Solved

Exchange sending SPAM

Posted on 2004-03-29
9
449 Views
Last Modified: 2010-03-05
Im running Exchange 2000 server. The mail queue keeps filling up with spam. Relay is not open. Guest account is disabled.

I even removed it from the network, and the queue continues to fill up. Have done a complete AV scan and nothing.

Also if i do find the problem, is there an easy way to clean the queue?


Please help.
0
Comment
Question by:joh2900
9 Comments
 
LVL 10

Accepted Solution

by:
OneHump earned 50 total points
ID: 10710307
There is something spammers do called a dictionary harvest attack.  It's common and Exchange is a weak SMTP perimeter server so there is little you can do within Exchange to prevent it.

What happens is address list harvesters run through the dictionary @yourdomain.com and count up rcpt to: commands that are accepted.  The result is a queue full of spam and a badmail folder full of messages that couldnt be returned because they send from an invalid address.

Your best bet is to deploy a better perimeter solution in front of your Exchange server.  Tumbleweed, Trend, Ironport, ChipherTrust and Postini all have decent solutoins.  There are many others as well.

OneHump
0
 

Author Comment

by:joh2900
ID: 10710435
its offline and still queing mail.??
0
 
LVL 5

Assisted Solution

by:visioneer
visioneer earned 50 total points
ID: 10710468
Exchange seems to be prone to attacks based on the authentication methods on the SMTP server.  You should check the properties of the Default SMTP Virtual Server, go to the Access tab, click Relay, and UN-check the box that reads "Allow all computers which successfully authenticate to relay, regardless of the list above."  Let us know if that makes the spam subside.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:joh2900
ID: 10710520
changing authentication didnt help..... It almost seems as if somethings creating the emails from within that server... The server isnt even plugged into the network.

Have done a comlete scan with 2 different engines and both come up blank..
0
 
LVL 24

Expert Comment

by:David Wilhoit
ID: 10710934
unplugging the server won't make this go away, those queues need to be emptied out manually.

d
0
 
LVL 10

Expert Comment

by:OneHump
ID: 10713987
Email is not queing whent he server is offline.  What is happening is that email is being processed through your queues.  You won't always see them in ESM even though they are there.  There is a resource kit tool called MailQ you can use to get a better view of your queues.

Nothing with authentication, nothing with an open relay; This is a textbook dictionary attack.

OneHump
0
 
LVL 10

Expert Comment

by:OneHump
ID: 10815360
Where are we at with this?

OneHump
0

Featured Post

Wish Marketing would stop bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

Join & Write a Comment

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now