Solved

Lotus domino server bombarded by junk emails

Posted on 2007-04-10
11
1,340 Views
Last Modified: 2013-12-18
i really need a solution to some problem  that i am facing since yesterday.
Our server is being bombarded by emails, spam and junk emails. Ever second there are lots of emails comings. I dont know where they are coming from. I changed the configuration a bit and it is not working at all.
When i loook at the server console, the mails are not coming from outside coz i dont see mails being transeffed from outside hosts. Ofcourse the server does get connected to some external hosts but no mails are received.

I am attaching below a typical message log:

04/10/2007 05:12:43 PM  Router: Transferring mail to domain AMQA.COM (host m1.dnsix.COM [63.251.83.84]) via SMTP
04/10/2007 05:12:43 PM  Router: No messages transferred to CRSTUDIO.IT (host mx.CRSTUDIO.IT) via SMTP
04/10/2007 05:12:43 PM  Router: Transferring mail to domain WE-HELP-U.BIZ (host WE-HELP-U.BIZ [12.129.178.28]) via SMTP
04/10/2007 05:12:43 PM  SMTP Server: 65.75.169.7 connected
04/10/2007 05:12:43 PM  Router: No messages transferred to WE-HELP-U.BIZ (host WE-HELP-U.BIZ) via SMTP
04/10/2007 05:12:43 PM  Router: No messages transferred to AMQA.COM (host m1.dnsix.COM) via SMTP
04/10/2007 05:12:43 PM  Router: Message 0061AC80 not routed to recipient adan65@t-online.de for policy reasons
04/10/2007 05:12:43 PM  Router: Policy Reason: Router: waehgpozon@cnkcs.net is restricted from sending mail through server SMTP/MOIC
04/10/2007 05:12:43 PM  Router: Message 0061AC80 not routed to recipient acheck@t-online.de for policy reasons
04/10/2007 05:12:43 PM  Router: Policy Reason: Router: waehgpozon@cnkcs.net is restricted from sending mail through server SMTP/MOIC
04/10/2007 05:12:43 PM  Router: Message 0061AC80 not routed to recipient adamgj@t-online.de for policy reasons
04/10/2007 05:12:43 PM  Router: Policy Reason: Router: waehgpozon@cnkcs.net is restricted from sending mail through server SMTP/MOIC
04/10/2007 05:12:43 PM  Router: Message 0061AC80 not routed to recipient ackerth.feg@t-online.de for policy reasons
04/10/2007 05:12:43 PM  Router: Policy Reason: Router: waehgpozon@cnkcs.net is restricted from sending mail through server SMTP/MOIC
04/10/2007 05:12:44 PM  SMTP Server: 65.75.169.7 disconnected. 0 message[s] received
04/10/2007 05:12:44 PM  Router: Message 0061AC80 not routed to recipient adie_reid@t-online.de for policy reasons
04/10/2007 05:12:44 PM  Router: Policy Reason: Router: waehgpozon@cnkcs.net is restricted from sending mail through server SMTP/MOIC
04/10/2007 05:12:44 PM  Router: Transferring mail to domain COMENCO.COM (host mx1c9.megamailservers.COM [69.156.240.34]) via SMTP
04/10/2007 05:12:45 PM  SMTP Server: 65.75.169.7 connected


I have no clue. I do think that somehow some program is trying to relay the message outside but is not allowed so it gets accumulated in the mail.box of our server.
The accumulation is very fast, i.e. in less than a seconds there are more than 10 entries in the mail box. It started from yesterday and yesterday in around 6 hours there was 200,000 undelivered messages in the mail box.

We are running lotus domino 6.5.1 on windows 2003 platfrom.

Thanks so much.

Suman gurung
0
Comment
Question by:sumangurung
11 Comments
 
LVL 46

Accepted Solution

by:
Sjef Bosman earned 125 total points
ID: 18881593
You server might be an "open relay", accepting messages from the Internet to forward them to the Internet again. Spammers are always looking for open relay servers. To find out, use
   http://www.abuse.net/relay.html

To block this, you have to modify the Configuration document, disallowing everything that wants to be relayed from-to the Internet.
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 18881615
0
 

Author Comment

by:sumangurung
ID: 18882066
Thanks for your suggestions.
Relay is prohibited from our server. You can test it, our server is smtp.moic.gov.bt.
I thnk because relaying is not allowed, the mails are getting stored in the mail.box at an alarming rate.  I just checked the mail details from the mail.box and it said that "restricted from relaying through the server".
The weird thing is i dont see much connecting host from the server console. The messages on the console are the one that i posted earlier. What do you think could have caused this?

Thanks
0
 
LVL 63

Assisted Solution

by:SysExpert
SysExpert earned 125 total points
ID: 18882769
I would consider instaling an anti-spam program either on the server or an appliance in front of it, to protect it from SPAM.

Also have your network person do a TCPIP packet trace to see where the emails are arriving from.

I hope this helps !
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 18882883
The trace could indeed tell you whether an inside person has an infected PC.

Is this server the only mail server in your organization, or do you also have Exchange servers (or other) that route their mail through the Domino server?
0
 

Author Comment

by:sumangurung
ID: 18887465
Installing an anti spam program is not possible at this time although it is an excellent idea. I would like to do the packet trace. I wonder how it is done. Can anyone tell me?

This is the only mail server in the organization.

Thanks,
Suman Gurung
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 18887906
0
 
LVL 18

Assisted Solution

by:marilyng
marilyng earned 125 total points
ID: 18888590
kspam (openntf.org) is free and quite good, I used it.   If it's not external relays, then  it's probably an infected computer or server.   Or, people are reading their home mail on their company PC's, and that is spawning mail being dropped onto port 25.
0
 
LVL 1

Assisted Solution

by:sedentary
sedentary earned 125 total points
ID: 18897802
Along with the really good suggestions in this forum, below I have added a few more suggestions you might consider and may find useful:
1. For mail that piles up in the mail.boxes:
Mail Box Cleaner is a scheduled agent that deletes all dead mail from server mail boxes on a regular basis. http://www-10.lotus.com/ldd/sandbox.nsf/ByDateNJ/fb66d28b53ee64c085256dbf00516d97?OpenDocument
2. enable the DNS blacklist filters
3. Examine the smtp headers of one of the messages coming in and list the ip under the inbound setting ---> Deny messages from the following internet addresses/domains:  

4. I didn't see any reference to the AV software you have enabled on your server but most have spam filter capability although it may be an extra license cost but it maybe a less costly way to help with the spam problem.

Hope this helps
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

For Desktop Techs: How to retain a user's Notes configuration data when swapping out the end user's computer. (Assuming that you are not upgrading to a completely different version of Notes client) All you need to do is: 1) install Notes o…
Lack of Storage capacity is a common problem that exists in every field of life. Here we are taking the case of Lotus Notes Emails, as we all know that we are totally depend on e-communication i.e. Emails. This article is fully dedicated to resolvin…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now