passing threw your server. is that kinf of volume your talking about. on some days i get a few hundred caused by viruses on the internet and people that have our email address in their address book. how many are you seeing?
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  7. #7
    Senior Member
    Join Date
    Apr 2002
    Posts
    889
    Ok so let the state RFC your in notify me.. What Federal law says I must have these addys ss2cheif? Fact is all are there and if the email is ligit or not I'll see it..dah!
    I believe that one of the characteristics of the human race - possibly the one that is primarily responsible for its course of evolution - is that it has grown by creatively responding to failure.- Glen Seaborg

  8. #8
    Senior Member
    Join Date
    Apr 2002
    Posts
    889

    I'm tired

    Ok post master RFC response or email challange to s spam tag reads something like this.

    Tihs is an automated response our systems has failed to pass your email to the intended person. If you feel this is an error then plese contact.

    Name: oh make up a good one...don't use God they spam God also.
    Phone Number: area code- xxx-xxx ext:xxx
    No fax number because it gets unwanted faxes like our email system.


    In Short want to make the white list I get a call the old way of doing things confirm and even the phone call and the people that may answer are well versed in this is such and such I was sending a message to (go through A to Z) and it did not get through) Ah HELO this is suh and such from (some outside consulting company) what type of email system are you using? LOL sales people have to have it hard or spammers on cold calls.

    Peace

    P.S. Am old and found out long ago just cause it was new to me did not mean it was not unknown
    I believe that one of the characteristics of the human race - possibly the one that is primarily responsible for its course of evolution - is that it has grown by creatively responding to failure.- Glen Seaborg

  9. #9
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    Originally posted here by Palemoon
    Oh an after thought also. By default Exchange gives you the default postmaster mail box. Well spammers love that one big time sort of rub it in your face thing. Anyway disable the account and do an alias for it if you must have it. Or pay Microsoft for Exchange spam blocking I have no idea what the license on that one costs. Anyway abuse seems to get less spam then administrator, admin, abuse but even those see their fair share of spam without a good spam scanner. One reason why I switch from Exchange this and the Store that will at some point take up all disk space on a server no matter how many emails are deleted well that was Exchange 5.5 maybe the fixed that one.
    Palemoon- If you want to make the store smaller you have to run an offline defrag. This has been available since Exchange4. "edbutil" for early exchange, "eseutil" for current exchange.

    For the original problem. Mail relaying is turned off by default in Exchange2003. unless you turned on relaying for some reason you should not be an open relay. You also said you can see your outbound queue growing. This makes it seem to me like you have a huge amount of inbound spam coming into your system, and postmater is replying out to the other(probably bad) email addresses... You should expect your system to process a high number of NDR attempts because of SPAM on a daily basis.

    If you didn't change the default relaying, I wouldn't be to worried about it.

  10. #10
    Junior Member
    Join Date
    Jan 2004
    Posts
    5
    Spamdies I’ll check out the link.
    Tedob1
    The volume of messages I’ve not tracked. What I’m seeing are aprox. 250-400 NDR’s daily.

    Palemoon I’ll look at the PIX again. I didn’t setup the Exchange box but all the settings seem like the default’s. I just enabled recursive lookups, I only have 80 users I figure the server should be able to handle the extra load as long as the mail is legitimate. I can see multiple connections not associated with my domain any are smtp some are not (ports 1025, 43258, 43285, 43572, 43875, 44213, and 44511. That’s an eye opener.

    Mohaughn: What type of volume for NDR’s would seem unusual for 80 users?

    Thanks everyone. You all have helped me a great deal.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •