Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 21 December 2024, 09:30:23 pm

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14262 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  SMTP Proxy being used as relay
0 Members and 3 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: SMTP Proxy being used as relay  (Read 12870 times)
dutch
Jr. Member
*
Offline Offline

Posts: 1


« on: Friday 23 October 2015, 01:36:02 am »

In a small network I'm running Exchange 2010 and was recently blacklisted for sending spam.

I scanned all PC's in the network for any viruses or malware with Norton Power Eraser (in addition to the anti virus running on all PC's).  The scan came out clean.

When looking at the Live Log of STMP is see a lot of the following:

SMTP Pro..
2015-10-22 10:23:25
postfix/smtp[30334]: connect to com-october2015.cf[172.98.208.113]:25: Connection timed out
SMTP Pro..
2015-10-22 10:23:25
postfix/smtp[30334]: D806418288: to=<Anxiety-@com-october2015.cf>, relay=none, delay=88772, delays=88761/2.1/9/0, dsn=4.4.1, status=deferred (connect to com-october2015.cf[172.98.208.113]:25: Connection timed out)
SMTP Pro..
2015-10-22 10:23:25
postfix/smtp[30338]: connect to hpcee.win[69.162.127.86]:25: Connection timed out
SMTP Pro..
2015-10-22 10:23:25
postfix/smtp[30338]: D75F01892B: to=<Reduce.Your.Tax.@hpcee.win>, relay=none, delay=248369, delays=248358/2.2/9/0, dsn=4.4.1, status=deferred (connect to hpcee.win[69.162.127.86]:25: Connection timed out)
SMTP Pro..
2015-10-22 10:23:25
postfix/smtp[30339]: connect to yonlsi.com[5.9.177.153]:25: Connection timed out
SMTP Pro..
2015-10-22 10:23:25
postfix/smtp[30339]: D565418D7F: to=<CDCHeartAlert@yonlsi.com>, relay=none, delay=84493, delays=84482/2.2/9/0, dsn=4.4.1, status=deferred (connect to yonlsi.com[5.9.177.153]:25: Connection timed out)
SMTP Pro..
2015-10-22 10:23:26
postfix/smtp[30342]: connect to dqkif.win[198.52.139.58]:25: Connection timed out
SMTP Pro..
2015-10-22 10:23:26
postfix/smtp[30342]: D47C418AB5: to=<Govt.Rx.CoverUp@dqkif.win>, relay=none, delay=178503, delays=178492/2.2/9.1/0, dsn=4.4.1, status=deferred (connect to dqkif.win[198.52.139.58]:25: Connection timed out)
SMTP Pro..
2015-10-22 10:23:26
postfix/smtp[30352]: connect to com-gjppz.trade[162.221.201.182]:25: Connection timed out

It looks like external sources are trying to send through the Endian.  When an email is send from within I see the exchange server as the sending server, however these have no sending server.  I ran a check through MXTOOLBOX.com and it came back the we are not an open relay.

Is this normal activity that I see , or do I need to close/block something.

The setup is:

No Port 25 forward the exchange server
Outgoing firewall off
http proxy off
SMTP proxy on
no bypass in transparent proxy

Any assistance would be greatly appreciated.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.063 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com