How to prevent IMS from relaying spam email?

How to prevent IMS from relaying spam email?

Post by David Wan » Thu, 26 Jul 2001 19:41:08



Hi,
My Exchange Server Config: NT Server 4.0 + Exchange Server 5.5(SP3)

I found someone are using our Exchange Server to replay spam emails.

1.There are some strange emails queued in IMS. Their orignators are '<>' and
their destination
  host are those,such msx.epaper.com.tw.
2.In Win NT event log, I found some words, such as 'A new TCP/IP SMTP
connection has been
  received from host msx.epaper.com.tw'.

According Exchange Server Onlin Help,I have made these settings:

    In IMS "Routing" Tab / Routing Restriction,I checked "Hosts and clients
    that successfully authenticate" and "Host and clients with these IP
address",
    but without any IP addresses.

I want to add the IP addresses of these bad hosts,such as
msx.epaper.com.tw,...
to "Specify the hosts and clients that can NEVER route mail", with mask
255.255.255.255.

My problem is 'Are these setting enough?".
Thanks for your help!

 
 
 

How to prevent IMS from relaying spam email?

Post by ROU Dead of Nigh » Thu, 26 Jul 2001 19:59:36


An originator of <> could denote your server sending an NDR or a read
receipt.

Of course, they are to whoever requested the read receipt or is receiving
the NDR.


Quote:> Hi,
> My Exchange Server Config: NT Server 4.0 + Exchange Server 5.5(SP3)

> I found someone are using our Exchange Server to replay spam emails.

> 1.There are some strange emails queued in IMS. Their orignators are '<>'
and
> their destination
>   host are those,such msx.epaper.com.tw.
> 2.In Win NT event log, I found some words, such as 'A new TCP/IP SMTP
> connection has been
>   received from host msx.epaper.com.tw'.

> According Exchange Server Onlin Help,I have made these settings:

>     In IMS "Routing" Tab / Routing Restriction,I checked "Hosts and
clients
>     that successfully authenticate" and "Host and clients with these IP
> address",
>     but without any IP addresses.

> I want to add the IP addresses of these bad hosts,such as
> msx.epaper.com.tw,...
> to "Specify the hosts and clients that can NEVER route mail", with mask
> 255.255.255.255.

> My problem is 'Are these setting enough?".
> Thanks for your help!


 
 
 

How to prevent IMS from relaying spam email?

Post by Robert D'Ottavi » Thu, 26 Jul 2001 21:34:48


Is there any way to prevent someone from using my Exchange
Server when the message is from <> and no other
information is available?

>-----Original Message-----
>An originator of <> could denote your server sending an
NDR or a read
>receipt.

>Of course, they are to whoever requested the read receipt
or is receiving
>the NDR.



>> Hi,
>> My Exchange Server Config: NT Server 4.0 + Exchange
Server 5.5(SP3)

>> I found someone are using our Exchange Server to replay
spam emails.

>> 1.There are some strange emails queued in IMS. Their
orignators are '<>'
>and
>> their destination
>>   host are those,such msx.epaper.com.tw.
>> 2.In Win NT event log, I found some words, such as 'A
new TCP/IP SMTP
>> connection has been
>>   received from host msx.epaper.com.tw'.

>> According Exchange Server Onlin Help,I have made these
settings:

>>     In IMS "Routing" Tab / Routing Restriction,I
checked "Hosts and
>clients
>>     that successfully authenticate" and "Host and

clients with these IP

- Show quoted text -

Quote:>> address",
>>     but without any IP addresses.

>> I want to add the IP addresses of these bad hosts,such
as
>> msx.epaper.com.tw,...
>> to "Specify the hosts and clients that can NEVER route
mail", with mask
>> 255.255.255.255.

>> My problem is 'Are these setting enough?".
>> Thanks for your help!

>.

 
 
 

How to prevent IMS from relaying spam email?

Post by Michael Abbaticchi » Thu, 26 Jul 2001 22:39:28


Take all the documented measures to disable relaying, via outside networks.

