relay

TheMSsForum.com: The Microsoft Software Forum

Hi,

Running SBS2K, our server seems to been infiltrated and attempted to be used
as a relay - thankfully EX2K won't let it - but everything fell over as C
Drive was already in need of room and all the mail in the badmail folder
made it an unhappy person.
So - I'm running ISA, Exchange is setup to not allow relays... how can I
make it so people can't even access the server to get this far.
I also want it so in the mean time if they try, my badmail won't fill up as
well -

Thanks heaps :)

Marek
Top

Re: relay by Henry

Henry
Thu Oct 23 03:49:47 CDT 2003

So how are they getting In ?
Have you correctly configured ISA ??
Closed all Un-necessary Ports ?
What port's have you left open ??
Disabled the Guest Account ?
Using Complex Passwords ??
Who are you allowing to Dial-In ?
Scanned the Network for Trojans ??

What is the gist of the mail in the Badmail Folder ???

--
Henry Craven
------------------
31 Oct = 25 Dec


"Marek" <nospam@spam.spam> wrote in message
news:jGLlb.187755$JA5.4672637@news.xtra.co.nz...
> Hi,
>
> Running SBS2K, our server seems to been infiltrated and attempted to
be used
> as a relay - thankfully EX2K won't let it - but everything fell over
as C
> Drive was already in need of room and all the mail in the badmail
folder
> made it an unhappy person.
> So - I'm running ISA, Exchange is setup to not allow relays... how can
I
> make it so people can't even access the server to get this far.
> I also want it so in the mean time if they try, my badmail won't fill
up as
> well -
>
> Thanks heaps :)
>
> Marek
>
>


Top

Re: relay by Marek

Marek
Thu Oct 23 04:33:07 CDT 2003

OK - new twist
After reading the mail in the badmail folder - and extensively checking my
server - i'm not relay :

All the messages are to 3x people x y & z @mydomain.co.nz
All the messages are NDR's from other places - saying the email address we
sent mail to isn't valid.

So this suggests someone has spammed all these people - but used my domain
name as their reply addresses...

So how do i stop that?!



"Henry Craven" <IUnknown@d.com> wrote in message
news:OVW2OJUmDHA.1960@TK2MSFTNGP12.phx.gbl...
> So how are they getting In ?
> Have you correctly configured ISA ??
> Closed all Un-necessary Ports ?
> What port's have you left open ??
> Disabled the Guest Account ?
> Using Complex Passwords ??
> Who are you allowing to Dial-In ?
> Scanned the Network for Trojans ??
>
> What is the gist of the mail in the Badmail Folder ???
>
> --
> Henry Craven
> ------------------
> 31 Oct = 25 Dec
>
>
> "Marek" <nospam@spam.spam> wrote in message
> news:jGLlb.187755$JA5.4672637@news.xtra.co.nz...
> > Hi,
> >
> > Running SBS2K, our server seems to been infiltrated and attempted to
> be used
> > as a relay - thankfully EX2K won't let it - but everything fell over
> as C
> > Drive was already in need of room and all the mail in the badmail
> folder
> > made it an unhappy person.
> > So - I'm running ISA, Exchange is setup to not allow relays... how can
> I
> > make it so people can't even access the server to get this far.
> > I also want it so in the mean time if they try, my badmail won't fill
> up as
> > well -
> >
> > Thanks heaps :)
> >
> > Marek
> >
> >
>
>


Top

Re: relay by Henry

Henry
Thu Oct 23 04:50:02 CDT 2003

That's known in the trade as a "Joe Job".
Nothing you can do about it outside changing your domain name.
Just Schedule a batch file to clean out the Badmail Folder on a regular
basis.

--
Henry Craven
---------------
42

"Marek" <nospam@spam.spam> wrote in message
news:kfNlb.187836$JA5.4674203@news.xtra.co.nz...
> OK - new twist
> After reading the mail in the badmail folder - and extensively
checking my
> server - i'm not relay :
>
> All the messages are to 3x people x y & z @mydomain.co.nz
> All the messages are NDR's from other places - saying the email
address we
> sent mail to isn't valid.
>
> So this suggests someone has spammed all these people - but used my
domain
> name as their reply addresses...
>
> So how do i stop that?!
>
>
>
> "Henry Craven" <IUnknown@d.com> wrote in message
> news:OVW2OJUmDHA.1960@TK2MSFTNGP12.phx.gbl...
> > So how are they getting In ?
> > Have you correctly configured ISA ??
> > Closed all Un-necessary Ports ?
> > What port's have you left open ??
> > Disabled the Guest Account ?
> > Using Complex Passwords ??
> > Who are you allowing to Dial-In ?
> > Scanned the Network for Trojans ??
> >
> > What is the gist of the mail in the Badmail Folder ???
> >
> > --
> > Henry Craven
> > ------------------
> > 31 Oct = 25 Dec
> >
> >
> > "Marek" <nospam@spam.spam> wrote in message
> > news:jGLlb.187755$JA5.4672637@news.xtra.co.nz...
> > > Hi,
> > >
> > > Running SBS2K, our server seems to been infiltrated and attempted
to
> > be used
> > > as a relay - thankfully EX2K won't let it - but everything fell
over
> > as C
> > > Drive was already in need of room and all the mail in the badmail
> > folder
> > > made it an unhappy person.
> > > So - I'm running ISA, Exchange is setup to not allow relays... how
can
> > I
> > > make it so people can't even access the server to get this far.
> > > I also want it so in the mean time if they try, my badmail won't
fill
> > up as
> > > well -
> > >
> > > Thanks heaps :)
> > >
> > > Marek
> > >
> > >
> >
> >
>
>


Top

Re: relay by Marek

Marek
Thu Oct 23 04:49:56 CDT 2003

That's just not nice...!



"Henry Craven" <IUnknown@d.com> wrote in message
news:eIRP7qUmDHA.2820@TK2MSFTNGP10.phx.gbl...
> That's known in the trade as a "Joe Job".
> Nothing you can do about it outside changing your domain name.
> Just Schedule a batch file to clean out the Badmail Folder on a regular
> basis.
>
> --
> Henry Craven
> ---------------
> 42
>
> "Marek" <nospam@spam.spam> wrote in message
> news:kfNlb.187836$JA5.4674203@news.xtra.co.nz...
> > OK - new twist
> > After reading the mail in the badmail folder - and extensively
> checking my
> > server - i'm not relay :
> >
> > All the messages are to 3x people x y & z @mydomain.co.nz
> > All the messages are NDR's from other places - saying the email
> address we
> > sent mail to isn't valid.
> >
> > So this suggests someone has spammed all these people - but used my
> domain
> > name as their reply addresses...
> >
> > So how do i stop that?!
> >
> >
> >
> > "Henry Craven" <IUnknown@d.com> wrote in message
> > news:OVW2OJUmDHA.1960@TK2MSFTNGP12.phx.gbl...
> > > So how are they getting In ?
> > > Have you correctly configured ISA ??
> > > Closed all Un-necessary Ports ?
> > > What port's have you left open ??
> > > Disabled the Guest Account ?
> > > Using Complex Passwords ??
> > > Who are you allowing to Dial-In ?
> > > Scanned the Network for Trojans ??
> > >
> > > What is the gist of the mail in the Badmail Folder ???
> > >
> > > --
> > > Henry Craven
> > > ------------------
> > > 31 Oct = 25 Dec
> > >
> > >
> > > "Marek" <nospam@spam.spam> wrote in message
> > > news:jGLlb.187755$JA5.4672637@news.xtra.co.nz...
> > > > Hi,
> > > >
> > > > Running SBS2K, our server seems to been infiltrated and attempted
> to
> > > be used
> > > > as a relay - thankfully EX2K won't let it - but everything fell
> over
> > > as C
> > > > Drive was already in need of room and all the mail in the badmail
> > > folder
> > > > made it an unhappy person.
> > > > So - I'm running ISA, Exchange is setup to not allow relays... how
> can
> > > I
> > > > make it so people can't even access the server to get this far.
> > > > I also want it so in the mean time if they try, my badmail won't
> fill
> > > up as
> > > > well -
> > > >
> > > > Thanks heaps :)
> > > >
> > > > Marek
> > > >
> > > >
> > >
> > >
> >
> >
>
>


Top

Re: relay by Marek

Marek
Thu Oct 23 04:51:21 CDT 2003

If i take the entry out for a badmail folder - as in have nothing in the
field where it wants one - will it just not generate the reports or will it
break things... i.e. i'd rather have no folder for the time being...



"Henry Craven" <IUnknown@d.com> wrote in message
news:eIRP7qUmDHA.2820@TK2MSFTNGP10.phx.gbl...
> That's known in the trade as a "Joe Job".
> Nothing you can do about it outside changing your domain name.
> Just Schedule a batch file to clean out the Badmail Folder on a regular
> basis.
>
> --
> Henry Craven
> ---------------
> 42
>
> "Marek" <nospam@spam.spam> wrote in message
> news:kfNlb.187836$JA5.4674203@news.xtra.co.nz...
> > OK - new twist
> > After reading the mail in the badmail folder - and extensively
> checking my
> > server - i'm not relay :
> >
> > All the messages are to 3x people x y & z @mydomain.co.nz
> > All the messages are NDR's from other places - saying the email
> address we
> > sent mail to isn't valid.
> >
> > So this suggests someone has spammed all these people - but used my
> domain
> > name as their reply addresses...
> >
> > So how do i stop that?!
> >
> >
> >
> > "Henry Craven" <IUnknown@d.com> wrote in message
> > news:OVW2OJUmDHA.1960@TK2MSFTNGP12.phx.gbl...
> > > So how are they getting In ?
> > > Have you correctly configured ISA ??
> > > Closed all Un-necessary Ports ?
> > > What port's have you left open ??
> > > Disabled the Guest Account ?
> > > Using Complex Passwords ??
> > > Who are you allowing to Dial-In ?
> > > Scanned the Network for Trojans ??
> > >
> > > What is the gist of the mail in the Badmail Folder ???
> > >
> > > --
> > > Henry Craven
> > > ------------------
> > > 31 Oct = 25 Dec
> > >
> > >
> > > "Marek" <nospam@spam.spam> wrote in message
> > > news:jGLlb.187755$JA5.4672637@news.xtra.co.nz...
> > > > Hi,
> > > >
> > > > Running SBS2K, our server seems to been infiltrated and attempted
> to
> > > be used
> > > > as a relay - thankfully EX2K won't let it - but everything fell
> over
> > > as C
> > > > Drive was already in need of room and all the mail in the badmail
> > > folder
> > > > made it an unhappy person.
> > > > So - I'm running ISA, Exchange is setup to not allow relays... how
> can
> > > I
> > > > make it so people can't even access the server to get this far.
> > > > I also want it so in the mean time if they try, my badmail won't
> fill
> > > up as
> > > > well -
> > > >
> > > > Thanks heaps :)
> > > >
> > > > Marek
> > > >
> > > >
> > >
> > >
> >
> >
>
>


Top

Re: relay by Henry

Henry
Thu Oct 23 05:26:22 CDT 2003

AFAIK it will just re-create the folder and destination.

... but I haven't tested that.

--
Henry Craven
---------------
Only 10 people understand Binary.
Those that do and those that don't.


"Marek" <nospam@spam.spam> wrote in message
news:rwNlb.187852$JA5.4675276@news.xtra.co.nz...
> If i take the entry out for a badmail folder - as in have nothing in
the
> field where it wants one - will it just not generate the reports or
will it
> break things... i.e. i'd rather have no folder for the time being...


Top

Re: relay by petergal

petergal
Thu Oct 23 14:46:11 CDT 2003


Hello

You can set Exchange to not deliver NDR reports.

In Exchange System Manager, expand Global Settings and click on Internet
Message Formats. Open the properties of "Default" on the right and click
Properties. Click on the Advanced Tab and uncheck "Allow non-delivery
reports".

Hope this helps!

Peter Gallagher
Microsoft Technical Support

Top