bugs4263 Posted October 31, 2006 Share Posted October 31, 2006 I'm new this and don't know that much. My problem is that we have been listed on spamcop and I have done all I know to try to fix it but am having no luck. I need someone who knows a lot more than me to guide me if you would. I'm running exchange 2003 and all tests show no open relays. I don't know where to even go to see what we are sending out let alone how to stop it. This is really a problem for the users and I could really use some guidance Thank you IP is 66.170.37.26 Link to comment Share on other sites More sharing options...
Telarin Posted October 31, 2006 Share Posted October 31, 2006 A paying reporter will drop by soon and I'm sure they will post the subject information that is available to them, if any. However, as an Exchange 2003 admin myself, I can give you some tips on places to start. Make sure your users aren't using autoresponders excessively. Vacation responders are probably ok if they don't get too much spam that would get misdirected replies, but auto-responding to every message is right out. Is the Exchange server the only computer at 66.170.37.26 or is that IP shared with other computers via some kind of NAT appliance? If it is shared, any computer sharing that IP could be causing your problem, make sure that your firewall blocks all outbound traffic on port 25 not originating from the Exchange server itself. If you are using an Anti-Virus program that scans incoming email, make sure it is not set to send "you sent us an infected email" messages in response. These will only go to the forged "FROM" address on the message, so will only be annoying innocent 3rd parties and not doing any good. Make sure if you have SMTP AUTH enabled that all of your user accounts have strong passwords and are required to change them regularly. If your users don't need to be able to relay mail through your Exchange server from outside your network, turn off SMTP AUTH altogether. Make sure you have the "Filter recipients who are not in the Directory" checkbox selected on the "Recipient Filtering" tab of the Message Delivery Properties, otherwise you may be sending bounces to forged "FROM" addresses and annoying innocent 3rd parties. Those would be the first items to check until we can get some more information from a paying reporter. Edit: You might also want to contact abuse[at]indigital.net, as they would have received any complaints regarding your IP address. They should have forwarded those on to you, but clearly that is not the case, you might want to find out why. Link to comment Share on other sites More sharing options...
dra007 Posted October 31, 2006 Share Posted October 31, 2006 Looks like pill spams are spewing out that IP Report History: -------------------------------------------------------------------------------- Submitted: Monday, October 30, 2006 11:21:26 AM -0500: Unbelievable! U can be healthy! 1992981795 ( 66.170.37.26 ) To: spamcop[at]imaphost.com 1992981777 ( 66.170.37.26 ) To: abuse[at]indigital.net -------------------------------------------------------------------------------- Submitted: Wednesday, October 18, 2006 7:03:58 PM -0400: Want to be healthy? U can! 1974051806 ( 66.170.37.26 ) To: spamcop[at]imaphost.com 1974051800 ( 66.170.37.26 ) To: abuse[at]indigital.net -------------------------------------------------------------------------------- Submitted: Wednesday, October 18, 2006 7:03:20 PM -0400: Cheapest way to solve health problems. 1974051258 ( 66.170.37.26 ) To: spamcop[at]imaphost.com 1974051250 ( 66.170.37.26 ) To: abuse[at]indigital.net _____________________________________ Seems to be a recent problem...as there are no older reports available. Sender base shows you have taken some action to stop the spew: Volume Statistics for this IP Magnitude Vol Change vs. Average Last day 2.2 -100% Last 30 days 3.1 -7% Average 3.1 Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.