Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computer Certification > MCSE > Any exchange server 2000 expert here?

Reply
Thread Tools

Any exchange server 2000 expert here?

 
 
Bay
Guest
Posts: n/a
 
      11-01-2003
Hi,

I have some issues with my exchange server 2000

1. Spam issue
Whenever I checked the "Allow all computers which successfully authenicate
to relay, regardless the list above", spammer would able to hack in the
exchange server and send out ten thoursands of spam using my exchange
server.
I am not sure why that is happening because the options I checked require
computers to be authenicated before the relay.
The reason I check this box is because I have a few branch offices relay on
my exchange server to send emails. And some locations won't have a static
IP, so I can't really specify a certain range of IP addresses to relay.
I finally bought a firewall and setup vpn connections from those remote
offices and mobile laptops clients in order to relay the exchange server.
Out of curiousity, how did the spammer authenicate to my exchange server in
the first place?

2. Email issue.
When a staff send email to the distribution list from the global address
book. One of the individual is having problem getting the email. The error
message is below and some of the information like name, IP and domain info
are modified. When I tried to send email to this individual instead of
using the distribution list and he has no problem getting my emails. I
wonder why. I hope someone is able to help me. Thanks

From: System Administrator
Sent: Friday, October 31, 2003 12:29 PM
To: Peter Alexander
Subject: Undeliverable: Board Meeting Announcement
Your message did not reach some or all of the intended recipients.
Subject: Board Meeting Announcement
Sent: 10/31/2003 12:29 PM
The following recipient(s) could not be reached:

Peter Alexander on 10/31/2003 12:29 PM

There was a SMTP communication problem with the recipient's email server.
Please contact your system administrator.

<exchange.abc.com #5.5.0 smtp;571 from 200.100.52.100 We do not relay>




 
Reply With Quote
 
 
 
 
Karl \Johnno\ Gustaf
Guest
Posts: n/a
 
      11-02-2003
Hate to tell you stuff you may already know...
For the 2nd problem did you check that the smtp settings on his AD
account were ok? If you can email him manually but not from the
distribution list then this is the only thing I can think of straight
up.
Sorry I can;t help you any more. Good luck.

"Bay" <(E-Mail Removed)> wrote in message
news:l%Tob.57921$mZ5.344263@attbi_s54...
> Hi,
>
> I have some issues with my exchange server 2000
>
> 1. Spam issue
> Whenever I checked the "Allow all computers which successfully

authenicate
> to relay, regardless the list above", spammer would able to hack in

the
> exchange server and send out ten thoursands of spam using my

exchange
> server.
> I am not sure why that is happening because the options I checked

require
> computers to be authenicated before the relay.
> The reason I check this box is because I have a few branch offices

relay on
> my exchange server to send emails. And some locations won't have a

static
> IP, so I can't really specify a certain range of IP addresses to

relay.
> I finally bought a firewall and setup vpn connections from those

remote
> offices and mobile laptops clients in order to relay the exchange

server.
> Out of curiousity, how did the spammer authenicate to my exchange

server in
> the first place?
>
> 2. Email issue.
> When a staff send email to the distribution list from the global

address
> book. One of the individual is having problem getting the email.

The error
> message is below and some of the information like name, IP and

domain info
> are modified. When I tried to send email to this individual instead

of
> using the distribution list and he has no problem getting my emails.

I
> wonder why. I hope someone is able to help me. Thanks
>
> From: System Administrator
> Sent: Friday, October 31, 2003 12:29 PM
> To: Peter Alexander
> Subject: Undeliverable: Board Meeting Announcement
> Your message did not reach some or all of the intended recipients.
> Subject: Board Meeting Announcement
> Sent: 10/31/2003 12:29 PM
> The following recipient(s) could not be reached:
>
> Peter Alexander on 10/31/2003 12:29 PM
>
> There was a SMTP communication problem with the recipient's email

server.
> Please contact your system administrator.
>
> <exchange.abc.com #5.5.0 smtp;571 from 200.100.52.100 We do not

relay>
>
>
>
>



 
Reply With Quote
 
 
 
 
Bay
Guest
Posts: n/a
 
      11-02-2003
It is a contact not a domain user account. The settings are fine because the
problem didn't happen until recently. Thanks for your message thou.

"Karl "Johnno" Gustaf" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hate to tell you stuff you may already know...
> For the 2nd problem did you check that the smtp settings on his AD
> account were ok? If you can email him manually but not from the
> distribution list then this is the only thing I can think of straight
> up.
> Sorry I can;t help you any more. Good luck.
>
> "Bay" <(E-Mail Removed)> wrote in message
> news:l%Tob.57921$mZ5.344263@attbi_s54...
> > Hi,
> >
> > I have some issues with my exchange server 2000
> >
> > 1. Spam issue
> > Whenever I checked the "Allow all computers which successfully

> authenicate
> > to relay, regardless the list above", spammer would able to hack in

> the
> > exchange server and send out ten thoursands of spam using my

> exchange
> > server.
> > I am not sure why that is happening because the options I checked

> require
> > computers to be authenicated before the relay.
> > The reason I check this box is because I have a few branch offices

> relay on
> > my exchange server to send emails. And some locations won't have a

> static
> > IP, so I can't really specify a certain range of IP addresses to

> relay.
> > I finally bought a firewall and setup vpn connections from those

> remote
> > offices and mobile laptops clients in order to relay the exchange

> server.
> > Out of curiousity, how did the spammer authenicate to my exchange

> server in
> > the first place?
> >
> > 2. Email issue.
> > When a staff send email to the distribution list from the global

> address
> > book. One of the individual is having problem getting the email.

> The error
> > message is below and some of the information like name, IP and

> domain info
> > are modified. When I tried to send email to this individual instead

> of
> > using the distribution list and he has no problem getting my emails.

> I
> > wonder why. I hope someone is able to help me. Thanks
> >
> > From: System Administrator
> > Sent: Friday, October 31, 2003 12:29 PM
> > To: Peter Alexander
> > Subject: Undeliverable: Board Meeting Announcement
> > Your message did not reach some or all of the intended recipients.
> > Subject: Board Meeting Announcement
> > Sent: 10/31/2003 12:29 PM
> > The following recipient(s) could not be reached:
> >
> > Peter Alexander on 10/31/2003 12:29 PM
> >
> > There was a SMTP communication problem with the recipient's email

> server.
> > Please contact your system administrator.
> >
> > <exchange.abc.com #5.5.0 smtp;571 from 200.100.52.100 We do not

> relay>
> >
> >
> >
> >

>
>



 
Reply With Quote
 
Thierry DEMAN \(MVP\)
Guest
Posts: n/a
 
      11-02-2003
Bay wrote:
> It is a contact not a domain user account. The settings are fine because

the
> problem didn't happen until recently. Thanks for your message thou.
>
> "Karl "Johnno" Gustaf" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Hate to tell you stuff you may already know...

....
Hi.

For yor First issue, I know a possibility!

If you activate/authorize the guest account, all spammers are considered as
"authenticated as guest".
=> So relay is allowed to them! You must not activate this account to
disallow relay.

Bye.
--
Thierry DEMAN-BARCELÒ
MVP Exchange,SQL/Server
FAQ Exchange: http://faqexchange.dyndns.org ou http://exchange.faq.free.fr
Site personnel: http://webfamilial.dyndns.org/thierr...principale.htm
http://tdeman.free.fr/thierry/pageprincipale.htm


