Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 196
  • Last Modified:

Security against sending spam

Hi!

How am I secured against that my Exchange server sending out spam to the world?
How can I control that this doesn't occur? Can I know when it occurs (before anyone complains, if so)?

We using a pop3 parser for delivery TO Exchange from our ISP (and please leave that so, that's our choice).
Exchange are sending the mail directly,  not through smtprelay.
0
dingir
Asked:
dingir
  • 2
2 Solutions
 
ArathCommented:
Make sure that your mailserver does not allow relaying.
Thats the main point. IF it does not allow realying, then it can't be used by external to send spam.
0
 
simonpainterCommented:
You may want to invest in either a software solution or an appliance to filter your outbound mail in the same way that you could filter inbound mail... such appliances look at an SMTP stream and don't care which direction it is going in.

Alternatively you could use firewall rule to ensure that only your exchange server can send smtp traffic and that it can only send to your ISP's relay server. That way your ISP is likely to notice spam being sent out by you and cut you off until you rectify the problem. You will also prevent malicious code on PC's from sending out mail through their own onboard smtp servers.
0
 
dingirAuthor Commented:
Arath: Thanks' I don't think that my Exchange is configured for Relaying. Is there a way to check? I haven't specifically configured it that way :-).


Simonpainter
I'm not afraid that anyone gets into our network and sending spam. Also the use of port 25 already is restricted to the mailserver 8-). I was more out for the risk that Exchange itself starting to send spam. In case of misconfigured or hacked mailheaders making exchange believe anything else?! Maybe that doesn't work that way? I think that should be a really major problem before our ISP telling us that we sending out SPAM -- If that would be the case, that should be appearable at used bandwith/connections in the firewall.
0
 
ArathCommented:
http://www.amset.info/exchange/spam-cleanup.asp

Here you find info on where to configure and how to test if your server relays.
0

Featured Post

Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now