Jump to content

open relay


afreitas
 Share

Recommended Posts

i have a server ms exchange 2003 blocking relay, but some how when i test it, i get a message that is allowing relay thru this address 10001138763.0000003119.acesso.oni.pt. Help i don,t know what to do to block this type of relaying and my ip address is beeing blocked everyday. Help

thanks

Edited by afreitas
Link to comment
Share on other sites

Start here:

Setting Relay Restrictions

If you're still having problems after going through that guide, please let us know.

By default open unauthenticated relaying is turned off in exchange, so unless you've changed those settings you may be on a wile goose chase.

What is the IP address of the server in question so someone can pull a report history, that might tell us a bit more.

What tools are you using to test for an open relay?

Edited by Telarin
Link to comment
Share on other sites

Start here:

Setting Relay Restrictions

If you're still having problems after going through that guide, please let us know.

By default open unauthenticated relaying is turned off in exchange, so unless you've changed those settings you may be on a wile goose chase.

What is the IP address of the server in question so someone can pull a report history, that might tell us a bit more.

What tools are you using to test for an open relay?

the ip address is 213.58.112.103.

i've used pretty much every tool availbale on the net. i've done a search on google for open relay test and tried a lot of them. but the only way it accepts realy is thru this a ddress 10001138763.0000003119.acesso.oni.pt

http://www.abuse.net/relay.html

Open relay is closed.

Edited by afreitas
Link to comment
Share on other sites

Timing is such that http://www.senderbase.org/search?searchString=213.58.112.103 still showed it as listed on the SpamCopDNSBL .. but http://spamcop.net/w3m?action=checkblock&a...=213.58.112.103 says it's not listed. The issue would appear to have been based on spamtrap hits, as the only reported history kustings are;

Report History:

-----------------------------------------------------

Submitted: Monday, October 16, 2006 11:34:02 PM -0500:

dupe swelling

1971119346 ( 213.58.112.103 ) To: spamcop[at]imaphost.com

1971119329 ( 213.58.112.103 ) To: postmaster[at]net4b.pt

1971119309 ( 213.58.112.103 ) To: abuse[at]net4b.pt

------------------------------------------------------

Submitted: Monday, October 09, 2006 11:59:29 AM -0500:

swam taboo

1958825587 ( 213.58.112.103 ) To: abuse[at]net4b.pt

1958825579 ( 213.58.112.103 ) To: postmaster[at]net4b.pt

-----------------------------------------------------

Submitted: Monday, October 02, 2006 4:16:10 AM -0500:

ridiculous unnecessary

1947384858 ( 213.58.112.103 ) To: mole[at]devnull.spamcop.net

Link to comment
Share on other sites

You also have AUTH LOGIN enabled. Though my tester wasn't able to find any weak passwords, it doesn't mean that the spammers haven't used a larger list of user/password combinations than I try.

If you don't need remote users to authenticate and send mail through your system, you should disable the feature. This FAQ should help.

salt 10001138763.0000003119.acesso.oni.pt
Testing if 10001138763.0000003119.acesso.oni.pt accepts port 25 connections... Good.
Testing if 10001138763.0000003119.acesso.oni.pt supports AUTH LOGIN... Good.

Checking for weak passwords:
administrator:........................
guest:........................
info:........................
test:........................
admin:........................
user:........................
mail:........................
webmaster:........................
root:........................
master:........................
web:........................
www:........................
backup:........................
server:........................
data:........................
abc:........................
demo:........................

No weak passwords found.
Remember: Absence of evidence is not evidence of absence.

Link to comment
Share on other sites

Timing is such that http://www.senderbase.org/search?searchString=213.58.112.103 still showed it as listed on the SpamCopDNSBL .. but http://spamcop.net/w3m?action=checkblock&a...=213.58.112.103 says it's not listed. The issue would appear to have been based on spamtrap hits, as the only reported history kustings are;

I've looked on senderbase, but it seams that the problem is cbl listing on abuse.net.

it keeps blocking me everyday.

Link to comment
Share on other sites

I've looked on senderbase, but it seams that the problem is cbl listing on abuse.net.

<snip>

...Did you mean to write "abuseat.org" rather than abuse.net?
CBL Lookup Utility

_____________________________________________________

IP Address 213.58.112.103 was not found in the CBL.

It was previously listed, but was removed at 2006-10-25 14:48 GMT

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...