But that's not possible. Every test I run says I'm not. Yet my mail queues are filling and I'm ending up on blacklists. I turned off NDR's. I made everyone change passwords. I can't find anything in the SMTP log like an SMTP Auth. Audit log is also useless. I can't seem to stop it.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Help! I seem to be relaying...
- Thread starter Solo4357
- Start date
- Thread starter
- #3
- Thread starter
- #5
I still believe you have an infected client. Use "Network Monitor" to see which system is sending all of this junk to your mail server.
That would also explain why your relay tests came back as 'negative'. Your infected client is logged on, allowing authentication.
That would also explain why your relay tests came back as 'negative'. Your infected client is logged on, allowing authentication.
Find it and use this to beat up management for a decent stateful packet inspecting firewall (yes, I know, everyone keep quiet), an decent AV etc...
Oh and shoot the user...
Try event viewer on the server. Or netstat. Or other CMD line tool to work out who it is.
<signature for rent>
Oh and shoot the user...
Try event viewer on the server. Or netstat. Or other CMD line tool to work out who it is.
<signature for rent>
- Thread starter
- #8
If you turn on logging on the virtual smtp service, you will be able to see where all the traffic is coming from. Atleaset then you will be able to see if it is internal or external. you need to restart the service after setting it up, and you may what to select more fields on the advanced tab.
The logfiles are usally in the windows\sytem32\logfiles
smtpsvc1 folder.
Isa 2004 from microsoft has some really cool features for SMTP, and outlook web access if you need a firewall. its expensive at the moment, but I belive HP and some others are coming out with an appliance version.
The following article is for SBS but gives you all the steps you should follow.
The logfiles are usally in the windows\sytem32\logfiles
smtpsvc1 folder.
Isa 2004 from microsoft has some really cool features for SMTP, and outlook web access if you need a firewall. its expensive at the moment, but I belive HP and some others are coming out with an appliance version.
The following article is for SBS but gives you all the steps you should follow.
- Thread starter
- #11
Ah Ha! I figured it out. Thanks to all.
I had the logging turned up and found a lot of Anonymous logins. Initially I took this to mean that the server was logging incoming mails to our users. But checking further I found apparently there was a user named "anonymous" in my active directory! Yikes! So I disabled it and everything calmed down immediately. It's been a week and no problems!
Moral of the story: Look through your active directory a thousand times if you have to, but account for EVERY user.
I had the logging turned up and found a lot of Anonymous logins. Initially I took this to mean that the server was logging incoming mails to our users. But checking further I found apparently there was a user named "anonymous" in my active directory! Yikes! So I disabled it and everything calmed down immediately. It's been a week and no problems!
Moral of the story: Look through your active directory a thousand times if you have to, but account for EVERY user.
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Helpful tip