Exchange SMTP Connector

I recently had an exchange server setup with an SMTP connector. The SMTP connector relayed all mail to my main server and then my main server sent the mail out. The problem I ran into was that somehow a spammer was able to use the connector and send mail from the secondary server to the main server. The queue was getting flooded. I had 15,000+ messages sent before I realized it was going on. I first thought the spammer gained access to a user account and was using it to send out the mail. I changed all passwords, disabled accounts and still received the mail. I then created a new SMTP VS. It stopped for an hour or so, then it was getting hit again. I changed the firewall settings to block all port 25 traffic to ensure it was coming from outside my network. It was. I finally deleted the connector to my main server and the server now uses DNS to route the messages. My question is what happened?? Why did this happen? How can I enable my connector to the main server without fear of being flooded again?
LVL 9
CDCOPAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SembeeCommented:
There is only one user account the spammer would have targeted, and that is the administrator account.
Did you actually verify whether it was an NDR attack or not? If the messages were from postmaster@ then it was an NDR attack.

Are the two servers both Exchange servers or are they different servers?

Simon.
CDCOPAuthor Commented:
Both exchange. The send name when looking at the queue inormation was to the effect of:
=?big5?sad .... etc ... and eventually contained an email address at the end or near the end.
CDCOPAuthor Commented:
In the address space, I had * listed and then Allow messages to be relayed to these domains checked.
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

CDCOPAuthor Commented:
They were all sent to *yahoo.com.tw
SembeeCommented:
"Allow messages to be relayed to these domains checked"
That was your problem. That turned the server in to an open relay.

Were the Exchange servers in the same org?
If so then the SMTP connector should have just listed the bridgehead as the server that you want to send email to the internet. All other Exchange servers would have sent their email to that server for delivery automatically.

Simon.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CDCOPAuthor Commented:
No, they are not in the same org.
SembeeCommented:
Fine. However the first part of my answer still stands. That setting turns the server in to an open relay if * is in the address space of the SMTP connector.

Simon.
CDCOPAuthor Commented:
How can I pass all outbound mail through my main server if not on the same org or network?
SembeeCommented:
You treat the other server as an external SMTP server and configure the SMTP connector to use a smart host. To allow relaying, configure an account on the server you are sending through and then put that information on to the smart host.
No different to what you would do with an ISPs SMTP server that required authentication.
What you don't need to do is enable the option to allow relaying to those domains.

Simon.
CDCOPAuthor Commented:
What about security? How is the login info sent? Plain text?
SembeeCommented:
The information is sent in plain text - as everything is on the internet. SMTP is not designed to do anything else.

Simon.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Protocols

From novice to tech pro — start learning today.