[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Using Exchange connection to send spam

Posted on 2006-10-25
2
Medium Priority
?
275 Views
Last Modified: 2010-03-06
Hi Experts,

One of our customers had a small issue with an bringing an infected laptop onto their network. It appears that it sent out a bit of spam.  In response we've adjusted visitor access and have modified a number of firewall policies. One thought did occur to me though. Is it possible for a virus/malware application to use the mail account for exchange and route it's garbage mail through the exchange server?

Another way to ask this, is if the user logs into the domain when he/she signs into their account, are they considered an authenticated user to the exchange server in respects for relaying?

Thanks,
Pete Hanson
UAR
0
Comment
Question by:upandrun3
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 1000 total points
ID: 17804369
I would be surprised if the spam message went through your Exchange server. I have never seen spam go through Exchange that way before.

What probably happened was the infected machine has its own SMTP engine and sent the messages out that way. If you only have a single IP address then the message would appear to come from your site.

The best way to deal with this is to block port 25 (SMTP) for the entire network. If an infected machine tries to connect to the outside world then it will fail and fill up the event logs on your firewall.

As for authenticated relaying, connecting to the network does not allow relaying over the SMTP interface of Exchange, unless your Exchange server is configured to allow relaying based on IP address (which is a bad idea).
The client machine would still have to authenticate to send its messages.

A MAPI connection is something very different and I haven't seen a piece of malware use a MAPI connection to send its messages (not that they don't exist - but there would be little point as MAPI is mainly a business service and most compromised machines are at home).

Simon.
0
 
LVL 4

Author Comment

by:upandrun3
ID: 17821450
Hi Simon,

Thanks for the reply.

That's what I was figuring, just wanted to get another experts opinion on the possibility. I've already locked down the router to prevent communication over port 25.

Thanks,
Pete
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
This video discusses moving either the default database or any database to a new volume.

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question