Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Exchange 2003 SMTP security lockdown procedures

Posted on 2007-03-25
1
Medium Priority
?
2,263 Views
Last Modified: 2012-05-05
Im using Small Business Server for exchange 2003 mail management.

Periodocially i find that my server is being used to relay messages by spammers.

Is there a consise checklist of security steps i should follow?


0
Comment
Question by:mbalsam
1 Comment
 
LVL 104

Accepted Solution

by:
Sembee earned 2000 total points
ID: 18788341
Exchange 2003 is relay secure out of the box, so something has been changed.

There are three main ways that an Exchange server can be abused...

- configuration error on the SMTP virtual server or SMTP Connector turns the machine in to an open relay

- authenticated relaying - where the administrator password has been compromised and is being used to allow messages to be sent through the server.

- NDR spam - this is where messages are sent to your server with invalid email addresses on purpose. Your server then tries to bounce them back to the "sender" - who is spoofed and is the real target.

For NDR spam you should deploy recipient filtering and the tarpit.
http://www.amset.info/exchange/filter-unknown.asp

For authenticated user relaying, you need to look at changing the settings.
http://www.amset.info/exchange/smtp-relaysecure.asp

Finally, for checking whether the machine is an open relay, see my article here:
http://www.amset.info/exchange/smtp-openrelay.asp

Simon.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes Top 9 Exchange troubleshooting utilities that every Exchange Administrator should know. Most of the utilities are available free of cost. List of tools that I am going to explain in this article are:   Microsoft Remote Con…
How to effectively resolve the number one email related issue received by helpdesks.
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question