Welcome, Guest. Please login or register.
Did you miss your activation email?
Thursday 14 November 2024, 01:47:45 pm

Login with username, password and session length

CLICK HERE for the The official Endian Roadmap and Issue tracker
14255 Posts in 4377 Topics by 6515 Members
Latest Member: hulteends
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  SMTP Proxy being used as relay
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: SMTP Proxy being used as relay  (Read 10843 times)
dutch
Jr. Member
*
Offline Offline

Posts: 1


« on: Friday 23 October 2015, 01:36:02 am »

In a small network I'm running Exchange 2010 and was recently blacklisted for sending spam.

I scanned all PC's in the network for any viruses or malware with Norton Power Eraser (in addition to the anti virus running on all PC's).  The scan came out clean.

When looking at the Live Log of STMP is see a lot of the following:

SMTP Pro..
2015-10-22 10:23:25
postfix/smtp[30334]: connect to com-october2015.cf[172.98.208.113]:25: Connection timed out
SMTP Pro..
2015-10-22 10:23:25
postfix/smtp[30334]: D806418288: to=<Anxiety-@com-october2015.cf>, relay=none, delay=88772, delays=88761/2.1/9/0, dsn=4.4.1, status=deferred (connect to com-october2015.cf[172.98.208.113]:25: Connection timed out)
SMTP Pro..
2015-10-22 10:23:25
postfix/smtp[30338]: connect to hpcee.win[69.162.127.86]:25: Connection timed out
SMTP Pro..
2015-10-22 10:23:25
postfix/smtp[30338]: D75F01892B: to=<Reduce.Your.Tax.@hpcee.win>, relay=none, delay=248369, delays=248358/2.2/9/0, dsn=4.4.1, status=deferred (connect to hpcee.win[69.162.127.86]:25: Connection timed out)
SMTP Pro..
2015-10-22 10:23:25
postfix/smtp[30339]: connect to yonlsi.com[5.9.177.153]:25: Connection timed out
SMTP Pro..
2015-10-22 10:23:25
postfix/smtp[30339]: D565418D7F: to=<CDCHeartAlert@yonlsi.com>, relay=none, delay=84493, delays=84482/2.2/9/0, dsn=4.4.1, status=deferred (connect to yonlsi.com[5.9.177.153]:25: Connection timed out)
SMTP Pro..
2015-10-22 10:23:26
postfix/smtp[30342]: connect to dqkif.win[198.52.139.58]:25: Connection timed out
SMTP Pro..
2015-10-22 10:23:26
postfix/smtp[30342]: D47C418AB5: to=<Govt.Rx.CoverUp@dqkif.win>, relay=none, delay=178503, delays=178492/2.2/9.1/0, dsn=4.4.1, status=deferred (connect to dqkif.win[198.52.139.58]:25: Connection timed out)
SMTP Pro..
2015-10-22 10:23:26
postfix/smtp[30352]: connect to com-gjppz.trade[162.221.201.182]:25: Connection timed out

It looks like external sources are trying to send through the Endian.  When an email is send from within I see the exchange server as the sending server, however these have no sending server.  I ran a check through MXTOOLBOX.com and it came back the we are not an open relay.

Is this normal activity that I see , or do I need to close/block something.

The setup is:

No Port 25 forward the exchange server
Outgoing firewall off
http proxy off
SMTP proxy on
no bypass in transparent proxy

Any assistance would be greatly appreciated.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.031 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com