Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1647
  • Last Modified:

SMTP Current Sessions Question

I am seeing mysterious users showing up under the "Current Sessions" for the default SMTP server on my exchange server.  I am positive that my server is not configured as an open relay and not quite sure what to make of this. Any ideas?
0
andreacadia
Asked:
andreacadia
  • 2
1 Solution
 
wattsuputahCommented:
What do you mean by "mysterious"?

As long as your server is listening for and allowing SMTP connections you will probably see "mysterious" connections.  If you are not an open relay then you shouldn't have to worry about these.  The fact is spammers may be trying to use your server...but will obviously fail if you are set up properly.

If you have consistent mysterious connections you can control that by configuring connection control on the SMTP virtual server.  You could deny connection by IP or domain.

Regards,
0
 
andreacadiaAuthor Commented:
ok..so then it s normal to see sessions from users that i do not recognize?
0
 
GeoffWhiteCommented:
Heaps of mass mailer viruses have come out this last week( a new version of SOBER?) that are doing this.  If you look in the Message tracking Centre you can see them coming in with the correct email addresses(from the SMTP envelope), but the names in if the TO: field of the header has the bogus names.

Some will try for ages to find a address that accepts mail.  Try turining of connection filtering with blacklist checking, it helps a bit.  A connection does not indicate a sucessful mail transfer.

http://support.microsoft.com/default.aspx?scid=kb;en-us;823866
0
 
wattsuputahCommented:
" ok..so then it s normal to see sessions from users that i do not recognize?"

Yes.  as long as this is a server that is a valid MX server for your domain.  You will see connections from everyone that is trying to send your organization email.

As Geoff states, it is possible that a persistent connection could potentially be the result of a virus.  It is also possible that a single sender is sending a "mass mailer" email to each one of your users...the servers would have to stay connected for a while to transfer these messages.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now