Solved

Spam going out from our server

Posted on 2006-11-01
11
178 Views
Last Modified: 2010-04-11
We have spam going out form our server and would like to find a way of stopping it. We use MSExchange on MS Server 2003.
0
Comment
Question by:Bartley1969
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 30

Expert Comment

by:pgm554
ID: 17850566
How to you know it's from the server?

Have you run a sniffer or looked at any log files from your firewall?

0
 
LVL 30

Expert Comment

by:pgm554
ID: 17850584
Make sure that Xchange is not configured as an open relay.

http://support.microsoft.com/kb/895853
0
 

Author Comment

by:Bartley1969
ID: 17850617
well, when i say the server i mean the external ip
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 30

Expert Comment

by:pgm554
ID: 17850841
Try the M$ KB first ,it should give you a couple of places to look first.

Then I would look at firewall logs to see if you can find an IP address out on your network that might be acting as a SMTP gateway.(port 25 and maybe 9025)
0
 
LVL 5

Expert Comment

by:shankshank
ID: 17852576
on my pix firewall I blocked port 25 SMTP on ALL network addresses, except my exchange server
0
 
LVL 26

Accepted Solution

by:
lnkevin earned 500 total points
ID: 17853860
Most of the time, Exchange 2003 will not be configured to open relay by default. However, spammer can still attack and open relay if you don't have spam protection. Nowadays, almost everyone who run exchange server in house has to implement spam protection for its security. You can purchase a spam protection appliance if you are running more than 100 account users on exchange: http://www.barracudanetworks.com/ns/?L=en
If you have a smaller environment, you may want to use host protection: www.postini.com (you will pay for monthly per account)
Protecting spam from Exchange server is a number 1 priority task. I would not recommend for a couple hundred bucks software because it will ruin your server and the result is not warranty. I was in the same situation and trying to download a free software with black list ...ect it's a waiste of time and efforts. I just throw in some opinions as I have been through your situation.

K
0
 
LVL 30

Expert Comment

by:pgm554
ID: 17853988
They've all ways been blocked or you just did it recently?

If spam is still going out,it is not necessary that a virus use port 25 to send  email.

If you see nothing that stands out in your firewall log files,I would look a setting up WireShark and do a packet capture and see what out on your network.
0
 
LVL 5

Expert Comment

by:cjtraman
ID: 17857106
add your gateway & exchnage server IP address in relay tab in default smtp virtual server property sheet.
0
 
LVL 1

Expert Comment

by:Yorkie0362
ID: 17876021
How have you detected this spam first of all, are you absolutely sure that it isn't exchange sending NDR's back to people who are sending spam to you ?
0
 

Author Comment

by:Bartley1969
ID: 17879488
Yorkie0362,
the external IP was blacklisted by SpamCop. Not sure how spam is getting out but need to start somewhere!
0
 

Author Comment

by:Bartley1969
ID: 17898620
Put on a spam blocker as part of the solution and restricted port 25 on the firewall.
0

Featured Post

Enroll in July's Course of the Month

July's Course of the Month is now available! Enroll to learn HTML5 and prepare for certification. It's free for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses
Course of the Month5 days, 16 hours left to enroll

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question