Solved

Lotus domino server bombarded by junk emails

Posted on 2007-04-10
11
1,346 Views
Last Modified: 2013-12-18
i really need a solution to some problem  that i am facing since yesterday.
Our server is being bombarded by emails, spam and junk emails. Ever second there are lots of emails comings. I dont know where they are coming from. I changed the configuration a bit and it is not working at all.
When i loook at the server console, the mails are not coming from outside coz i dont see mails being transeffed from outside hosts. Ofcourse the server does get connected to some external hosts but no mails are received.

I am attaching below a typical message log:

04/10/2007 05:12:43 PM  Router: Transferring mail to domain AMQA.COM (host m1.dnsix.COM [63.251.83.84]) via SMTP
04/10/2007 05:12:43 PM  Router: No messages transferred to CRSTUDIO.IT (host mx.CRSTUDIO.IT) via SMTP
04/10/2007 05:12:43 PM  Router: Transferring mail to domain WE-HELP-U.BIZ (host WE-HELP-U.BIZ [12.129.178.28]) via SMTP
04/10/2007 05:12:43 PM  SMTP Server: 65.75.169.7 connected
04/10/2007 05:12:43 PM  Router: No messages transferred to WE-HELP-U.BIZ (host WE-HELP-U.BIZ) via SMTP
04/10/2007 05:12:43 PM  Router: No messages transferred to AMQA.COM (host m1.dnsix.COM) via SMTP
04/10/2007 05:12:43 PM  Router: Message 0061AC80 not routed to recipient adan65@t-online.de for policy reasons
04/10/2007 05:12:43 PM  Router: Policy Reason: Router: waehgpozon@cnkcs.net is restricted from sending mail through server SMTP/MOIC
04/10/2007 05:12:43 PM  Router: Message 0061AC80 not routed to recipient acheck@t-online.de for policy reasons
04/10/2007 05:12:43 PM  Router: Policy Reason: Router: waehgpozon@cnkcs.net is restricted from sending mail through server SMTP/MOIC
04/10/2007 05:12:43 PM  Router: Message 0061AC80 not routed to recipient adamgj@t-online.de for policy reasons
04/10/2007 05:12:43 PM  Router: Policy Reason: Router: waehgpozon@cnkcs.net is restricted from sending mail through server SMTP/MOIC
04/10/2007 05:12:43 PM  Router: Message 0061AC80 not routed to recipient ackerth.feg@t-online.de for policy reasons
04/10/2007 05:12:43 PM  Router: Policy Reason: Router: waehgpozon@cnkcs.net is restricted from sending mail through server SMTP/MOIC
04/10/2007 05:12:44 PM  SMTP Server: 65.75.169.7 disconnected. 0 message[s] received
04/10/2007 05:12:44 PM  Router: Message 0061AC80 not routed to recipient adie_reid@t-online.de for policy reasons
04/10/2007 05:12:44 PM  Router: Policy Reason: Router: waehgpozon@cnkcs.net is restricted from sending mail through server SMTP/MOIC
04/10/2007 05:12:44 PM  Router: Transferring mail to domain COMENCO.COM (host mx1c9.megamailservers.COM [69.156.240.34]) via SMTP
04/10/2007 05:12:45 PM  SMTP Server: 65.75.169.7 connected


I have no clue. I do think that somehow some program is trying to relay the message outside but is not allowed so it gets accumulated in the mail.box of our server.
The accumulation is very fast, i.e. in less than a seconds there are more than 10 entries in the mail box. It started from yesterday and yesterday in around 6 hours there was 200,000 undelivered messages in the mail box.

We are running lotus domino 6.5.1 on windows 2003 platfrom.

Thanks so much.

Suman gurung
0
Comment
Question by:sumangurung
11 Comments
 
LVL 46

Accepted Solution

by:
Sjef Bosman earned 125 total points
ID: 18881593
You server might be an "open relay", accepting messages from the Internet to forward them to the Internet again. Spammers are always looking for open relay servers. To find out, use
   http://www.abuse.net/relay.html

To block this, you have to modify the Configuration document, disallowing everything that wants to be relayed from-to the Internet.
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 18881615
0
 

Author Comment

by:sumangurung
ID: 18882066
Thanks for your suggestions.
Relay is prohibited from our server. You can test it, our server is smtp.moic.gov.bt.
I thnk because relaying is not allowed, the mails are getting stored in the mail.box at an alarming rate.  I just checked the mail details from the mail.box and it said that "restricted from relaying through the server".
The weird thing is i dont see much connecting host from the server console. The messages on the console are the one that i posted earlier. What do you think could have caused this?

Thanks
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 63

Assisted Solution

by:SysExpert
SysExpert earned 125 total points
ID: 18882769
I would consider instaling an anti-spam program either on the server or an appliance in front of it, to protect it from SPAM.

Also have your network person do a TCPIP packet trace to see where the emails are arriving from.

I hope this helps !
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 18882883
The trace could indeed tell you whether an inside person has an infected PC.

Is this server the only mail server in your organization, or do you also have Exchange servers (or other) that route their mail through the Domino server?
0
 

Author Comment

by:sumangurung
ID: 18887465
Installing an anti spam program is not possible at this time although it is an excellent idea. I would like to do the packet trace. I wonder how it is done. Can anyone tell me?

This is the only mail server in the organization.

Thanks,
Suman Gurung
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 18887906
0
 
LVL 18

Assisted Solution

by:marilyng
marilyng earned 125 total points
ID: 18888590
kspam (openntf.org) is free and quite good, I used it.   If it's not external relays, then  it's probably an infected computer or server.   Or, people are reading their home mail on their company PC's, and that is spawning mail being dropped onto port 25.
0
 
LVL 1

Assisted Solution

by:sedentary
sedentary earned 125 total points
ID: 18897802
Along with the really good suggestions in this forum, below I have added a few more suggestions you might consider and may find useful:
1. For mail that piles up in the mail.boxes:
Mail Box Cleaner is a scheduled agent that deletes all dead mail from server mail boxes on a regular basis. http://www-10.lotus.com/ldd/sandbox.nsf/ByDateNJ/fb66d28b53ee64c085256dbf00516d97?OpenDocument
2. enable the DNS blacklist filters
3. Examine the smtp headers of one of the messages coming in and list the ip under the inbound setting ---> Deny messages from the following internet addresses/domains:  

4. I didn't see any reference to the AV software you have enabled on your server but most have spam filter capability although it may be an extra license cost but it maybe a less costly way to help with the spam problem.

Hope this helps
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For Desktop Techs: How to retain a user's Notes configuration data when swapping out the end user's computer. (Assuming that you are not upgrading to a completely different version of Notes client) All you need to do is: 1) install Notes o…
IBM Notes offer Encryption feature using which the user can secure its NSF emails or entire database easily. In this section we will discuss about the process to Encrypt Incoming and Outgoing Mails in depth.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question