[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Exchange Server hijacked?

Posted on 2007-07-30
Medium Priority
Last Modified: 2010-03-06
I recently installed MS Exchange at our company.  The server automatically sends me a bi-weekly usage report.  I've noticed that the Administrator account has sent over 3,000 emails in a two week period.  We get a lot of bogus greeting card emails and emails from various sources with no body and a bogus .pdf attached.  Some of the spam email will have one of our user names, but a strange hotmail address in parentheses.  Has my server been hijacked?
Question by:stonesmith
LVL 10

Expert Comment

ID: 19593008
No all that stuff is spam.  The address is spoofed.  It's really not coming from you.  Unless you've got a virus.
LVL 19

Expert Comment

by:Stephen Manderson
ID: 19593137
LVL 104

Expert Comment

ID: 19594244
administrator@ is a common account that gets sent email.
If you used administrator account to install Exchange then it will also have the postmaster@ email address.
DO NOT remove the postmaster@ email address from the account, as it can cause problems.

The PDF spam is very common, most sites are fighting those at the moment.

Everything else is probably spoofing.

Are you sure that the administrator account has SENT the messages? That could be an indication of a problem. I would suggest changing the administrator password and rebooting the server. Then you need to look at your relaying settings to see that the administrator account is restricted from being able to relay when authenticated.

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.


Author Comment

ID: 19594466
Following is an excerpt of the report i am receiving.  You can see that the number of emails sent from Administrator seems extreme.

Extended Server Usage Report for XYZ Co.
From 7/16/2007 to 7/29/2007 (14 days)       

E-mail Sent
                                         Total               Internal
User Name                       E-mail Sent      Recipients      Size (MB)      External Recipients
Administrator      3,112      90      39.9      3,022
User 1                              116      161      47.7      76
User 2                               87      70      6.4      85
User 3                               77      112      4.5      30
User 4                               67      164      3.1      38
User 5                               66      66      5.4      48

Author Comment

ID: 19594483
In the above comment, I lost my formatting during copy and paste, but you can figure out that the Administrator account has sent 3,112 messages in two weeks.
LVL 104

Accepted Solution

Sembee earned 1500 total points
ID: 19597077
My response above still applies. You need to look at the configuration of the administrator account and possibly change its password to something secure.
You may also want to look at the configuration of the server to see whether the administrator account has been configured to send legitimate email to an external account - the monitoring software in SBS for example.


Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question