We help IT Professionals succeed at work.

Spam going out from our server

Bartley1969
Bartley1969 asked
on
Medium Priority
194 Views
Last Modified: 2010-04-11
We have spam going out form our server and would like to find a way of stopping it. We use MSExchange on MS Server 2003.
Comment
Watch Question

CERTIFIED EXPERT

Commented:
How to you know it's from the server?

Have you run a sniffer or looked at any log files from your firewall?

CERTIFIED EXPERT

Commented:
Make sure that Xchange is not configured as an open relay.

http://support.microsoft.com/kb/895853

Author

Commented:
well, when i say the server i mean the external ip
CERTIFIED EXPERT

Commented:
Try the M$ KB first ,it should give you a couple of places to look first.

Then I would look at firewall logs to see if you can find an IP address out on your network that might be acting as a SMTP gateway.(port 25 and maybe 9025)
on my pix firewall I blocked port 25 SMTP on ALL network addresses, except my exchange server
Top Expert 2009
Commented:
Most of the time, Exchange 2003 will not be configured to open relay by default. However, spammer can still attack and open relay if you don't have spam protection. Nowadays, almost everyone who run exchange server in house has to implement spam protection for its security. You can purchase a spam protection appliance if you are running more than 100 account users on exchange: http://www.barracudanetworks.com/ns/?L=en
If you have a smaller environment, you may want to use host protection: www.postini.com (you will pay for monthly per account)
Protecting spam from Exchange server is a number 1 priority task. I would not recommend for a couple hundred bucks software because it will ruin your server and the result is not warranty. I was in the same situation and trying to download a free software with black list ...ect it's a waiste of time and efforts. I just throw in some opinions as I have been through your situation.

K

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
CERTIFIED EXPERT

Commented:
They've all ways been blocked or you just did it recently?

If spam is still going out,it is not necessary that a virus use port 25 to send  email.

If you see nothing that stands out in your firewall log files,I would look a setting up WireShark and do a packet capture and see what out on your network.

Commented:
add your gateway & exchnage server IP address in relay tab in default smtp virtual server property sheet.
How have you detected this spam first of all, are you absolutely sure that it isn't exchange sending NDR's back to people who are sending spam to you ?

Author

Commented:
Yorkie0362,
the external IP was blacklisted by SpamCop. Not sure how spam is getting out but need to start somewhere!

Author

Commented:
Put on a spam blocker as part of the solution and restricted port 25 on the firewall.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.