Open relay issues

Similar Messages

• GWIA Relay Issue, maybe the SPAMmers authenticated...

  So I was greeted with a lovely issue this morning that is really driving me nuts. My mail system was relaying messages from [email protected] using a valid user on my system (MFouch). The IP address that was sending the messages appears to be in Lagos, Nigeria (41.203.64.250). I have been combing my GWIA, MTA, and POA logs and I am not seeing any POP/IMAP/SMTP auth from that IP address. The valid local user that was being abused "C/S dos" login was getting logged but from GWIA's internal IP address. I attached a MIME copy of the message.
  My GWIA agent is setup to prevent relaying. I do allow relaying from some specifically defined internal addresses. I do allow POP3 in, but only specific users can use IMAP4 (silly Android issue). I require authentication for both POP3, IMAP4, and SMTP. I ran all of the different open relay tests that I am aware of (abuse.net, mxtoolbox.com) as well as tried to relay something via telnetting to my GWIA. I have attached my current GWIA flags as well. I just added /disallowauthrelay for now as a test/precaution.
  I found TID 7008712 that confused, upset, and scared me all at the same time (GroupWise Internet Agents are relaying emails when they're not suppose to be relaying.). If what this TID says is correct, how can I continue to use GroupWise?
  It looks like I have stopped the trouble for now. I added /disallowauthrelay as per TID7008712 (which will probably upset a few people). I renamed my gwac.db in case there was some corruption in my SMTP access control list. I changed the abused local user's password. I renamed all of my various GWIA directories (000.PRC, DEFER, GWHOLD, GWPROB, RECEIVE, RESULT, SEND, WPCSIN, and WPCSOUT) just to give me some time to clean out all of the deferrals, send items, and to be sure there is not a message queued somewhere. Members of my team are scanning the two machines this user uses as a precaution. I have also explicitly denied 41.203.64.250 access to my network at my perimeter.
  Has any of the great minds out there in the Novell Forum Land seen this before or can point out my buffoonery?
  Thanks in advance,
  Jeff

  Hi.
  I'm not quite sure where the uncertainty lies. The user yo uidentified
  with the logins from GWIA has been hacked, e.g his password probably was
  weak and brute forced, or gained by other means (has this user been in
  nigeria recently? ;))
  I also don't quite understand the outrage on the TID. It merely explains
  what is logical. If someone can authenticate, he can relay. There's
  nothing to be overly concerned about, except your password security. You
  may want to activate intruder detection... Of course there are other
  means to possibly gat to know a users password, but brute force is the
  usual way...
  On 29.09.2011 18:16, jcrawfor wrote:
  >
  > So I was greeted with a lovely issue this morning that is really driving
  > me nuts. My mail system was relaying messages from [email protected]
  > using a valid user on my system (MFouch). The IP address that was
  > sending the messages appears to be in Lagos, Nigeria (41.203.64.250). I
  > have been combing my GWIA, MTA, and POA logs and I am not seeing any
  > POP/IMAP/SMTP auth from that IP address. The valid local user that was
  > being abused "C/S dos" login was getting logged but from GWIA's internal
  > IP address. I attached a MIME copy of the message.
  >
  > My GWIA agent is setup to prevent relaying. I do allow relaying from
  > some specifically defined internal addresses. I do allow POP3 in, but
  > only specific users can use IMAP4 (silly Android issue). I require
  > authentication for both POP3, IMAP4, and SMTP. I ran all of the
  > different open relay tests that I am aware of (abuse.net, mxtoolbox.com)
  > as well as tried to relay something via telnetting to my GWIA. I have
  > attached my current GWIA flags as well. I just added /disallowauthrelay
  > for now as a test/precaution.
  >
  > I found TID 7008712 that confused, upset, and scared me all at the same
  > time ('GroupWise Internet Agents are relaying emails when they're not
  > suppose to be relaying.' (http://tinyurl.com/3ls65sc)). If what this
  > TID says is correct, how can I continue to use GroupWise?
  >
  > It looks like I have stopped the trouble for now. I added
  > /disallowauthrelay as per TID7008712 (which will probably upset a few
  > people). I renamed my gwac.db in case there was some corruption in my
  > SMTP access control list. I changed the abused local user's password.
  > I renamed all of my various GWIA directories (000.PRC, DEFER, GWHOLD,
  > GWPROB, RECEIVE, RESULT, SEND, WPCSIN, and WPCSOUT) just to give me some
  > time to clean out all of the deferrals, send items, and to be sure there
  > is not a message queued somewhere. Members of my team are scanning the
  > two machines this user uses as a precaution. I have also explicitly
  > denied 41.203.64.250 access to my network at my perimeter.
  >
  > Has any of the great minds out there in the Novell Forum Land seen this
  > before or can point out my buffoonery?
  >
  > Thanks in advance,
  > Jeff
  >
  >
  Massimo Rosen
  Novell Knowledge Partner
  No emails please!
  http://www.cfc-it.de

• Repectfully tell someoen your email server does not accept mail from open relay?

  Bryce Katz wrote:
  "According to our email server, your email is being rejected due to a serious misconfiguration on the sending email server. Please have your IT department contact us for additional information. We cannot make adjustments to servers we don't own, but we'll happily work with your IT department to resolve this issue."
  I liked it until the "happily work with your IT department" part.. It's one thing to say they can contact them, but to say "happily"..... Nope nope nope nope...

  So I got a call from one of my co-workers this morning regarding an email that he has been trying to receive from a (vendor?) regarding generator information.  The domain is powersgenerator.com.
  In looking in my logs, sure enough there is a message in my amavis log regarding open relay:
  Open relay? Nonlocal recips but not originating:
  To the question:
  What is the best way to word an email to this person (in a respectful business manner) to tell him (probably not in IT at all, and will have no idea what I am talking about) the reasons his email was rejected?  Some examples would be awesome.
  Thanks!
  This topic first appeared in the Spiceworks Community

• Report Groove Relay issues

  To report any issues with Groove Relay Servers hosted by Microsoft, please reply to this thread.

  As the upgrade of hardware for the Microsoft-hosted Groove Relay servers seems to have been successful, I decided it was time to start a new thread for reporting Relay issues. This thread is tracked by people who support Groove Server, but it is not normally
  monitored outside of US East Coast business hours. While issues reported during that time are usually resolved within a matter of hours, we do not guarantee a particular turnaround time. If you have an urgent need, consider opening a support case.

• Beige G3 boot from **** problem; open firmware issues; bad motherboard?

  Dear all,
  I'm having huge boot/startup problems with my beige G3 that had been happily running OSX 10.3.9, but for purposes of this discussion we can (mostly) revert to OS 9. Originally, the machine was a G3 @300; was upgraded more than a year ago to a ZIF G4 @500.
  To make a long story short, it won't boot from any hard drives, will not boot from any OS X CD, and will only occasionally boot from a 9.x startup CD (whether Apple or Norton Utilities). I think it's an open firmware issue, possibly caused by a bad motherboard (rev. 2).
  All this started happening after I used techtool pro, but I think that's coincidence (even though I acknowledge that, for cops and computer users, there are no coincidences.) Also, as discussed below, I'm having the same problems with an HD that wasn't even in the computer when all these things began.
  Here are some of the things I've done.
  --repeatedly reset PRAM, both with key combinations and removing battery. The only time it will boot from a 9.x CD is after resetting PRAM.
  --removed all add-on PCI cards.
  --removed additional VRAM
  --removed all memory cards and tried replacing one at a time.
  --disconnected both existing hard drives and replaced with an older OS 9.x hard drive (approx 60 mb) that I'd used before. Also tried different ribbon cables.
  --unplugged floppy drive
  --disconnected PCI ATA disk controller that I'd been using for running a large (1.8 gb) hard drive.
  --regarding open firmware: readenv usually shows totally normal default AND installed settings. Using reset-all works fine -- at least it makes the machine reboot, but doesn't solve the problem. reset-nvram does NOT work -- says it's an "unknown word."
  --using startup keys like holding down the option key, or shift key, or X key or cmd-option plus two others I can't remember, has no effect. Again, after I've tried any kind of reboot, the ONLY way to get the C-key at startup to boot the CD is by resetting the pram (key combination). Otherwise, the usual result of these experiments is a dark screen on startup -- nothing at all (and the LCD monitor tells me "no input.")
  --regarding OSX: sometimes (and I emphasize sometimes) I can get the machine to start booting from an OSX 10.2 CD, but it won't complete the process. Sometimes I get a "prohibited" (as in no-parking, no-smoking) icon; sometimes it will start booting (grey screen, OS X Apple icon), then crash (horizontal grey and white jagged bars); sometimes it will show the OS 9 start icon (the tiny smiling Mac SE), but not boot at all.
  --when I get the mac successfully booted with an OS 9.x CD (again, this works sometimes, but not always), the old hard drive with two partitions does show on the desktop and can be accessed. Using either disk repair or Norton Utilities shows the 9.2 system partition on the hard drive to be fine. But if I go to the startup disk control panel, confidently set the 9.2 partition as my startup disk, then reboot, there's no change. It won't boot and I'm back at square one.
  --even when I do get successfully booted with 9.x, the machine will still occasionally crash for no reason -- ie when I'm moving a Window.
  --the only thing I haven't done is slowed down the processor. It's a ZIF G4 bought more than a year ago from XLR8 your Mac. I'm running at the default 500 mhz, and it's never given me any trouble.
  So I think it's a bad motherboard or ROM. Thoughts?
  Thanks.

