Solved

Using Exchange connection to send spam

Posted on 2006-10-25
2
224 Views
Last Modified: 2010-03-06
Hi Experts,

One of our customers had a small issue with an bringing an infected laptop onto their network. It appears that it sent out a bit of spam.  In response we've adjusted visitor access and have modified a number of firewall policies. One thought did occur to me though. Is it possible for a virus/malware application to use the mail account for exchange and route it's garbage mail through the exchange server?

Another way to ask this, is if the user logs into the domain when he/she signs into their account, are they considered an authenticated user to the exchange server in respects for relaying?

Thanks,
Pete Hanson
UAR
0
Comment
Question by:upandrun3
2 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 250 total points
ID: 17804369
I would be surprised if the spam message went through your Exchange server. I have never seen spam go through Exchange that way before.

What probably happened was the infected machine has its own SMTP engine and sent the messages out that way. If you only have a single IP address then the message would appear to come from your site.

The best way to deal with this is to block port 25 (SMTP) for the entire network. If an infected machine tries to connect to the outside world then it will fail and fill up the event logs on your firewall.

As for authenticated relaying, connecting to the network does not allow relaying over the SMTP interface of Exchange, unless your Exchange server is configured to allow relaying based on IP address (which is a bad idea).
The client machine would still have to authenticate to send its messages.

A MAPI connection is something very different and I haven't seen a piece of malware use a MAPI connection to send its messages (not that they don't exist - but there would be little point as MAPI is mainly a business service and most compromised machines are at home).

Simon.
0
 
LVL 4

Author Comment

by:upandrun3
ID: 17821450
Hi Simon,

Thanks for the reply.

That's what I was figuring, just wanted to get another experts opinion on the possibility. I've already locked down the router to prevent communication over port 25.

Thanks,
Pete
0

Featured Post

Shouldn't all users have the same email signature?

You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

Join & Write a Comment

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now