I have an Exchange 2003 server serving only a dozen users. The SMTP queue has approx 5000 queues and there are approx 30 SMTP current connections.
I have confirmed via settings and external websites that the relay is most certainly closed. I have recieptiant filtering on as well as tar pit set. I have the server to not
I have entries in the Sender Filtering
I have 2 Block List Services SpamCop and Zen (bl.spamcop.net, zen.spamhaus.org)
I have the The Intelligent Messenging Filter 8 Delete and 8
I have Sender ID Filtering Set to Reject NDR
I have unchecked Allow NDR reports
On the SMTP Protocol I have all the Filter enabled
On the Relay tab I have "only the list below" and there are no entries in the list, I have checked "allow computer that have successfuly authenticated to relay"
On the Authentication Tab I have the standard checked "Anonymous, Basic, Integrated"
I can't figure out why this server is sending spam out, I have a closed relay and the settings above...what else is there.
The only thing I can think of is an authenticated attack. Is there a tool that I can see what user account is sending all the emails? When I use message tracking I see wierd user names that are no where close to the domain.
Suggestions....HELP
Start Free Trial
