Win2k3 exchange server sending SPAM via POSTMASTER account

Posted on 2006-05-25
Last Modified: 2009-10-26

I have a windows 2003 exchange server running. I was informaed that email was being rejected form our domain and checked our domain name on My domain was blacklisted on three different servers and I thought it was from a virus our old exchnage server was compromised with early 2005. I requested my IP be removed from all blacklists, and just as a precaution created an outbound ACL on my PIX515e to disallow all SMTP traffic except the exchange server I have in place. All mail flow stopped completely once the ACL was put in place. I checked my mail queue and discovered at least 5 folders containing mail from my 'postmaster' account waiting to be sent to domains that have nothing to do with our business. I deleted all waiting mail but then refreshed the queue and one more message appeared in the same folder again. I ran into a similar problem recently where one of your experts assisted me with a server which had been a victim of an NDR attack. This does not seem to be the same scenario although similar. My question is this, how may I go about finding the script/bot/or whatever program is generating these emails to be sent out to the world? Furthermore, can anyone assist me in my PIX config so that I may have an outbound ACL to allow only SMTP traffic from this server alone?
Question by:danw76
    LVL 30

    Expert Comment

    make sure your RELAY is configured for proper authentication.

    also in your DNS, you need to have REVERSE ZONE configured
    LVL 35

    Accepted Solution

    Your PIX question, you should post in the security or firewall topic, are post a 20 point question with a link there.

    What you should do on your exchange server is, to enable your SMTP log and keep it in your eye, if there is something unusual. Also you should make sure, that your clients are virus free and not a source of SPAM.

    The outgoing postmaster messages maybe normal or not, take a closer look on them especially on the mail header. If external senders of spam are sending a lot of mails to your server to addresses, which do not exist, your exchange is generating NDRs to the sender address. As these senders are usually not existing, they hang in the queue until they timed out. As long as these are only a few mails, I would say, it is normal and there is not really a way to work around this, as the sender adsresses as well as the recipients are fantasy names.

    Waht you should take care of is the question, if you allow such NDRs to the public in general. Is is a common game to send mails to a bulk of fantasy names to find out, which addresses are delivered and which will bounce back. You can easily make a difference between usual misspelled addresses and addresses, which  are generated by any address generation program. Also an idea is to think about the system, how to generate company email addresses to have a better filter option.
    LVL 12

    Expert Comment

    Please follow this KB Article ->
    Exchange queues fill with many non-delivery reports from the postmaster account in Small Business Server 2003.;EN-US;886208

    Amit Aggarwal.

    Featured Post

    PRTG Network Monitor: Intuitive Network Monitoring

    Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

    Join & Write a Comment

    Suggested Solutions

    Easy CSR creation in Exchange 2007,2010 and 2013
    Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
    In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
    In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now