  The beige Mac is now operating happily again. My original tentative diagnosis remains the same (although still tentative): corrupted PRAM from bad battery, compounded by bad cables that wrote corrupted data to hard drives, and also (possibly) allowing Tech Tool Pro (a utility that I now regard with deep suspicion) to create a "virtual" startup partition.
  A few things I've learned along the way that hopefully may be useful:
  --remember that the Ex Post Facto utility can be used to help OS X startup, not just installation. This applies to hard drives, emergency CDs, installation CDs, etc. If you can boot into any working hard drive partition (OS 9 or a backup OS 10), then run Ex Post Facto (same program runs on either OS 9 or X -- don't ask me how) and tell it what system you want to start up from. Also, the utility has sometimes told me that the startup extensions on the disc that I wanted to boot up from were bad, and offered to fix them (which works).
  --at least on my Mac (beige, v. 2 motherboard), resetting the CUDA button, resetting the PRAM, resetting Open Firmware and "draining" the memory by unplugging the computer and disconnecting the battery for several hours ALL DO DIFFERENT THINGS.
  Specifically, if I'm having trouble booting (from a hard drive or a CD), the FIRST thing I do is restart and resetting the PRAM on the fly -- holding down command, option, P and R at startup, and waiting for the chimes (preferably at least 3-4 times).
  If I do that and DON'T hear the chimes, that's my cue for my SECOND action -- restarting into open firmware (command, option O and F keys on startup). That should bring up the black text on white background open firmware screen. View other posts or apple support for details, but if you do PRINTENV and see a bunch of weird gibberish after the default/installed lists, you know that it was messed up and you need to clear it through reset nvram and reset all commands. Be aware some of these commands do or do not work depending upon what version of Open Firmware you have.
  After I've rebooted with Open Firmware, then on restart I should be able to reset the PRAM on the fly. If that works, then either let the machine run and see what happens, or hold down the C command and see if it will boot from the CD
  Usually, if I've fixed everything as above, the machine will boot into whatever version of OS 9 it finds on a hard drive. That's fine with me -- at that point, use Ex Post Facto to reboot into your OS X. (Before I forget: I used the shareware startup CD creator program BootCD to make an emergency boot CD based on OS 10.2.8 (which theoretically will support a beige mac in native fashion) and Disk Warrior, the god of disk repair utilities. Even though the CD should boot just by holding down the C key on startup, it doesn't -- but if I use Ex Post Facto to boot it, no problems (although the process is very slow -- be patient). Then I can fix almost anything using Disk Warrior.)
  If none of the above works, then I'll try resetting the CUDA (on my beige minitower, it's a very small black button inconveniently located between a PCI slot and the side of the computer housing). Hold it down for 15 seconds. That should REALLY clear the PRAM. I know this does something different from the previous steps because this is the only action (except the battery disconnect -- next) that clears the date and time from the memory.
  If all else fails, I will unplug the computer and disconnect the battery, then push the CUDA button for 15 seconds and let the machine sit overnight.
  One final finding -- I thought I'd fixed everything, but both my hard drives suddenly quit working, I discovered that during all this repeated connect/disconnect of things, one of the male pins inside one of the connectors on my Acard ATA PCI card had broken off. Not good. Fortunately, the card had a second connector, which works fine. And I did some extensive shaking of the computer to make sure (I hope) that the broken pin hadn't landed on a circuit board.
  All this took more than two weeks, and the advice of this board was much appreciated. Now I'm on to my next adventure -- trying to figure out why a combo Firewire/USB PCI card won't mount an external drive on Firewire, but will on USB. I've tried two cards with same result -- but a Firewire-only card works just fine.)
  Regards to all,
  Graham

• TS1717 itunes will not open and issue 13001 comes up...? thanks

  itunes will not open and issue 13001 comes up...? thanks

  Perhaps something here will help:
  http://support.apple.com/kb/TS1421
  Regards.

• Ocrfile is not being written to.  open file issues.  Help please.

  I've been troubleshooting an open file issue on our Test environment for quite a while now. Oracle has had me update to latest CRS bundle for 10.2.0.3, then upgrade to 10.2.0.4, then two more patches via OPatch to bring 10.2.0.4 RAC to it's most recent patch. None of these patches resolved our problem. We have ~8700 datafiles in the database and once the database is started, we're at ~11k on Production but on Test we're at ~37K or higher. It takes 1-2 days to hit the 65536 limit before it crashes. I have to 'bounce' the database to keep it from crashing. Yes, I could raise the ulimit but that isn't solving the problem.
  Over the weekend I noticed that on Production and DEV, the ocrfile is being written to constantly and has a current timestamp but on Test, the ocrfile has not been written to since the last OPatch install. I've checked the crs status via 'cluvfy stage -post crsinst -n all -verbose' and everything comes back as 'passed'. The database is up and running, but the ocrfile is still timestamped at April 14th and open files jump to 37k upon opening the database and continue to grow to the ulimit. Before hitting the limit, I'll have over 5,000 open files for 'hc_<instance>.dat, which is where I've been led down the path of patching Oracle CRS and RDBMS to resolve the 'hc_<instance>.dat bug which was supposed to be resolved in all of the patches I've applied.
  From imon_<instance>.log:
  Health check failed to connect to instance.
  GIM-00090: OS-dependent operation:mmap failed with status: 22
  GIM-00091: OS failure message: Invalid argument
  GIM-00092: OS failure occurred at: sskgmsmr_13
  That info started the patching process but it seems like there's more to it and this is just a result of some other issue. The fact that my ocrfile on Test is not being written to when it updates frequently on Prod and Dev, seems odd.
  We're using OCFS2 as our CFS, updated to most recent version for our kernel (RHEL AS 4 u7 -- 2.6.9-67.0.15.ELsmp for x86_64)
  Any help greatly appreciated.

  Check Bug... on metalink
  if Bug 6931689
  Solve:
  To fix this issue please apply following patch:
  Patch 7298531 CRS MLR#2 ON TOP OF 10.2.0.4 FOR BUGS 6931689 7174111 6912026 7116314
  or
  Patch 7493592 CRS 10.2.0.4 Bundle Patch #2
  Be aware that the fix has to be applied to the 10.2.0.4 database home to fix the problem
  Good Luck

• Report showing GL Accountwise Open, Reciept,Issue,and  Closed Value

  Hi.,
         i want to do a report that shows GL Accountwise Open, Reciept,Issue,and  Closed Value based on Posting Date. Is there any standard report available.Please guide me how to do this.Please tell me the list tables to be accessed .
  Regards.,
  S.Sivakumar

  Transaction FBL4N

• Open hub issues

  Hi,
  open hub issues occured in the process chain. Some of the files didnt reach to the external customer directories. so i want to know where can i  insert the abap code 7.0 so that external tool picks up the files once all files have been reached to BWP/Interface in T-code AL11.
  In 3.5 you can insert the code in infosporke using BADI. Only possibility i think of transformations but not sure where to insert it.
  Thanks in advance
  krish

  Hi Krish,
  It is my understanding that the files would not be available on the application server until after the transformation step has
  been completed. Therefore it would not be useful to create a routine in the transformation. 
  Maybe you could create a program that could be inserted in the subsequent step of the process chain?
  Best Regards,
  Vincent

• Internal Open Relay For Entire Network

  Hello All,
  Sorry if this has been answered, but I haven't seen anything that addresses specifically what I need in the forums.
  I have a single Exchange 2010 Server. I've set up a new receive connector called Open Relay and have opened up various I.P. Addresses. What I would like to do is open it up for all of my subnets internally (10.0.0.1/24.) Which is easy enough.
  Here's the problem, I only want the Open Relay to work internally, I do not want any of my workstations to be able to relay off the trusted subnets, across those internal subnets YES, but to the outside world, NO. Everything I try gives them rights to relay
  both inside and outside, that is a blacklisting just waiting to happen.
  This is so that all the scripts that I run remotely on workstations can send me emails with info that I need.
  Thanks Eric

  Create a receive connector
  http://technet.microsoft.com/en-us/library/bb232021.aspx
  add the required subnet to allow relay
  Get-ReceiveConnector yourconnectorname | get-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights 
  MAS

• Allow only specific domains to use open relay

  I have a client that I have to send emails on behalf of with a reply address for the client. If I have * as an accepted (open relay) I can successfully send emails with the from and replyto address required for my client. The problem with this is being
  an open relay I now have spam emails being sent through my exchange server. Is there a way I can stop external addresses accesing the open relay? Or enable an exchange account to send as a non domain email address?

  Hi Rich,
  I am running exchange 2010 Version: 14.01.0438.000
  I am sending the emails from MSAccess using VBA (see script below)
  With Flds
              .Item("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = 1
              .Item("http://schemas.microsoft.com/cdo/configuration/sendusername") = "Domain.A Username"
              .Item("http://schemas.microsoft.com/cdo/configuration/sendpassword") = "********"
              .Item("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
              .Item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "192.168.1.7"
              .Item("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
              .Item("http://schemas.microsoft.com/cdo/configuration/senduserreplyemailaddress") = "[email protected]"
              .Update
          End With
  strHTML = "HTML for email"
  With iMsg
          Set .Configuration = iConf
          .to = Screen.ActiveForm.[Email]
          .CC = ""
          .BCC = "[email protected];[email protected]"
          .ReplyTo = "[email protected]"
          .From = """Client Name"" <[email protected]>"
          .Subject = "Subject"
          .HTMLBody = strHTML
          .AddAttachment ("s:\emailatt\file.pdf")
          .Send
      End With
  (Domain.A = local domain)
  (Domain.B = clients domain)
  The sending machine is on our LAN and a receive connector has been setup to accept emails from the IP Range that are using this script. Authentication is set to Basic and Exchange Server Authentication and Permission groups is set to Exchange users. The
  [email protected] email address has also been added to the Domain.A User Account email addresses.
  If I do not permit an open relay within the accepted domains list I get the following error
  The message could not be sent to the SMTP server. The transport error code was 0x800ccc69. The server response was 550 5.7.1 Client does not have permission to send as this sender.
  If I add Domain.B as an accepted domain this works however a copy of the email is no longer sent to my client and is treated like an email on our domain. 
  Thanks in advance for any help.
  Ian

• Open relay connector

  Trying to replace an open relay for servers/applications on exchange 2013 so I can retire exchange 2007, but I get the unable to relay error.  I’ve created the new frontend connector on CAS server with its own IP/DNS entries, scoped it and put security
  identical to the working connector on 2007. Also, I ran the obligatory: 
  Get-ReceiveConnector "exchange1\relay2" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"
  Used ADSIedit to verify it has the exact same permissions as the working relay connector in old exchange.
  Exchange 2013 I think, is not using the connector. When I telnet to relay.domain.com (exchange 2007), I get 250 relay.domain.com Hello [ip] as expected. When I telnet to relay2.domain.com (exchange 2013), I get 250 exchange1.domain.com Hello [ip] whereas
  I would expect to get 250 relay2.domain.com. If I attempt to send, I get unable to relay and logs show connection attempts using Exchange1\Default Front end connector.
  What did I miss?

  After some more testing, I think I may know what's going on, but not why.  I removed all the IPs from the remote range and added just one IP address and restarted the transport service. I can still open a telent session from a server that is not in
  the list.  
  From the How Does Exchange 2013 Know which recieve connector to use? section of http://exchangeserverpro.com/exchange-2013-configure-smtp-relay-connector/, he states the following:
  Simply put, receive connector selection is on a “most specific match wins” basis. The connector with remote network settings that most closely match the IP of the connecting server/device will
  be the one that handles the connection.
  This is not happening in my case. Even though my custom relay connector is a closer match, connections are going to the default frontend connector.

• Close Exchange 2010 Open Relay

  Hello,
  I am experimenting and trying to setup an exchange 2010 server to use with my personal domain. Let's make the following assumptions:
  Domain: domain.com
  Mail Server address: mail.domain.com
  My mail server sends emails using my ISP's SMTP server (suppose smtp.isp.com) as a smart host.
  My problem is that my exchange server seems to work like an open relay. If I use telnet to connect to mail.domain.com:25, I can send email from any to any address. What I'd like to do is to require some kind of authentication so only users that have mailboxes
  on my server can send email using mail.domain.com's SMTP.
  I believe the reason this happens is because I have enabled Anonymous users in the "Client" and "Default" Receive connectors. If I disable the Anonymous users though, I cannot receive emails from the internet. For example, a @gmail user
  won't be able to send an email to a user in my domain.
  How could I achieve my aim to restrict the SMTP relay to authenticated users but still be able to receive emails from the internet?

  Hi,
  As far as I know, there are two relay type:  authenticated relaying and anonymous or open relaying. And I recommend you use authenticated relaying which allows your internal users to send mail to domains outside of your Exchange organization,
  but requires authentication before the mail is sent.
  http://blogs.technet.com/b/exchange/archive/2006/12/28/3397620.aspx
  Thanks,
  Angela Shi
  TechNet Community Support

• Open relay - urgent help please

  one of the admin guys for one reason and another which is too long to get into, opened us up as an open relay last night.
  It was supposed to be shutdown fairly quickly but got left open all night.
  It has now been stopped but we have been hit hard by relays
  I have stopped all the mail services and mail inbound and outbound is being stopped by the firewall.
  However I have run postsuper -d ALL
  but I am still seing tremendous amounts of garbage going into defer and deferred.
  How can I get all the system clear of mails that the system thinks it still has to deliver so that I can start my services again

  It has now been stopped but we have been hit hard by
  relays
  I have stopped all the mail services and mail inbound
  and outbound is being stopped by the firewall.
  However I have run postsuper -d ALL
  but I am still seing tremendous amounts of garbage
  going into defer and deferred.
  How can I get all the system clear of mails that the
  system thinks it still has to deliver so that I can
  start my services again
  postsuper -d ALL will delete all mail in the queue (will take a while though).
  Since you blocked mail at the firewall, I can't see how it could still be coming in.
  Unless you have been compromised and some script is sending from the inside.

• Open relay test results

  Hi all. I'm a new Ironport user, having just started working for a company that had a Spam and Virus Blocker already up and running.
  We've been put on some blacklists for acting as an open relay. Apparently my predecessor had already done much of the work involved in fixing this problem, but we're still on blacklists. I'm not sure when the last time we really were an open relay was; it could have been before the Ironport was ever installed. I want to clear our name, but before I start requesting removals, I want to be 100% sure that the problem is addressed.
  I've run some online open relay tests, and most report that we are not an open relay, but when I tried http://www.rbl.jp/svcheck.php , 5 of their 19 tests came back as "accepted".
  I searched the Ironport knowledge base and found that our settings already match the recommendation -- our RAT is set to reject "all other recipients".
  Here are the recipients from the tests that came back as "accepted":
  >>> RCPT TO: <rlytest%[email protected]>
  >>> RCPT TO: <"[email protected]"@server01.mycompany.com>
  >>> RCPT TO: <h.rbl.jp![email protected]>
  >>> RCPT TO: <"rlytest%h.rbl.jp"@mycompany.com>
  >>> RCPT TO: <"[email protected]"@mycompany.com>
  "server01" is the name of our Exchange server. Our firewall is set to forward port 25 to the Ironport.
  Some of the tests suggested that even an "accepted" message was not a sure sign of being an open relay, and that the mail server might accept it and then silently discard it anyway. Is this something I need to fix, or is it already handled by the Ironport? How can I tell for sure? I've considered telnet'ing in from my home PC and reproducing the commands shown on that site using a real email address of my own, but I'm not really confident in this procedure, or in the procedure of "properly" malforming email addresses. Any advice?
  Can anyone recommend further steps for me to take to be sure we are not operating an open relay?

  Thank you for the quick reply, Steven.
  It seems as though my Ironport does not have the "findevent" command. When I tried it I got an "unknown command: findevent" message, and the "help" message does not list findevent. Are you sure that command exists in the Spam and Virus Blocker, and not just other Ironport models?
  I notice that there are two upgrades available to download for my Ironport, so maybe it's just that my current version is too old. I'm not sure I'm daring enough to install the upgrades during business hours, so I'll probably do that on the weekend.
  Thanks again.