Solved

Exchange sending SPAM

Posted on 2004-03-29
9
476 Views
Last Modified: 2010-03-05
Im running Exchange 2000 server. The mail queue keeps filling up with spam. Relay is not open. Guest account is disabled.

I even removed it from the network, and the queue continues to fill up. Have done a complete AV scan and nothing.

Also if i do find the problem, is there an easy way to clean the queue?


Please help.
0
Comment
Question by:joh2900
9 Comments
 
LVL 10

Accepted Solution

by:
OneHump earned 50 total points
ID: 10710307
There is something spammers do called a dictionary harvest attack.  It's common and Exchange is a weak SMTP perimeter server so there is little you can do within Exchange to prevent it.

What happens is address list harvesters run through the dictionary @yourdomain.com and count up rcpt to: commands that are accepted.  The result is a queue full of spam and a badmail folder full of messages that couldnt be returned because they send from an invalid address.

Your best bet is to deploy a better perimeter solution in front of your Exchange server.  Tumbleweed, Trend, Ironport, ChipherTrust and Postini all have decent solutoins.  There are many others as well.

OneHump
0
 

Author Comment

by:joh2900
ID: 10710435
its offline and still queing mail.??
0
 
LVL 5

Assisted Solution

by:visioneer
visioneer earned 50 total points
ID: 10710468
Exchange seems to be prone to attacks based on the authentication methods on the SMTP server.  You should check the properties of the Default SMTP Virtual Server, go to the Access tab, click Relay, and UN-check the box that reads "Allow all computers which successfully authenticate to relay, regardless of the list above."  Let us know if that makes the spam subside.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:joh2900
ID: 10710520
changing authentication didnt help..... It almost seems as if somethings creating the emails from within that server... The server isnt even plugged into the network.

Have done a comlete scan with 2 different engines and both come up blank..
0
 
LVL 24

Expert Comment

by:David Wilhoit
ID: 10710934
unplugging the server won't make this go away, those queues need to be emptied out manually.

d
0
 
LVL 10

Expert Comment

by:OneHump
ID: 10713987
Email is not queing whent he server is offline.  What is happening is that email is being processed through your queues.  You won't always see them in ESM even though they are there.  There is a resource kit tool called MailQ you can use to get a better view of your queues.

Nothing with authentication, nothing with an open relay; This is a textbook dictionary attack.

OneHump
0
 
LVL 10

Expert Comment

by:OneHump
ID: 10815360
Where are we at with this?

OneHump
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
Find out what you should include to make the best professional email signature for your organization.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
how to add IIS SMTP to handle application/Scanner relays into office 365.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question