pcspeedwaycom
asked on
SMTP Queue is flooded with soam....
I have two Exchange 2K3 servers running on 2003 servers. No FE\BE config at all. The problem is I am getting flooded with junk on my first email SMTP queue. There is nothing hitting my second? All email functions are fine in and out. I found when I turn off the Exchange MTA Stacks Service all email is fine and there is no more flooding. I have my Virtual Server set up as follows
Both have the same on Authentication, Connection and Relay
Authentication
All options are checked
Connection
All but the list below
List is empty
Relay
Only the listed below.
My domain is listed in the list as Granted.
What am I doing wrong?
Both have the same on Authentication, Connection and Relay
Authentication
All options are checked
Connection
All but the list below
List is empty
Relay
Only the listed below.
My domain is listed in the list as Granted.
What am I doing wrong?
ASKER
Additional Info
When I have the service running my CPU Utilization Dual (P3 1 GHZ) are running at anywhere from 35 to 50%
When I have the service running my CPU Utilization Dual (P3 1 GHZ) are running at anywhere from 35 to 50%
It sounds like you might be the victim of an authenticated user SPAM attack. This is where a user account has been comprimised and the spammer is sending email as that authenticated user.
Do you have any users sending email via SMTP? Outlook Express for example?
If not, then you can disable the feature.
If you do then you will need to turn up logging and see which account is being used. You can then get the account disabled or the password changed.
Simon.
Do you have any users sending email via SMTP? Outlook Express for example?
If not, then you can disable the feature.
If you do then you will need to turn up logging and see which account is being used. You can then get the account disabled or the password changed.
Simon.
ASKER
That was a great KB Article, I have 3 Exchange resource books and none spell it out as nice. I am turning off anyonomous access on the authentication to see what happens. I thought that would stop incoming mail from external domains. I am also looking at the tracking and see the senders as bogus email addresses? All of the recipients are bogus users @mydomain.com?
So, Does this mean I am not relaying simply being pummeled with junk mail?
So, Does this mean I am not relaying simply being pummeled with junk mail?
Good thing I refreshed before I posted :-)
My post was right there with Sembee... alot of admins will create simple test accounts like test with a password of test. This is just asking for trouble. More often than not when I've seen this problems is has been in directly connected to a compromised user account. SMTP logging to Max will identify this for you.
Exch 2003:
ESM, Right click your server and choose properties. Select the Diagnostics Loggings tab, select MSExchangeTransport in the left pane, choose SMTP Protocol in the right pane and finally select Maximum in the option list below.
My post was right there with Sembee... alot of admins will create simple test accounts like test with a password of test. This is just asking for trouble. More often than not when I've seen this problems is has been in directly connected to a compromised user account. SMTP logging to Max will identify this for you.
Exch 2003:
ESM, Right click your server and choose properties. Select the Diagnostics Loggings tab, select MSExchangeTransport in the left pane, choose SMTP Protocol in the right pane and finally select Maximum in the option list below.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have followed everything I can find regarding relaying and recipient filterng and now I have over 6000 message in my SMTP Mailbox Store. All of the senders are bogus and about 99.999 % of the recipients are bogus. It seems all the messages are x400 realted in the Recipients part of the message when I open it in the queue? I am lost... When I stop the Exchange MTA Stack service nothing comes in?
ASKER
Clrification, Nothing bogus comes in. Everything else seems to work fine?
Just need to do some clean up then.
Take a look at this article from Microsoft KB. Ignore the SBS references, it applies to regular Exchange as well.
http://support.microsoft.com/default.aspx?kbid=324958
Simon.
Take a look at this article from Microsoft KB. Ignore the SBS references, it applies to regular Exchange as well.
http://support.microsoft.com/default.aspx?kbid=324958
Simon.
if you have not seen this it will help http://support.microsoft.com/default.aspx?scid=kb;en-us;823019&Product=exch2003
Hope This helps