Welcome, Guest. Please login or register.
Did you miss your activation email?
Sunday 24 November 2024, 08:17:15 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  SMTP Proxy being used as relay
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: SMTP Proxy being used as relay  (Read 11362 times)
dutch
Jr. Member
*
Offline Offline

Posts: 1


« on: Friday 23 October 2015, 01:36:02 am »

In a small network I'm running Exchange 2010 and was recently blacklisted for sending spam.

I scanned all PC's in the network for any viruses or malware with Norton Power Eraser (in addition to the anti virus running on all PC's).  The scan came out clean.

When looking at the Live Log of STMP is see a lot of the following:

SMTP Pro..
2015-10-22 10:23:25
postfix/smtp[30334]: connect to com-october2015.cf[172.98.208.113]:25: Connection timed out
SMTP Pro..
2015-10-22 10:23:25
postfix/smtp[30334]: D806418288: to=<Anxiety-@com-october2015.cf>, relay=none, delay=88772, delays=88761/2.1/9/0, dsn=4.4.1, status=deferred (connect to com-october2015.cf[172.98.208.113]:25: Connection timed out)
SMTP Pro..
2015-10-22 10:23:25
postfix/smtp[30338]: connect to hpcee.win[69.162.127.86]:25: Connection timed out
SMTP Pro..
2015-10-22 10:23:25
postfix/smtp[30338]: D75F01892B: to=<Reduce.Your.Tax.@hpcee.win>, relay=none, delay=248369, delays=248358/2.2/9/0, dsn=4.4.1, status=deferred (connect to hpcee.win[69.162.127.86]:25: Connection timed out)
SMTP Pro..
2015-10-22 10:23:25
postfix/smtp[30339]: connect to yonlsi.com[5.9.177.153]:25: Connection timed out
SMTP Pro..
2015-10-22 10:23:25
postfix/smtp[30339]: D565418D7F: to=<CDCHeartAlert@yonlsi.com>, relay=none, delay=84493, delays=84482/2.2/9/0, dsn=4.4.1, status=deferred (connect to yonlsi.com[5.9.177.153]:25: Connection timed out)
SMTP Pro..
2015-10-22 10:23:26
postfix/smtp[30342]: connect to dqkif.win[198.52.139.58]:25: Connection timed out
SMTP Pro..
2015-10-22 10:23:26
postfix/smtp[30342]: D47C418AB5: to=<Govt.Rx.CoverUp@dqkif.win>, relay=none, delay=178503, delays=178492/2.2/9.1/0, dsn=4.4.1, status=deferred (connect to dqkif.win[198.52.139.58]:25: Connection timed out)
SMTP Pro..
2015-10-22 10:23:26
postfix/smtp[30352]: connect to com-gjppz.trade[162.221.201.182]:25: Connection timed out

It looks like external sources are trying to send through the Endian.  When an email is send from within I see the exchange server as the sending server, however these have no sending server.  I ran a check through MXTOOLBOX.com and it came back the we are not an open relay.

Is this normal activity that I see , or do I need to close/block something.

The setup is:

No Port 25 forward the exchange server
Outgoing firewall off
http proxy off
SMTP proxy on
no bypass in transparent proxy

Any assistance would be greatly appreciated.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.047 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com