datarepro Posted February 8, 2005 Share Posted February 8, 2005 I have been listed for having 1). An open socks proxy 2). An open HTTP proxy on my Exchange 5.5 server. I have spent some time here looking for configuration solutions to these issues, and have not found anything helpful. So either I have missed it, or not been able to find it. So, if anyone is able to point me to the information to take care of the two problems, or has the help I need, I would appreciate any helpful items. Thank you. Link to comment Share on other sites More sharing options...
Merlyn Posted February 8, 2005 Share Posted February 8, 2005 This is a known bug and I don't think it can be fixed for ver 5.5 You can start here: http://www.winnetmag.com/article/articleid/40507/40507.html http://www.winnetmag.com/article/articleid/42406/42406.html http://www.spamcop.net/fom-serve/cache/372.html Link to comment Share on other sites More sharing options...
Merlyn Posted February 8, 2005 Share Posted February 8, 2005 If this is you haven't you been monitoring your abuse address? Looks like this has been going on for a long time and many spammers have been using your server to send their spam. If I were you I would unplug this machine from the net untill you get it fixed. SPAMCOP SpamCop Blocking List: bl.spamcop.net -> 127.0.0.2 Blocked - see http://www.spamcop.net/bl.shtml?66.134.113.154 DSBLLIST Distributed Sender Boycott List: single-stage relays tested by trusted users: list.dsbl.org -> 127.0.0.2 http://dsbl.org/listing?66.134.113.154 DSBLUNCONFIRMED Distributed Sender Boycott List: single-stage relays, multihop relays and listings by anonymous users: unconfirmed.dsbl.org -> 127.0.0.2 http://dsbl.org/listing?66.134.113.154 PSBL Passive spam Block List: psbl.surriel.com -> 127.0.0.2 Listed in PSBL, see http://psbl.surriel.com/listing?ip=66.134.113.154 AHBL The Abusive Hosts Blocking List: dnsbl.ahbl.org -> 127.0.0.3 Open Proxy - http://www.ahbl.org/tools/lookup.php?ip=66.134.113.154 UCEPROTECTL1 UCEPROTECT®-Network Project - Level 1: dnsbl-1.uceprotect.net -> 127.0.0.2 Sorry, IP 66.134.113.154 is blacklisted at Level 1 by UCEPROTECT-Network see http://www.uceprotect.net SORBS spam and Open Relay Blocking System: Aggregate zone: dnsbl.sorbs.net -> 127.0.0.2 -> 127.0.0.3 HTTP Proxy See: http://www.dnsbl.sorbs.net/lookup.shtml?66.134.113.154 SOCKS Proxy See: http://www.dnsbl.sorbs.net/lookup.shtml?66.134.113.154 SORBSHTTP List of Open HTTP Proxy Servers.: http.dnsbl.sorbs.net -> 127.0.0.2 HTTP Proxy See: http://www.dnsbl.sorbs.net/lookup.shtml?66.134.113.154 SORBSSOCKS List of Open SOCKS Proxy Servers.: socks.dnsbl.sorbs.net -> 127.0.0.3 SOCKS Proxy See: http://www.dnsbl.sorbs.net/lookup.shtml?66.134.113.154 DNSBLAUT1 Reynolds Technology Type 1: t1.dnsbl.net.au -> 127.0.0.2 http://dsbl.org/listing?66.134.113.154 66.134.113.154 See http://www.dnsbl.sorbs.net/cgi-bin/lookup?...=66.134.113.154 66.134.113.154 See http://dnsbl.ahbl.org/ and http://dnsbl.net.au/lookup/?ip=66.134.113.154 DNSBLAUDSBL Distributed Server Boycott List: dsbl.dnsbl.net.au -> 127.0.0.2 http://dsbl.org/listing?66.134.113.154 DNSBLAUSORBS External Block List - SORBS: sorbs.dnsbl.net.au -> 127.0.0.2 66.134.113.154 See http://www.dnsbl.sorbs.net/cgi-bin/lookup?...=66.134.113.154 Link to comment Share on other sites More sharing options...
datarepro Posted February 8, 2005 Author Share Posted February 8, 2005 Yep, that's me. This really sucks. I work 45 hours a week on things other than being the network admin. And when SH** like this happens, I have to figure out why. I know it's a lame excuse from another incompetent network admin, but I at least I am trying to get it resolved. Could not find anything to specifcally "fix" the proxy trouble in Exchange 5.5, and MS does not post much on 5.5 anymore. I think I will trash it, and get a new OS. Link to comment Share on other sites More sharing options...
Merlyn Posted February 8, 2005 Share Posted February 8, 2005 If you don't mind a couple of off forum questions PM me and I will respond back. Link to comment Share on other sites More sharing options...
datarepro Posted February 8, 2005 Author Share Posted February 8, 2005 You have mail. Link to comment Share on other sites More sharing options...
Derek T Posted February 9, 2005 Share Posted February 9, 2005 I have been listed for having 1). An open socks proxy 2). An open HTTP proxy on my Exchange 5.5 server. I have spent some time here looking for configuration solutions to these issues, and have not found anything helpful. So either I have missed it, or not been able to find it. So, if anyone is able to point me to the information to take care of the two problems, or has the help I need, I would appreciate any helpful items. Thank you. 24074[/snapback] AIUI Exchange was never designed to be, and never should be connected directly to the internet. Wiser people than me have said that the only real solution is to put a 'nix box between it and that plug in the wall! Link to comment Share on other sites More sharing options...
datarepro Posted February 9, 2005 Author Share Posted February 9, 2005 Red Hat 9 box is on order. Can't get here soon enough... Apologies to anyone who's getting spammed from my box. Link to comment Share on other sites More sharing options...
Merlyn Posted February 9, 2005 Share Posted February 9, 2005 I doubt the nix box will help if the spammers are authenticating themselves. That is where your problem is, they are using an SMTP AUTH Hack. The mail even though it is wrong it is still being sent through your exchange box because the perps have authenticated themselves as a proper user. Good luck and keep us posted. Link to comment Share on other sites More sharing options...
datarepro Posted February 9, 2005 Author Share Posted February 9, 2005 I am going to have it configured for our ISP to host the mail, and put the box inside our network... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.