Exchange SMTP Connector

I recently had an exchange server setup with an SMTP connector. The SMTP connector relayed all mail to my main server and then my main server sent the mail out. The problem I ran into was that somehow a spammer was able to use the connector and send mail from the secondary server to the main server. The queue was getting flooded. I had 15,000+ messages sent before I realized it was going on. I first thought the spammer gained access to a user account and was using it to send out the mail. I changed all passwords, disabled accounts and still received the mail. I then created a new SMTP VS. It stopped for an hour or so, then it was getting hit again. I changed the firewall settings to block all port 25 traffic to ensure it was coming from outside my network. It was. I finally deleted the connector to my main server and the server now uses DNS to route the messages. My question is what happened?? Why did this happen? How can I enable my connector to the main server without fear of being flooded again?
LVL 9
CDCOPAsked:
Who is Participating?
 
SembeeCommented:
"Allow messages to be relayed to these domains checked"
That was your problem. That turned the server in to an open relay.

Were the Exchange servers in the same org?
If so then the SMTP connector should have just listed the bridgehead as the server that you want to send email to the internet. All other Exchange servers would have sent their email to that server for delivery automatically.

Simon.
0
 
SembeeCommented:
There is only one user account the spammer would have targeted, and that is the administrator account.
Did you actually verify whether it was an NDR attack or not? If the messages were from postmaster@ then it was an NDR attack.

Are the two servers both Exchange servers or are they different servers?

Simon.
0
 
CDCOPAuthor Commented:
Both exchange. The send name when looking at the queue inormation was to the effect of:
=?big5?sad .... etc ... and eventually contained an email address at the end or near the end.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
CDCOPAuthor Commented:
In the address space, I had * listed and then Allow messages to be relayed to these domains checked.
0
 
CDCOPAuthor Commented:
They were all sent to *yahoo.com.tw
0
 
CDCOPAuthor Commented:
No, they are not in the same org.
0
 
SembeeCommented:
Fine. However the first part of my answer still stands. That setting turns the server in to an open relay if * is in the address space of the SMTP connector.

Simon.
0
 
CDCOPAuthor Commented:
How can I pass all outbound mail through my main server if not on the same org or network?
0
 
SembeeCommented:
You treat the other server as an external SMTP server and configure the SMTP connector to use a smart host. To allow relaying, configure an account on the server you are sending through and then put that information on to the smart host.
No different to what you would do with an ISPs SMTP server that required authentication.
What you don't need to do is enable the option to allow relaying to those domains.

Simon.
0
 
CDCOPAuthor Commented:
What about security? How is the login info sent? Plain text?
0
 
SembeeCommented:
The information is sent in plain text - as everything is on the internet. SMTP is not designed to do anything else.

Simon.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.