Solved

Exchange sending SPAM

Posted on 2004-03-29
9
492 Views
Last Modified: 2010-03-05
Im running Exchange 2000 server. The mail queue keeps filling up with spam. Relay is not open. Guest account is disabled.

I even removed it from the network, and the queue continues to fill up. Have done a complete AV scan and nothing.

Also if i do find the problem, is there an easy way to clean the queue?


Please help.
0
Comment
Question by:joh2900
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 10

Accepted Solution

by:
OneHump earned 50 total points
ID: 10710307
There is something spammers do called a dictionary harvest attack.  It's common and Exchange is a weak SMTP perimeter server so there is little you can do within Exchange to prevent it.

What happens is address list harvesters run through the dictionary @yourdomain.com and count up rcpt to: commands that are accepted.  The result is a queue full of spam and a badmail folder full of messages that couldnt be returned because they send from an invalid address.

Your best bet is to deploy a better perimeter solution in front of your Exchange server.  Tumbleweed, Trend, Ironport, ChipherTrust and Postini all have decent solutoins.  There are many others as well.

OneHump
0
 

Author Comment

by:joh2900
ID: 10710435
its offline and still queing mail.??
0
 
LVL 5

Assisted Solution

by:visioneer
visioneer earned 50 total points
ID: 10710468
Exchange seems to be prone to attacks based on the authentication methods on the SMTP server.  You should check the properties of the Default SMTP Virtual Server, go to the Access tab, click Relay, and UN-check the box that reads "Allow all computers which successfully authenticate to relay, regardless of the list above."  Let us know if that makes the spam subside.
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:joh2900
ID: 10710520
changing authentication didnt help..... It almost seems as if somethings creating the emails from within that server... The server isnt even plugged into the network.

Have done a comlete scan with 2 different engines and both come up blank..
0
 
LVL 24

Expert Comment

by:David Wilhoit
ID: 10710934
unplugging the server won't make this go away, those queues need to be emptied out manually.

d
0
 
LVL 10

Expert Comment

by:OneHump
ID: 10713987
Email is not queing whent he server is offline.  What is happening is that email is being processed through your queues.  You won't always see them in ESM even though they are there.  There is a resource kit tool called MailQ you can use to get a better view of your queues.

Nothing with authentication, nothing with an open relay; This is a textbook dictionary attack.

OneHump
0
 
LVL 10

Expert Comment

by:OneHump
ID: 10815360
Where are we at with this?

OneHump
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question