afreitas Posted October 24, 2006 Share Posted October 24, 2006 i have a server ms exchange 2003 blocking relay, but some how when i test it, i get a message that is allowing relay thru this address 10001138763.0000003119.acesso.oni.pt. Help i don,t know what to do to block this type of relaying and my ip address is beeing blocked everyday. Help thanks Link to comment Share on other sites More sharing options...
Telarin Posted October 24, 2006 Share Posted October 24, 2006 Start here: Setting Relay Restrictions If you're still having problems after going through that guide, please let us know. By default open unauthenticated relaying is turned off in exchange, so unless you've changed those settings you may be on a wile goose chase. What is the IP address of the server in question so someone can pull a report history, that might tell us a bit more. What tools are you using to test for an open relay? Link to comment Share on other sites More sharing options...
afreitas Posted October 24, 2006 Author Share Posted October 24, 2006 Start here: Setting Relay Restrictions If you're still having problems after going through that guide, please let us know. By default open unauthenticated relaying is turned off in exchange, so unless you've changed those settings you may be on a wile goose chase. What is the IP address of the server in question so someone can pull a report history, that might tell us a bit more. What tools are you using to test for an open relay? the ip address is 213.58.112.103. i've used pretty much every tool availbale on the net. i've done a search on google for open relay test and tried a lot of them. but the only way it accepts realy is thru this a ddress 10001138763.0000003119.acesso.oni.pt http://www.abuse.net/relay.html Open relay is closed. Link to comment Share on other sites More sharing options...
Wazoo Posted October 24, 2006 Share Posted October 24, 2006 Timing is such that http://www.senderbase.org/search?searchString=213.58.112.103 still showed it as listed on the SpamCopDNSBL .. but http://spamcop.net/w3m?action=checkblock&a...=213.58.112.103 says it's not listed. The issue would appear to have been based on spamtrap hits, as the only reported history kustings are; Report History: ----------------------------------------------------- Submitted: Monday, October 16, 2006 11:34:02 PM -0500: dupe swelling 1971119346 ( 213.58.112.103 ) To: spamcop[at]imaphost.com 1971119329 ( 213.58.112.103 ) To: postmaster[at]net4b.pt 1971119309 ( 213.58.112.103 ) To: abuse[at]net4b.pt ------------------------------------------------------ Submitted: Monday, October 09, 2006 11:59:29 AM -0500: swam taboo 1958825587 ( 213.58.112.103 ) To: abuse[at]net4b.pt 1958825579 ( 213.58.112.103 ) To: postmaster[at]net4b.pt ----------------------------------------------------- Submitted: Monday, October 02, 2006 4:16:10 AM -0500: ridiculous unnecessary 1947384858 ( 213.58.112.103 ) To: mole[at]devnull.spamcop.net Link to comment Share on other sites More sharing options...
GraemeL Posted October 25, 2006 Share Posted October 25, 2006 You also have AUTH LOGIN enabled. Though my tester wasn't able to find any weak passwords, it doesn't mean that the spammers haven't used a larger list of user/password combinations than I try. If you don't need remote users to authenticate and send mail through your system, you should disable the feature. This FAQ should help. salt 10001138763.0000003119.acesso.oni.pt Testing if 10001138763.0000003119.acesso.oni.pt accepts port 25 connections... Good. Testing if 10001138763.0000003119.acesso.oni.pt supports AUTH LOGIN... Good. Checking for weak passwords: administrator:........................ guest:........................ info:........................ test:........................ admin:........................ user:........................ mail:........................ webmaster:........................ root:........................ master:........................ web:........................ www:........................ backup:........................ server:........................ data:........................ abc:........................ demo:........................ No weak passwords found. Remember: Absence of evidence is not evidence of absence. Link to comment Share on other sites More sharing options...
afreitas Posted October 25, 2006 Author Share Posted October 25, 2006 Timing is such that http://www.senderbase.org/search?searchString=213.58.112.103 still showed it as listed on the SpamCopDNSBL .. but http://spamcop.net/w3m?action=checkblock&a...=213.58.112.103 says it's not listed. The issue would appear to have been based on spamtrap hits, as the only reported history kustings are; I've looked on senderbase, but it seams that the problem is cbl listing on abuse.net. it keeps blocking me everyday. Link to comment Share on other sites More sharing options...
turetzsr Posted October 26, 2006 Share Posted October 26, 2006 I've looked on senderbase, but it seams that the problem is cbl listing on abuse.net. <snip> ...Did you mean to write "abuseat.org" rather than abuse.net? CBL Lookup Utility _____________________________________________________ IP Address 213.58.112.103 was not found in the CBL. It was previously listed, but was removed at 2006-10-25 14:48 GMT Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.