Improve company productivity with a Business Account.Sign Up

x
?
Solved

Using Exchange connection to send spam

Posted on 2006-10-25
2
Medium Priority
?
282 Views
Last Modified: 2010-03-06
Hi Experts,

One of our customers had a small issue with an bringing an infected laptop onto their network. It appears that it sent out a bit of spam.  In response we've adjusted visitor access and have modified a number of firewall policies. One thought did occur to me though. Is it possible for a virus/malware application to use the mail account for exchange and route it's garbage mail through the exchange server?

Another way to ask this, is if the user logs into the domain when he/she signs into their account, are they considered an authenticated user to the exchange server in respects for relaying?

Thanks,
Pete Hanson
UAR
0
Comment
Question by:upandrun3
2 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 1000 total points
ID: 17804369
I would be surprised if the spam message went through your Exchange server. I have never seen spam go through Exchange that way before.

What probably happened was the infected machine has its own SMTP engine and sent the messages out that way. If you only have a single IP address then the message would appear to come from your site.

The best way to deal with this is to block port 25 (SMTP) for the entire network. If an infected machine tries to connect to the outside world then it will fail and fill up the event logs on your firewall.

As for authenticated relaying, connecting to the network does not allow relaying over the SMTP interface of Exchange, unless your Exchange server is configured to allow relaying based on IP address (which is a bad idea).
The client machine would still have to authenticate to send its messages.

A MAPI connection is something very different and I haven't seen a piece of malware use a MAPI connection to send its messages (not that they don't exist - but there would be little point as MAPI is mainly a business service and most compromised machines are at home).

Simon.
0
 
LVL 4

Author Comment

by:upandrun3
ID: 17821450
Hi Simon,

Thanks for the reply.

That's what I was figuring, just wanted to get another experts opinion on the possibility. I've already locked down the router to prevent communication over port 25.

Thanks,
Pete
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

This article involves a discussion about issues people have when it comes to Client Access in relating to Load Balancing in an Exchange environment which we had ourselves, along with a solution I found to the problem.
How to Import Outlook PST file to Exchange Server Mailbox without Powershell and Exchange Admin Center. Use SysTools Exchange Import Tool to Move PST file in Exchange 2016 / 13 / 10/ 07 Server Mailbox including Contacts, Calendar, Task and journal d…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
In this video I will demonstrate how to set up Nine, which I now consider the best alternative email app to Touchdown.

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question