* Home Help Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
Thursday 25 April 2024, 10:24:49 pm

Login with username, password and session length

Get the new Updates directly from Endian  HERE
14247 Posts in 4376 Topics by 6493 Members
Latest Member: thiagodod
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  SMTP Proxy being used as relay		 0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: SMTP Proxy being used as relay  (Read 8086 times)
dutch
Jr. Member
*
Offline Offline

Posts: 1
« on: Friday 23 October 2015, 01:36:02 am »
In a small network I'm running Exchange 2010 and was recently blacklisted for sending spam.

I scanned all PC's in the network for any viruses or malware with Norton Power Eraser (in addition to the anti virus running on all PC's).  The scan came out clean.

When looking at the Live Log of STMP is see a lot of the following:

SMTP Pro..
2015-10-22 10:23:25
postfix/smtp[30334]: connect to com-october2015.cf[172.98.208.113]:25: Connection timed out
SMTP Pro..
2015-10-22 10:23:25
postfix/smtp[30334]: D806418288: to=<Anxiety-@com-october2015.cf>, relay=none, delay=88772, delays=88761/2.1/9/0, dsn=4.4.1, status=deferred (connect to com-october2015.cf[172.98.208.113]:25: Connection timed out)
SMTP Pro..
2015-10-22 10:23:25
postfix/smtp[30338]: connect to hpcee.win[69.162.127.86]:25: Connection timed out
SMTP Pro..
2015-10-22 10:23:25
postfix/smtp[30338]: D75F01892B: to=<Reduce.Your.Tax.@hpcee.win>, relay=none, delay=248369, delays=248358/2.2/9/0, dsn=4.4.1, status=deferred (connect to hpcee.win[69.162.127.86]:25: Connection timed out)
SMTP Pro..
2015-10-22 10:23:25
postfix/smtp[30339]: connect to yonlsi.com[5.9.177.153]:25: Connection timed out
SMTP Pro..
2015-10-22 10:23:25
postfix/smtp[30339]: D565418D7F: to=<CDCHeartAlert@yonlsi.com>, relay=none, delay=84493, delays=84482/2.2/9/0, dsn=4.4.1, status=deferred (connect to yonlsi.com[5.9.177.153]:25: Connection timed out)
SMTP Pro..
2015-10-22 10:23:26
postfix/smtp[30342]: connect to dqkif.win[198.52.139.58]:25: Connection timed out
SMTP Pro..
2015-10-22 10:23:26
postfix/smtp[30342]: D47C418AB5: to=<Govt.Rx.CoverUp@dqkif.win>, relay=none, delay=178503, delays=178492/2.2/9.1/0, dsn=4.4.1, status=deferred (connect to dqkif.win[198.52.139.58]:25: Connection timed out)
SMTP Pro..
2015-10-22 10:23:26
postfix/smtp[30352]: connect to com-gjppz.trade[162.221.201.182]:25: Connection timed out

It looks like external sources are trying to send through the Endian.  When an email is send from within I see the exchange server as the sending server, however these have no sending server.  I ran a check through MXTOOLBOX.com and it came back the we are not an open relay.

Is this normal activity that I see , or do I need to close/block something.

The setup is:

No Port 25 forward the exchange server
Outgoing firewall off
http proxy off
SMTP proxy on
no bypass in transparent proxy

Any assistance would be greatly appreciated.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.031 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com