daxa78
asked on
Pix and smtp
Hi, folks. I have a Pix 501 firewall and a exchangeserver 5.5 MX records for the exchangeserver is at my isp.
Everything has been working working perfectly for weeks now, but this morning i when i got to work the applicationlog iss full
off exchange messages, and they all seem to be about SMTP looking at the messages it seems to be clear that other people are using my exchangeserver to send messages, and it has been to much for the server.
The exchangeserver has stopped working now, what to do?
And how do i avoid this problem in the future ,is there anything i can do on the pix ?
Thanks in advance
Everything has been working working perfectly for weeks now, but this morning i when i got to work the applicationlog iss full
off exchange messages, and they all seem to be about SMTP looking at the messages it seems to be clear that other people are using my exchangeserver to send messages, and it has been to much for the server.
The exchangeserver has stopped working now, what to do?
And how do i avoid this problem in the future ,is there anything i can do on the pix ?
Thanks in advance
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This open relay checker is by far the best I've ever come across, and carries out comprehensive checks that others do not.. ;)
http://msv.dk/ms009.asp
http://msv.dk/ms009.asp
There's not much you can do on the PIX. You normally have to 'no fixup protocol smtp' to get things working with Exchange anyway. This disables mailguard.
However, mailguard won't protect you against open-relay abuse anyway, so make sure you close the relay as per suggestions above.
However, mailguard won't protect you against open-relay abuse anyway, so make sure you close the relay as per suggestions above.
ASKER
Hi, Tim. Is there anything i should do on the pix firewall or is this only an exchange issue?
ASKER
thanks so much tim.
This could also be a sign of infection by a virus on your internal network.
Maybe all your email clients have become infected and are trying to propagate viruses via email ?
Are you SURE that other people are using your mail server as a relay ?
Please put in IP address and mail address here:
http://msv.dk/ms009.asp
..and run the test.
Post up the results.
Maybe all your email clients have become infected and are trying to propagate viruses via email ?
Are you SURE that other people are using your mail server as a relay ?
Please put in IP address and mail address here:
http://msv.dk/ms009.asp
..and run the test.
Post up the results.
ASKER
The mailserver is down now because of all the emails that has been sent to the server.
Does not work at all. So i cant run the test, just have to get it up and running.
Does not work at all. So i cant run the test, just have to get it up and running.
Have you tried re-starting the exchange services?
What messages are you getting in event log when you try to re-start the services?
What messages are you getting in event log when you try to re-start the services?
MS also have the following article with a couple of security best practices to reduce the risk of security issues.
http://www.microsoft.com/exchange/techinfo/security/ExSecurityBP.asp