EFW Support

Support => EFW SMTP, HTTP, SIP, FTP Proxy Support => Topic started by: dutch on Friday 23 October 2015, 01:36:02 am


Title: SMTP Proxy being used as relay
Post by: dutch on Friday 23 October 2015, 01:36:02 am
In a small network I'm running Exchange 2010 and was recently blacklisted for sending spam.

I scanned all PC's in the network for any viruses or malware with Norton Power Eraser (in addition to the anti virus running on all PC's).  The scan came out clean.

When looking at the Live Log of STMP is see a lot of the following:

SMTP Pro..
2015-10-22 10:23:25
postfix/smtp[30334]: connect to com-october2015.cf[172.98.208.113]:25: Connection timed out
SMTP Pro..
2015-10-22 10:23:25
postfix/smtp[30334]: D806418288: to=<Anxiety-@com-october2015.cf>, relay=none, delay=88772, delays=88761/2.1/9/0, dsn=4.4.1, status=deferred (connect to com-october2015.cf[172.98.208.113]:25: Connection timed out)
SMTP Pro..
2015-10-22 10:23:25
postfix/smtp[30338]: connect to hpcee.win[69.162.127.86]:25: Connection timed out
SMTP Pro..
2015-10-22 10:23:25
postfix/smtp[30338]: D75F01892B: to=<Reduce.Your.Tax.@hpcee.win>, relay=none, delay=248369, delays=248358/2.2/9/0, dsn=4.4.1, status=deferred (connect to hpcee.win[69.162.127.86]:25: Connection timed out)
SMTP Pro..
2015-10-22 10:23:25
postfix/smtp[30339]: connect to yonlsi.com[5.9.177.153]:25: Connection timed out
SMTP Pro..
2015-10-22 10:23:25
postfix/smtp[30339]: D565418D7F: to=<CDCHeartAlert@yonlsi.com>, relay=none, delay=84493, delays=84482/2.2/9/0, dsn=4.4.1, status=deferred (connect to yonlsi.com[5.9.177.153]:25: Connection timed out)
SMTP Pro..
2015-10-22 10:23:26
postfix/smtp[30342]: connect to dqkif.win[198.52.139.58]:25: Connection timed out
SMTP Pro..
2015-10-22 10:23:26
postfix/smtp[30342]: D47C418AB5: to=<Govt.Rx.CoverUp@dqkif.win>, relay=none, delay=178503, delays=178492/2.2/9.1/0, dsn=4.4.1, status=deferred (connect to dqkif.win[198.52.139.58]:25: Connection timed out)
SMTP Pro..
2015-10-22 10:23:26
postfix/smtp[30352]: connect to com-gjppz.trade[162.221.201.182]:25: Connection timed out

It looks like external sources are trying to send through the Endian.  When an email is send from within I see the exchange server as the sending server, however these have no sending server.  I ran a check through MXTOOLBOX.com and it came back the we are not an open relay.

Is this normal activity that I see , or do I need to close/block something.

The setup is:

No Port 25 forward the exchange server
Outgoing firewall off
http proxy off
SMTP proxy on
no bypass in transparent proxy

Any assistance would be greatly appreciated.


Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media