Solved

Using Exchange connection to send spam

Posted on 2006-10-25
2
243 Views
Last Modified: 2010-03-06
Hi Experts,

One of our customers had a small issue with an bringing an infected laptop onto their network. It appears that it sent out a bit of spam.  In response we've adjusted visitor access and have modified a number of firewall policies. One thought did occur to me though. Is it possible for a virus/malware application to use the mail account for exchange and route it's garbage mail through the exchange server?

Another way to ask this, is if the user logs into the domain when he/she signs into their account, are they considered an authenticated user to the exchange server in respects for relaying?

Thanks,
Pete Hanson
UAR
0
Comment
Question by:upandrun3
2 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 250 total points
ID: 17804369
I would be surprised if the spam message went through your Exchange server. I have never seen spam go through Exchange that way before.

What probably happened was the infected machine has its own SMTP engine and sent the messages out that way. If you only have a single IP address then the message would appear to come from your site.

The best way to deal with this is to block port 25 (SMTP) for the entire network. If an infected machine tries to connect to the outside world then it will fail and fill up the event logs on your firewall.

As for authenticated relaying, connecting to the network does not allow relaying over the SMTP interface of Exchange, unless your Exchange server is configured to allow relaying based on IP address (which is a bad idea).
The client machine would still have to authenticate to send its messages.

A MAPI connection is something very different and I haven't seen a piece of malware use a MAPI connection to send its messages (not that they don't exist - but there would be little point as MAPI is mainly a business service and most compromised machines are at home).

Simon.
0
 
LVL 4

Author Comment

by:upandrun3
ID: 17821450
Hi Simon,

Thanks for the reply.

That's what I was figuring, just wanted to get another experts opinion on the possibility. I've already locked down the router to prevent communication over port 25.

Thanks,
Pete
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Outlook 2010 not responding 14 44
On-premise Digitally Signed/Encrypted Secure E-mail Solutions 1 35
exchange, active directory 4 23
Exchange Certificate 5 32
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now