 
Reply With Quote
 
simon whale
Guest
Posts: n/a
 
      11-03-2003
Have a look at the following

http://www.msexchange.org/tutorials/MF005.html

Simon
"Bay" <(E-Mail Removed)> wrote in message
news:l%Tob.57921$mZ5.344263@attbi_s54...
> Hi,
>
> I have some issues with my exchange server 2000
>
> 1. Spam issue
> Whenever I checked the "Allow all computers which successfully authenicate
> to relay, regardless the list above", spammer would able to hack in the
> exchange server and send out ten thoursands of spam using my exchange
> server.
> I am not sure why that is happening because the options I checked require
> computers to be authenicated before the relay.
> The reason I check this box is because I have a few branch offices relay

on
> my exchange server to send emails. And some locations won't have a static
> IP, so I can't really specify a certain range of IP addresses to relay.
> I finally bought a firewall and setup vpn connections from those remote
> offices and mobile laptops clients in order to relay the exchange server.
> Out of curiousity, how did the spammer authenicate to my exchange server

in
> the first place?
>
> 2. Email issue.
> When a staff send email to the distribution list from the global address
> book. One of the individual is having problem getting the email. The

error
> message is below and some of the information like name, IP and domain info
> are modified. When I tried to send email to this individual instead of
> using the distribution list and he has no problem getting my emails. I
> wonder why. I hope someone is able to help me. Thanks
>
> From: System Administrator
> Sent: Friday, October 31, 2003 12:29 PM
> To: Peter Alexander
> Subject: Undeliverable: Board Meeting Announcement
> Your message did not reach some or all of the intended recipients.
> Subject: Board Meeting Announcement
> Sent: 10/31/2003 12:29 PM
> The following recipient(s) could not be reached:
>
> Peter Alexander on 10/31/2003 12:29 PM
>
> There was a SMTP communication problem with the recipient's email server.
> Please contact your system administrator.
>
> <exchange.abc.com #5.5.0 smtp;571 from 200.100.52.100 We do not relay>
>
>
>
>



 
Reply With Quote
 
Consultant
Guest
Posts: n/a
 
      11-03-2003
why dont you post to the exchange newsgroup?


"Bay" <(E-Mail Removed)> wrote in message
news:l%Tob.57921$mZ5.344263@attbi_s54...
> Hi,
>
> I have some issues with my exchange server 2000
>
> 1. Spam issue
> Whenever I checked the "Allow all computers which successfully authenicate
> to relay, regardless the list above", spammer would able to hack in the
> exchange server and send out ten thoursands of spam using my exchange
> server.
> I am not sure why that is happening because the options I checked require
> computers to be authenicated before the relay.
> The reason I check this box is because I have a few branch offices relay

on
> my exchange server to send emails. And some locations won't have a static
> IP, so I can't really specify a certain range of IP addresses to relay.
> I finally bought a firewall and setup vpn connections from those remote
> offices and mobile laptops clients in order to relay the exchange server.
> Out of curiousity, how did the spammer authenicate to my exchange server

in
> the first place?
>
> 2. Email issue.
> When a staff send email to the distribution list from the global address
> book. One of the individual is having problem getting the email. The

error
> message is below and some of the information like name, IP and domain info
> are modified. When I tried to send email to this individual instead of
> using the distribution list and he has no problem getting my emails. I
> wonder why. I hope someone is able to help me. Thanks
>
> From: System Administrator
> Sent: Friday, October 31, 2003 12:29 PM
> To: Peter Alexander
> Subject: Undeliverable: Board Meeting Announcement
> Your message did not reach some or all of the intended recipients.
> Subject: Board Meeting Announcement
> Sent: 10/31/2003 12:29 PM
> The following recipient(s) could not be reached:
>
> Peter Alexander on 10/31/2003 12:29 PM
>
> There was a SMTP communication problem with the recipient's email server.
> Please contact your system administrator.
>
> <exchange.abc.com #5.5.0 smtp;571 from 200.100.52.100 We do not relay>
>
>
>
>



 
Reply With Quote
 
Marlin Munrow
Guest
Posts: n/a
 
      11-03-2003
I sympathise with your situation, you've posted to the MCSE news group
where people with MCSE + Messaging hang out and you're getting flamed
for asking basics or even asking in the wrong group.
Your question about how a spammer authenticated in the first place
almost certainly like this
http://www.secwiz.com/Default.aspx?tabid=46

it looks like the remote end is using ORFEE from www.vamsoft.com/orf
like we do, it drops a connection from any known relays (against RFCs
but sometimes - especially when you're fed up with the viagra emails -
when you need to avert delivery status notification attacks).

