General discussion

Locked

Open Wingate Proxy

By fcrammond ·
We are running Windows NT4 and Exchange5.5. I started getting returned messages from one of our vendors and the event log said that the messages were being refused and to see dsbl.org. I went there and did a list of our ip the following message was what I found. We are not running Wingate as far as I can tell. Anyone else have this kind of problem?

DSBL: Message Detail
IP: nnn.n.nnn.nn
Input IP: nnn.n.nnn.nn
Message Received: 2003/03/20 18:33:17 UTC
Message Sent By: mjt
Transport: wingate
Extended Information for Transport:
Port 23, WINGATE, connect to 205.231.29.241


Full Message:

Received: from [nnn.n.nnn.nn] ([217.23.134.193]) by recap_ca2 (NAVIEG 2.1 bld 63) with SMTP id M2003032013365822004 for <listme@listme.dsbl.org>; Thu, 20 Mar 2003 13:36:59 -0500
Message-I <e4mXZBs_JhTIWZubfJh6Ko_nuKm84df9@mjt>
To: <listme@listme.dsbl.org>
Subject: Open WINGATE Proxy test message
Date: Thu, 20 Mar 2003 13:36:59 -0500
From: mjt

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Open Wingate Proxy

by fcrammond In reply to Open Wingate Proxy

I forgot to add that this was the status at dsbl

Status
IP: nnn.n.nnn.nn
State: Listed
Listed in unconfirmed (unconfirmed.dsbl.org): yes
Listed in singlehop (list.dsbl.org): yes
Listed in multihop (multihop.dsbl.org): no
Record last changed: 2003/03/20 18:33:17 UTC
Server identifies itself as: recap_ca2
Reverse DNS identifies server as: recap.middletwn.ul.warwick.net

Collapse -

Open Wingate Proxy

by curlergirl In reply to Open Wingate Proxy

dsbl.org is an Internet based organization that blacklists IP addresses that are found to be allowing anonymous relaying of email messages. Anonymous relays are one of the most common ways in which email spammers send large quantities of email and disguise it so that it looks like it's coming from a different source than the real source. Organizations like dsbl.org are attempting to help eliminate spamming by providing lists of open relay servers. There's a lot of controversy about this, andit's not that hard to get listed even though you're not actually spamming anyone yourself. However, lots of us (I'm including myself) use these lists in an attempt to cut down on the amount of spam that clogs up corporate email servers.

Once you're listed, the only way to get yourself off the list is to make sure you have fixed the cause by closing any possibility that your own server is providing anonymous relaying, and then going to the org's web site - in your case, it's www.dsbl.org - and following their directions on how to get unlisted.

Even though your routing tab may have "Do not reroute incoming mail" selected, this does NOT prevent anonymous relaying - this is a known hole in Exchange 5.5 security. To make sure you don't have an open relay situation, in Exchange 5.5:

1. Open the Administrator program;
2. Open the Internet Mail connector, go to the Routing tab;
3. Select Reroute mail to, make sure SMTP is listed with your domain name;
4. Click the "Routing Restrictions" button, and then make sure that the first radio button (I think it says something about authenticated hosts only) is selected.

Hope this helps!

Collapse -

Open Wingate Proxy

by curlergirl In reply to Open Wingate Proxy

Also, I just noticed that the message from dsbl refers specifically to port 23. This is the telnet port, so if your server has this port open to the Internet, someone might be using it as a relay as well. I would suggest making sure the telnet port(s) on your server(s) are blocked from external access.

Collapse -

Open Wingate Proxy

by fcrammond In reply to Open Wingate Proxy

Poster rated this answer

Back to Windows Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums