Exchange 2007 spam bot
Our exchange 2007 server is sending out alot of spam. What are some steps I can take to prevent this from happening?
ASKER
I have used ethereal and noted that all the spam is coming from the exchange server. In the queue they are listed as FROM: postmaster.
Today I noticed now that I am not able to send mail to myself. Can anyone suggest some AV software?
Today I noticed now that I am not able to send mail to myself. Can anyone suggest some AV software?
ASKER
Here is the result of the open relay test:
Mail relay testing
Connecting to MYIP for registered user test ...
Relay test result
Could not connect, test failed.
ASKER
Actually I made a mistake I was using the wrong IP. Here are the test results.
Relay test 1
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest@abuse.net>
<<< 250 2.1.0 spamtest@abuse.net....Send
>>> RCPT TO:<xxxxx@yahoo.com>
<<< 550 5.7.1 Unable to relay for xxxxx@yahoo.com
Relay test 2
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest>
<<< 250 2.1.0 spamtest@edpartnering.com.
>>> RCPT TO:<xxxxx@yahoo.com>
<<< 550 5.7.1 Unable to relay for xxxxx@yahoo.com
Relay test 3
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<>
<<< 250 2.1.0 <>....Sender OK
>>> RCPT TO:<xxxxx@yahoo.com>
<<< 550 5.7.1 Unable to relay for xxxxx@yahoo.com
Relay test 1
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest@abuse.net>
<<< 250 2.1.0 spamtest@abuse.net....Send
>>> RCPT TO:<xxxxx@yahoo.com>
<<< 550 5.7.1 Unable to relay for xxxxx@yahoo.com
Relay test 2
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest>
<<< 250 2.1.0 spamtest@edpartnering.com.
>>> RCPT TO:<xxxxx@yahoo.com>
<<< 550 5.7.1 Unable to relay for xxxxx@yahoo.com
Relay test 3
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<>
<<< 250 2.1.0 <>....Sender OK
>>> RCPT TO:<xxxxx@yahoo.com>
<<< 550 5.7.1 Unable to relay for xxxxx@yahoo.com
ASKER
It has been an hour and the email was not relayed.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If the messages are coming from postmaster@ then it is NDR spam.
You simply need to enable recipient filtering as above. Don't bother changing anything else.
Simon.
You simply need to enable recipient filtering as above. Don't bother changing anything else.
Simon.
"NDR spam" - never realised that was the terminology. I'll have to remember that one!
You can check if it's an open relay by opening a free account at http://www.abuse.net/relay.html (read the instructions to find out how). Then, run a test from the same page. Enter your IP address, email and password (sent through in the registration process), tick the box and test it. It will tell you whether it is running as an open relay or not.
If it reports back as NOT an open relay, it might be a virus on the exchange machine or a workstation - check you have a good, well known and up to date virus scanner installed and scan all machines.