--
Michael Abbaticchio
Exchange Administrator
BHG

> Is there any way to prevent someone from using my Exchange
> Server when the message is from <> and no other
> information is available?

> >-----Original Message-----
> >An originator of <> could denote your server sending an
> NDR or a read
> >receipt.

> >Of course, they are to whoever requested the read receipt
> or is receiving
> >the NDR.



> >> Hi,
> >> My Exchange Server Config: NT Server 4.0 + Exchange
> Server 5.5(SP3)

> >> I found someone are using our Exchange Server to replay
> spam emails.

> >> 1.There are some strange emails queued in IMS. Their
> orignators are '<>'
> >and
> >> their destination
> >>   host are those,such msx.epaper.com.tw.
> >> 2.In Win NT event log, I found some words, such as 'A
> new TCP/IP SMTP
> >> connection has been
> >>   received from host msx.epaper.com.tw'.

> >> According Exchange Server Onlin Help,I have made these
> settings:

> >>     In IMS "Routing" Tab / Routing Restriction,I
> checked "Hosts and
> >clients
> >>     that successfully authenticate" and "Host and
> clients with these IP
> >> address",
> >>     but without any IP addresses.

> >> I want to add the IP addresses of these bad hosts,such
> as
> >> msx.epaper.com.tw,...
> >> to "Specify the hosts and clients that can NEVER route
> mail", with mask
> >> 255.255.255.255.

> >> My problem is 'Are these setting enough?".
> >> Thanks for your help!

> >.

 
 
 

How to prevent IMS from relaying spam email?

Post by Ben » Thu, 26 Jul 2001 22:56:04


David

To successfully stop spamming you are nearly there, on the routing tab you
did the right thing by selecting "hosts and clients that successfully
authenticate" but also for "hosts and clients with these ip addresses" add
your internal ip address range and the relevant subnet mask ie

192.168.0.0
255.255.255.0

That way the ims will reject any relaying that is not from those ip
addresses, you can then test this by telneting to port 25 of your server and
when you type:

specified in exchange then you will get this message
"error 550 relaying prohibited" bang  no more spamming, but if you add a
valid user after rcpt to: that is in your GAL then the message will be
accepted and passed through to the IMS.

Ben


Quote:> Hi,
> My Exchange Server Config: NT Server 4.0 + Exchange Server 5.5(SP3)

> I found someone are using our Exchange Server to replay spam emails.

> 1.There are some strange emails queued in IMS. Their orignators are '<>'
and
> their destination
>   host are those,such msx.epaper.com.tw.
> 2.In Win NT event log, I found some words, such as 'A new TCP/IP SMTP
> connection has been
>   received from host msx.epaper.com.tw'.

> According Exchange Server Onlin Help,I have made these settings:

>     In IMS "Routing" Tab / Routing Restriction,I checked "Hosts and
clients
>     that successfully authenticate" and "Host and clients with these IP
> address",
>     but without any IP addresses.

> I want to add the IP addresses of these bad hosts,such as
> msx.epaper.com.tw,...
> to "Specify the hosts and clients that can NEVER route mail", with mask
> 255.255.255.255.

> My problem is 'Are these setting enough?".
> Thanks for your help!

 
 
 

1. i want to know how to prevent spam mail from IMS

Completely?  Unplug your system from the Internet.

--
=============================================================

Simpler-Webb, Inc.  Austin, TX  "Mauve has more RAM" -Dilbert
Exchange FAQ   -   http://www.swinc.com/resource/exch_faq.htm
=============================================================

2. undeliverable emails

3. Prevent Spam SMTP Relay in Exchange

4. HELP ! Routing Engine service won't start

5. Outgoing Authentication for Exchange 5.5, to prevent relaying and spam

6. Custom Plugin for Exchange Server?

7. Need help preventing "spam" relay

8. Active Messaging - MessageFilter.timefirst/timelast

9. Preventing spam relay service

10. preventing spam from being relayed

11. Prevent using my SMTP/Proxy Server as a mail relay server for other's spam

12. Prevent 5.5 From Relaying Spam

13. HOW DOU PREVENT IMS FROM RELAYING UCE MESSAGES.