Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Lotus domino server bombarded by junk emails

Posted on 2007-04-10
11
Medium Priority
?
1,353 Views
Last Modified: 2013-12-18
i really need a solution to some problem  that i am facing since yesterday.
Our server is being bombarded by emails, spam and junk emails. Ever second there are lots of emails comings. I dont know where they are coming from. I changed the configuration a bit and it is not working at all.
When i loook at the server console, the mails are not coming from outside coz i dont see mails being transeffed from outside hosts. Ofcourse the server does get connected to some external hosts but no mails are received.

I am attaching below a typical message log:

04/10/2007 05:12:43 PM  Router: Transferring mail to domain AMQA.COM (host m1.dnsix.COM [63.251.83.84]) via SMTP
04/10/2007 05:12:43 PM  Router: No messages transferred to CRSTUDIO.IT (host mx.CRSTUDIO.IT) via SMTP
04/10/2007 05:12:43 PM  Router: Transferring mail to domain WE-HELP-U.BIZ (host WE-HELP-U.BIZ [12.129.178.28]) via SMTP
04/10/2007 05:12:43 PM  SMTP Server: 65.75.169.7 connected
04/10/2007 05:12:43 PM  Router: No messages transferred to WE-HELP-U.BIZ (host WE-HELP-U.BIZ) via SMTP
04/10/2007 05:12:43 PM  Router: No messages transferred to AMQA.COM (host m1.dnsix.COM) via SMTP
04/10/2007 05:12:43 PM  Router: Message 0061AC80 not routed to recipient adan65@t-online.de for policy reasons
04/10/2007 05:12:43 PM  Router: Policy Reason: Router: waehgpozon@cnkcs.net is restricted from sending mail through server SMTP/MOIC
04/10/2007 05:12:43 PM  Router: Message 0061AC80 not routed to recipient acheck@t-online.de for policy reasons
04/10/2007 05:12:43 PM  Router: Policy Reason: Router: waehgpozon@cnkcs.net is restricted from sending mail through server SMTP/MOIC
04/10/2007 05:12:43 PM  Router: Message 0061AC80 not routed to recipient adamgj@t-online.de for policy reasons
04/10/2007 05:12:43 PM  Router: Policy Reason: Router: waehgpozon@cnkcs.net is restricted from sending mail through server SMTP/MOIC
04/10/2007 05:12:43 PM  Router: Message 0061AC80 not routed to recipient ackerth.feg@t-online.de for policy reasons
04/10/2007 05:12:43 PM  Router: Policy Reason: Router: waehgpozon@cnkcs.net is restricted from sending mail through server SMTP/MOIC
04/10/2007 05:12:44 PM  SMTP Server: 65.75.169.7 disconnected. 0 message[s] received
04/10/2007 05:12:44 PM  Router: Message 0061AC80 not routed to recipient adie_reid@t-online.de for policy reasons
04/10/2007 05:12:44 PM  Router: Policy Reason: Router: waehgpozon@cnkcs.net is restricted from sending mail through server SMTP/MOIC
04/10/2007 05:12:44 PM  Router: Transferring mail to domain COMENCO.COM (host mx1c9.megamailservers.COM [69.156.240.34]) via SMTP
04/10/2007 05:12:45 PM  SMTP Server: 65.75.169.7 connected


I have no clue. I do think that somehow some program is trying to relay the message outside but is not allowed so it gets accumulated in the mail.box of our server.
The accumulation is very fast, i.e. in less than a seconds there are more than 10 entries in the mail box. It started from yesterday and yesterday in around 6 hours there was 200,000 undelivered messages in the mail box.

We are running lotus domino 6.5.1 on windows 2003 platfrom.

Thanks so much.

Suman gurung
0
Comment
Question by:sumangurung
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 46

Accepted Solution

by:
Sjef Bosman earned 500 total points
ID: 18881593
You server might be an "open relay", accepting messages from the Internet to forward them to the Internet again. Spammers are always looking for open relay servers. To find out, use
   http://www.abuse.net/relay.html

To block this, you have to modify the Configuration document, disallowing everything that wants to be relayed from-to the Internet.
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 18881615
0
 

Author Comment

by:sumangurung
ID: 18882066
Thanks for your suggestions.
Relay is prohibited from our server. You can test it, our server is smtp.moic.gov.bt.
I thnk because relaying is not allowed, the mails are getting stored in the mail.box at an alarming rate.  I just checked the mail details from the mail.box and it said that "restricted from relaying through the server".
The weird thing is i dont see much connecting host from the server console. The messages on the console are the one that i posted earlier. What do you think could have caused this?

Thanks
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 63

Assisted Solution

by:SysExpert
SysExpert earned 500 total points
ID: 18882769
I would consider instaling an anti-spam program either on the server or an appliance in front of it, to protect it from SPAM.

Also have your network person do a TCPIP packet trace to see where the emails are arriving from.

I hope this helps !
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 18882883
The trace could indeed tell you whether an inside person has an infected PC.

Is this server the only mail server in your organization, or do you also have Exchange servers (or other) that route their mail through the Domino server?
0
 

Author Comment

by:sumangurung
ID: 18887465
Installing an anti spam program is not possible at this time although it is an excellent idea. I would like to do the packet trace. I wonder how it is done. Can anyone tell me?

This is the only mail server in the organization.

Thanks,
Suman Gurung
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 18887906
0
 
LVL 18

Assisted Solution

by:marilyng
marilyng earned 500 total points
ID: 18888590
kspam (openntf.org) is free and quite good, I used it.   If it's not external relays, then  it's probably an infected computer or server.   Or, people are reading their home mail on their company PC's, and that is spawning mail being dropped onto port 25.
0
 
LVL 1

Assisted Solution

by:sedentary
sedentary earned 500 total points
ID: 18897802
Along with the really good suggestions in this forum, below I have added a few more suggestions you might consider and may find useful:
1. For mail that piles up in the mail.boxes:
Mail Box Cleaner is a scheduled agent that deletes all dead mail from server mail boxes on a regular basis. http://www-10.lotus.com/ldd/sandbox.nsf/ByDateNJ/fb66d28b53ee64c085256dbf00516d97?OpenDocument
2. enable the DNS blacklist filters
3. Examine the smtp headers of one of the messages coming in and list the ip under the inbound setting ---> Deny messages from the following internet addresses/domains:  

4. I didn't see any reference to the AV software you have enabled on your server but most have spam filter capability although it may be an extra license cost but it maybe a less costly way to help with the spam problem.

Hope this helps
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For Desktop Techs: How to retain a user's Notes configuration data when swapping out the end user's computer. (Assuming that you are not upgrading to a completely different version of Notes client) All you need to do is: 1) install Notes o…
  In today’s Arena we can’t imagine our lives without Internet as we are highly used to of it. If we consider our life style just for only 2 min we found that face to face communication is swapped by e-communication.  Every Where from Works place to…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question