[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 410
  • Last Modified:

SMTP Open Relay being used to send spam

I'm running Win Server 2k3 standard. I enabled the built in POP3 service for one email account.

Yeserday morning I noticed a tremendous amount of unexplained traffic going to and from my server. Using Ethereal I was able to determine that my server was being used to relay spam.  

I closed smtp ports on my firewall, but then I realized my server was sending out NBNS and DNS queries for various domains.
I stoped the smtp service, but this did not end the queries so I rebooted the server. This helped, but the server was still sending NBNS  queries for various domains. I ended up disabling both LAN connections for the time being. I let the server sit overnight and in the morning enabled both LAN connections and noticed that it was no longer sending DNS or NBNS queries, only broadcast traffic for local host and the sort.
 
At this point I moved to configure the SMTP Virtual Server as follows:
Default SMTP Virtual Server > Properties > Access > Relay restrictions = Only the list below (IP address of one local host)
Default SMTP Virtual Server > Properties > Access > Access Control = Integrated Windows Authentication
Default SMTP Virtual Server > Properties > Access > Connection Control = Only the list below (IP address of one local host)
then opened smtp port on the firewall

This helped quite a bit, but I still see attempts to establish a TCP connection on port 25 from various ip addresses.

Does anyone have any advise on some alternatives I could configure my SMTP virtual server because now I cannot receive emails from external domains.

Thank you in advance.

0
dzacharczyk
Asked:
dzacharczyk
  • 2
  • 2
1 Solution
 
VahikCommented:
u cant receice because u have integraded enabled...that wont work ....inorder for u to receive internet email u need to enable annonymous authentication.....
0
 
dzacharczykAuthor Commented:
Thank you for your response.

So in essense relay restrictions is going to give me the control I need to keep people from spamming via my server?
0
 
VahikCommented:
Relaying and spamming are two diffrent things....and even though exchange 2003
by default is relay proof it does not mean IT IS....
you can never eliminate spam or completely prevent some NICE folks try to relay from ur exchange.....
As far as Spam is concerned (the ones destined for ur domain)u can eliminate most of it depending on  the product u use....
Relaying as i said is disabled for traditional form of relaying....but there are other ways to relay from exchange server and u must be VERY proactive in monitoring them...



So in essense relay restrictions is going to give me the control I need to keep people from spamming via my server?

To a certain degree....


0
 
dzacharczykAuthor Commented:
Thanks for your help :)
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now