listed as 127.0.0.2

[datalink]

Can someone see if my exchange 2k3 server has a hole in it. One of my users received this in a email from a remote system stating that the domain was blacklisted by spamcop. We are not listed on ordb.org, and I have submitted a test with the site.

I have relay set up for authenticated users. We currently have goldmine poping mail from the exchange server, only internally. We are planning to phase out goldmine.

the server ip is 151.198.236.211.

We have symantec enterprise and all pc are up to date and scanned.

can someone help?

Thanks in advance

[Ralsky's Fatal Tumor]

the server ip is 151.198.236.211.

Your server seems to be more hole than server these days.

DNSStuff shows you as listed in several blocklists as does OpenRBL. Senderbase shows that your outbound email volume has gone up 2579% since yesterday. I'd pull the plug on that server before the whole world has you blocked, since many lists are much less forgiving than SpamCop. I can't assist you technically, but I'm sure someone will be along momentarily who can.

Good luck!

[turetzsr]

...There are a number of helpful replies in various places in the SpamCop web forums and the FAQ. The one I save for easy reference is SpamCop FAQ: But my Exchange 2000 server is secured against relay.... Another I just found with the "Search the FAQ and forum" link at www.spamcop.net is SpamCop FAQ: Open Relay Servers.

...HTH!

[Merlyn]

Well you definately have an insecure server.

Google for "Exchange AUTH Hack"

the mail server you are running has many holes:

220 RACGM.RAC.regentatlantic.com Microsoft ESMTP MAIL Service, Version: 5.0.2195.6713 ready at Thu, 29 Jul 2004 12:23:37 -0400

Someone else (a spammer) has more control of your server than you do...........

You better secure that thing. For the services you offer it is not good to be running an insecure machine. If I were you I would unplug it now. Lots of confidential data you do not want leaked out. Very bad press indeed.

Good luck.