Solved

Exchange Server Problem with SMTP

Posted on 2003-11-04
8
265 Views
Last Modified: 2010-05-18
I have a exchange server 2000 with sp 3, there is a "BIG" problem that many other server send emails to my server and use my server to send those rubbish email others. My server is stuck with thousands of message queueing and My own message can't be send out easily!!!!!

Is there any solution to stop receiving the rubbish emails???
0
Comment
Question by:chpchai
8 Comments
 
LVL 20

Expert Comment

by:ikm7176
ID: 9685180

Make sure that you are not infected with any virus

Go to ESM-SMTP virtual server properties->Access-> Relay
Make sure that "allows all computers that successfully authenticate to relay " is checked.

Relaying is the ability to forward mail to domains other than your own. More specifically, relaying occurs when an inbound connection to your SMTP server is used to send e-mail to external domains. By default, your Exchange server accepts mail from users and sends it to an external domain. If your server is open for relaying, or if relaying is unsecured on your server, unauthorized users can use your server to send unsolicited commercial e-mail. Therefore, to secure your SMTP virtual server, it is crucial that you set relay restrictions.

 It is important to understand the difference between authenticated relaying and anonymous or open relaying.
 
Authenticated relaying allows your internal users to send mail to domains outside of your Exchange organization, but requires authentication before the mail is sent. By default, Exchange only allows authenticated relaying.

Anonymous relaying allows any user to connect to your Exchange server and use it send mail outside your Exchange organization.

The following examples demonstrate how Exchange 2000 accepts and relays mail using authenticated relaying:

Example 1 An anonymous user connects to the SMTP virtual server and attempts to deliver mail to an internal user in the Exchange organization. In this situation, the SMTP virtual server accepts the message because it is destined for an internal domain and because the user exists in Active Directory.

Example 2 An anonymous user connects to the SMTP virtual server and attempts to deliver mail to an external user in an external domain. In this situation, the SMTP virtual server rejects the mail because it is destined for an external domain for which the Exchange server is not responsible. Because the user is not authenticated, the SMTP virtual server does not relay this mail outside of the Exchange organization.

Example 3 A user connects to the SMTP virtual server using a POP or IMAP client (for example Microsoft Outlook® Express), authenticates, and then attempts to send a message to a user in an external domain.In this situation, Outlook Express connects directly to the SMTP virtual server and authenticates the user. Although the message is destined for a remote domain, the SMTP virtual server accepts and relays this mail because the user is authenticated. By using the relay control features of Exchange 2000, you can prevent third parties from relaying mail through your server. Relay control allows you to specify a list of incoming remote IP address and subnet mask pairs that have permission to relay mail through your server. Exchange checks an incoming SMTP client’s IP address against the list of IP networks allowed to relay mail. If the client is not allowed to relay mail, only mail addressed to local recipients is allowed. Relay control can also be implemented by domain—however, this requires implementation of reverse DNS resolution, which is controlled at the SMTP virtual server level. Default Relay Restrictions.
 By default, the SMTP virtual server allows relaying only from authenticated users. This configuration is designed to prevent unauthorized users from using your Exchange server to relay mail. the virtual server’s default configuration allows only authenticated computers to relay mail.Unsolicited commercial e-mail generally comes from a spoofed or forged address and is often relayed using a server that is not secured for relay. For this reason, Exchange 2000 allows only authenticated users. Be very cautious when changing this setting—many Internet providers will block servers that allow open relaying.

Hope this clears your doubts
0
 
LVL 35

Expert Comment

by:Bembi
ID: 9690697
> Go to ESM-SMTP virtual server properties->Access-> Relay
> Make sure that "allows all computers that successfully authenticate to relay " is checked.

and check also "Only computers on the list" and keep the list empty. These two settings will deny anonymous realy.
0
 

Author Comment

by:chpchai
ID: 9713101
I have tried the setting mentioned above, but still that there are message from other servers queueing in my server... mainly from AOL, MSN, Netscape... !!!!!

any further setting available to improve the situation???
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 35

Expert Comment

by:Bembi
ID: 9717213
Open a DOS box and type:
telnet relay-test.mail-abuse.org

This will check your server for relay issues. More can be found at the mail-abuse.org web page. If there is any test, which fails, please post.

After the changes, you should restart your exchange server (or at least the SMTP service).

First at all you have to close your server. Second, you have to remove your server from the blacklists. As long your server is blacklisted, you will get mails, which will not been relayed, but which produces NDRs, which can not delivered.

Try http://openrbl.org to see, if you are blacklisted and where.

Please note also, that it may take some time, until all mails are out of the queue and are run dead. Whenever a mail can not be delivered, the mail produces a NDR to the senders address (which is usually faked) and therefore you get an additional set of mails within your queue. Have a look at the queue itself (don't forget to refresh --> menu item, not F5), and the number of mails within the queue (the queue itself is deleted, when the connection is closed, this takes also some minutes).

For the moment, you should lower the time, the mails will try to connect to the remote system (see tranmission tab within your virtual SMTP server). This reduces the time until they run dead. Also try to delete as much as possible from your queues. Also have a look at the file based queues on your server in the mailroot\vsi xx directory.
0
 
LVL 35

Accepted Solution

by:
Bembi earned 25 total points
ID: 9717232
Oh, have a look at the senders addresses. If you see, that these are allways the same addresses, you can block or filter them. But I assume, as some of the spam-email programs are intelligent, they will cahnge the senders address often.
0
 
LVL 2

Assisted Solution

by:mwareman
mwareman earned 25 total points
ID: 9792478
Seen this alot recently - and in most cases I've been involved it one of the following has been true:-

1)  The local Guest account was enabled - allowing any credentials to successfully authenticate (therefore allowing them to relay)

or

2)  A compromized local account on the box (in one case a domain account, but this machine was a member of the domain).

Check the local accounts on the box - reset passwords and ensure guest is disabled.

Generally, I've been able to pin the issue down to a previous infection by Code Red (the IIS worm) - one of it payloads (in some versions) is enabling the guest account..

Michael.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now