Microsoft Exchange SMTP Open Relay

usaf

New Email
Hi,

I'm using exchange server and i can see in logs their are emails which are sending out from somedomain to someotherdomain which i really dont know about. But when I do some test on open relays, it says 'unable to relay' Here are some tcp stream which I captured of an email session.

Code:
220 mail.[COLOR="SeaGreen"][B]mydomain[/B][/COLOR].co.uk Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 
ready at  Mon, 6 Jul 2009 15:14:18 +0100 
EHLO win
250-mail.[COLOR="SeaGreen"][B]mydomain[/B][/COLOR].co.uk Hello [121.247.163.59]
250-TURN
250-SIZE
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250-X-EXPS GSSAPI NTLM LOGIN
250-X-EXPS=LOGIN
250-AUTH GSSAPI NTLM LOGIN
250-AUTH=LOGIN
250-X-LINK2STATE
250-XEXCH50
250 OK
MAIL FROM: <cadgers9 '@' securpress.ru>
RCPT TO: <dldchi '@' mydomain.co.uk>
DATA
250 2.1.0 cadgers9 '@' securpress.ru....Sender OK
550 5.7.1 The IP address 121.247.163.59 was rejected by the 
Realtime Block List provider bl.spamcop.net. 
Please Call us to remove your Email from Filter 503 5.5.2 Need Rcpt command.


Here are Email Headers

Code:
Reporting-MTA: dns; mx.mailprotect.be
X-Postfix-Queue-ID: 1572C5802997
X-Postfix-Sender: rfc822; myemail@mydomain.co.uk
Arrival-Date: Sat,  1 Aug 2009 09:57:11 +0200 (CEST)


Final-Recipient: rfc822; pouch@eurocustoms.org
Original-Recipient: rfc822;pouch@eurocustoms.org
Action: failed
Status: 5.0.0
Remote-MTA: dns; distributor.mailprotect.be
Diagnostic-Code: smtp; 550 cuda_nsu 5.1.1 <pouch@eurocustoms.org>... User
    unknown

Code:
Received: from wilaya-4603d0f8 (unknown [41.201.104.183])
	by mx.mailprotect.be (Postfix) with SMTP id 1572C5802997
	for <pouch@eurocustoms.org>; Sat,  1 Aug 2009 09:57:11 +0200 (CEST)
To: <pouch@eurocustoms.org>
Subject: RE::Message-- JULY 77% OFF!
From: "VIAGRA ® Official Site" <pouch@eurocustoms.org>
MIME-Version: 1.0
Importance: High
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <20090801075712.1572C5802997@mx.mailprotect.be>
Date: Sat,  1 Aug 2009 09:57:11 +0200 (CEST)
 

EQ Admin

EQ Forum Admin
Staff member
What is the IP address for your exchange server?

We can help with the open relay tests.

I tried 121.247.163.59 but that was not accepting connections on port 25.

-Raymond
 
Top