I suggest that if you want to know more that you get an MCSE like me

Microsoft Certified Search Engine-eer

or does MCSE stand for Must Consult Someone Else ?

There are some really great sites especially the Security Operations
download area for exchange at
http://www.microsoft.com/downloads/d...8-75D4F9EB8D2D
or all about relay prevention at
http://www.microsoft.com/technet/tre...3hg/sgch04.asp


by going to http://www.google.com/microsoft and querying for
"open relay prevention"

(http://www.google.com/microsoft?hl=e...lay+prevention
for the uninitiated)

gives
http://www.sans.org/rr/papers/19/963.pdf
with loads of good links (if anyone can be bothered to do their own
research these days instead of riding on other peoples' coat tails.)

You may have noted the entirely intentional irony in this posting.

You might want to try looking up the error message and see what a 571
means?



On Mon, 3 Nov 2003 06:59:05 -0800, "Consultant"
<(E-Mail Removed)> wrote:

>why dont you post to the exchange newsgroup?
>
>
>"Bay" <(E-Mail Removed)> wrote in message
>news:l%Tob.57921$mZ5.344263@attbi_s54...
>> Hi,
>>
>> I have some issues with my exchange server 2000
>>
>> 1. Spam issue

<<SNIP>>
Out of curiousity, how did the spammer authenicate to my exchange
server
>in
>> the first place?
>>

<<SNIP>>
>> There was a SMTP communication problem with the recipient's email server.
>> Please contact your system administrator.
>>
>> <exchange.abc.com #5.5.0 smtp;571 from 200.100.52.100 We do not relay>
>>
>>
>>
>>

>


 
Reply With Quote
 
Consultant
Guest
Posts: n/a
 
      11-03-2003
perhaps you should respond to the correct post.


"Marlin Munrow" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I sympathise with your situation, you've posted to the MCSE news group
> where people with MCSE + Messaging hang out and you're getting flamed
> for asking basics or even asking in the wrong group.
> Your question about how a spammer authenticated in the first place
> almost certainly like this
> http://www.secwiz.com/Default.aspx?tabid=46
>
> it looks like the remote end is using ORFEE from www.vamsoft.com/orf
> like we do, it drops a connection from any known relays (against RFCs
> but sometimes - especially when you're fed up with the viagra emails -
> when you need to avert delivery status notification attacks).
>
> I suggest that if you want to know more that you get an MCSE like me
>
> Microsoft Certified Search Engine-eer
>
> or does MCSE stand for Must Consult Someone Else ?
>
> There are some really great sites especially the Security Operations
> download area for exchange at
>

http://www.microsoft.com/downloads/d...8-75D4F9EB8D2D
> or all about relay prevention at
>

http://www.microsoft.com/technet/tre...3hg/sgch04.asp
>
>
> by going to http://www.google.com/microsoft and querying for
> "open relay prevention"
>
>

(http://www.google.com/microsoft?hl=e...n+relay+preven
tion
> for the uninitiated)
>
> gives
> http://www.sans.org/rr/papers/19/963.pdf
> with loads of good links (if anyone can be bothered to do their own
> research these days instead of riding on other peoples' coat tails.)
>
> You may have noted the entirely intentional irony in this posting.
>
> You might want to try looking up the error message and see what a 571
> means?
>
>
>
> On Mon, 3 Nov 2003 06:59:05 -0800, "Consultant"
> <(E-Mail Removed)> wrote:
>
> >why dont you post to the exchange newsgroup?
> >
> >
> >"Bay" <(E-Mail Removed)> wrote in message
> >news:l%Tob.57921$mZ5.344263@attbi_s54...
> >> Hi,
> >>
> >> I have some issues with my exchange server 2000
> >>
> >> 1. Spam issue

> <<SNIP>>
> Out of curiousity, how did the spammer authenicate to my exchange
> server
> >in
> >> the first place?
> >>

