SMTP Open Relay being used to send spam

Posted on 2006-05-13
Last Modified: 2010-04-18
I'm running Win Server 2k3 standard. I enabled the built in POP3 service for one email account.

Yeserday morning I noticed a tremendous amount of unexplained traffic going to and from my server. Using Ethereal I was able to determine that my server was being used to relay spam.  

I closed smtp ports on my firewall, but then I realized my server was sending out NBNS and DNS queries for various domains.
I stoped the smtp service, but this did not end the queries so I rebooted the server. This helped, but the server was still sending NBNS  queries for various domains. I ended up disabling both LAN connections for the time being. I let the server sit overnight and in the morning enabled both LAN connections and noticed that it was no longer sending DNS or NBNS queries, only broadcast traffic for local host and the sort.
At this point I moved to configure the SMTP Virtual Server as follows:
Default SMTP Virtual Server > Properties > Access > Relay restrictions = Only the list below (IP address of one local host)
Default SMTP Virtual Server > Properties > Access > Access Control = Integrated Windows Authentication
Default SMTP Virtual Server > Properties > Access > Connection Control = Only the list below (IP address of one local host)
then opened smtp port on the firewall

This helped quite a bit, but I still see attempts to establish a TCP connection on port 25 from various ip addresses.

Does anyone have any advise on some alternatives I could configure my SMTP virtual server because now I cannot receive emails from external domains.

Thank you in advance.

Question by:dzacharczyk
    LVL 26

    Expert Comment

    u cant receice because u have integraded enabled...that wont work ....inorder for u to receive internet email u need to enable annonymous authentication.....

    Author Comment

    Thank you for your response.

    So in essense relay restrictions is going to give me the control I need to keep people from spamming via my server?
    LVL 26

    Accepted Solution

    Relaying and spamming are two diffrent things....and even though exchange 2003
    by default is relay proof it does not mean IT IS....
    you can never eliminate spam or completely prevent some NICE folks try to relay from ur exchange.....
    As far as Spam is concerned (the ones destined for ur domain)u can eliminate most of it depending on  the product u use....
    Relaying as i said is disabled for traditional form of relaying....but there are other ways to relay from exchange server and u must be VERY proactive in monitoring them...

    So in essense relay restrictions is going to give me the control I need to keep people from spamming via my server?

    To a certain degree....


    Author Comment

    Thanks for your help :)

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    This video discusses moving either the default database or any database to a new volume.

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now