> <<SNIP>>
> >> There was a SMTP communication problem with the recipient's email

server.
> >> Please contact your system administrator.
> >>
> >> <exchange.abc.com #5.5.0 smtp;571 from 200.100.52.100 We do not relay>
> >>
> >>
> >>
> >>

> >

>



 
Reply With Quote
 
NEW NAME, OLD GUY
Guest
Posts: n/a
 
      11-03-2003
> I suggest that if you want to know more that you get an MCSE like me
>
> Microsoft Certified Search Engine-eer
>
> or does MCSE stand for Must Consult Someone Else ?


dude, you made me laughed. Many times users were stunned when I gave them
super-fast answers for non-IT-related questions. All I do is WWW.GOOGLE.COM



"Marlin Munrow" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I sympathise with your situation, you've posted to the MCSE news group
> where people with MCSE + Messaging hang out and you're getting flamed
> for asking basics or even asking in the wrong group.
> Your question about how a spammer authenticated in the first place
> almost certainly like this
> http://www.secwiz.com/Default.aspx?tabid=46
>
> it looks like the remote end is using ORFEE from www.vamsoft.com/orf
> like we do, it drops a connection from any known relays (against RFCs
> but sometimes - especially when you're fed up with the viagra emails -
> when you need to avert delivery status notification attacks).
>
> I suggest that if you want to know more that you get an MCSE like me
>
> Microsoft Certified Search Engine-eer
>
> or does MCSE stand for Must Consult Someone Else ?
>
> There are some really great sites especially the Security Operations
> download area for exchange at
>

http://www.microsoft.com/downloads/d...8-75D4F9EB8D2D
> or all about relay prevention at
>

http://www.microsoft.com/technet/tre...3hg/sgch04.asp
>
>
> by going to http://www.google.com/microsoft and querying for
> "open relay prevention"
>
>

(http://www.google.com/microsoft?hl=e...n+relay+preven
tion
> for the uninitiated)
>
> gives
> http://www.sans.org/rr/papers/19/963.pdf
> with loads of good links (if anyone can be bothered to do their own
> research these days instead of riding on other peoples' coat tails.)
>
> You may have noted the entirely intentional irony in this posting.
>
> You might want to try looking up the error message and see what a 571
> means?
>
>
>
> On Mon, 3 Nov 2003 06:59:05 -0800, "Consultant"
> <(E-Mail Removed)> wrote:
>
> >why dont you post to the exchange newsgroup?
> >
> >
> >"Bay" <(E-Mail Removed)> wrote in message
> >news:l%Tob.57921$mZ5.344263@attbi_s54...
> >> Hi,
> >>
> >> I have some issues with my exchange server 2000
> >>
> >> 1. Spam issue

> <<SNIP>>
> Out of curiousity, how did the spammer authenicate to my exchange
> server
> >in
> >> the first place?
> >>

> <<SNIP>>
> >> There was a SMTP communication problem with the recipient's email

server.
> >> Please contact your system administrator.
> >>
> >> <exchange.abc.com #5.5.0 smtp;571 from 200.100.52.100 We do not relay>
> >>
> >>
> >>
> >>

> >

>



 
Reply With Quote
 
Jtyc
Guest
Posts: n/a
 
      11-03-2003
> super-fast answers for non-IT-related questions. All I do is
WWW.GOOGLE.COM

Google is spelled googol, not google. Google it if you don't believe me.



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
501 PIX "deny any any" "allow any any" Any Anybody? Networking Student Cisco 4 11-16-2006 10:40 PM
Microsoft Exchange 2000 Server OR Microsoft SQL Server 2000 Sam MCSE 11 06-03-2005 08:29 PM
Exchange 5.5 with Exchange 2000 Cluster problem Jose Luis Microsoft Certification 0 02-13-2004 10:23 AM
Any exchange server 2000 expert here? Bay MCSA 28 11-05-2003 03:03 PM
CDO for Windows 2000 vs CDO for Exchange 2000 ASP .Net 2 07-11-2003 12:31 PM



Advertisments