?
Solved

Exchange SMTP Connector

Posted on 2007-08-03
11
Medium Priority
?
2,814 Views
Last Modified: 2013-11-30
I recently had an exchange server setup with an SMTP connector. The SMTP connector relayed all mail to my main server and then my main server sent the mail out. The problem I ran into was that somehow a spammer was able to use the connector and send mail from the secondary server to the main server. The queue was getting flooded. I had 15,000+ messages sent before I realized it was going on. I first thought the spammer gained access to a user account and was using it to send out the mail. I changed all passwords, disabled accounts and still received the mail. I then created a new SMTP VS. It stopped for an hour or so, then it was getting hit again. I changed the firewall settings to block all port 25 traffic to ensure it was coming from outside my network. It was. I finally deleted the connector to my main server and the server now uses DNS to route the messages. My question is what happened?? Why did this happen? How can I enable my connector to the main server without fear of being flooded again?
0
Comment
Question by:CDCOP
  • 6
  • 5
11 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 19628069
There is only one user account the spammer would have targeted, and that is the administrator account.
Did you actually verify whether it was an NDR attack or not? If the messages were from postmaster@ then it was an NDR attack.

Are the two servers both Exchange servers or are they different servers?

Simon.
0
 
LVL 9

Author Comment

by:CDCOP
ID: 19628124
Both exchange. The send name when looking at the queue inormation was to the effect of:
=?big5?sad .... etc ... and eventually contained an email address at the end or near the end.
0
 
LVL 9

Author Comment

by:CDCOP
ID: 19628139
In the address space, I had * listed and then Allow messages to be relayed to these domains checked.
0
Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

 
LVL 9

Author Comment

by:CDCOP
ID: 19628153
They were all sent to *yahoo.com.tw
0
 
LVL 104

Accepted Solution

by:
Sembee earned 2000 total points
ID: 19628196
"Allow messages to be relayed to these domains checked"
That was your problem. That turned the server in to an open relay.

Were the Exchange servers in the same org?
If so then the SMTP connector should have just listed the bridgehead as the server that you want to send email to the internet. All other Exchange servers would have sent their email to that server for delivery automatically.

Simon.
0
 
LVL 9

Author Comment

by:CDCOP
ID: 19628226
No, they are not in the same org.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 19628235
Fine. However the first part of my answer still stands. That setting turns the server in to an open relay if * is in the address space of the SMTP connector.

Simon.
0
 
LVL 9

Author Comment

by:CDCOP
ID: 19628341
How can I pass all outbound mail through my main server if not on the same org or network?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 19628453
You treat the other server as an external SMTP server and configure the SMTP connector to use a smart host. To allow relaying, configure an account on the server you are sending through and then put that information on to the smart host.
No different to what you would do with an ISPs SMTP server that required authentication.
What you don't need to do is enable the option to allow relaying to those domains.

Simon.
0
 
LVL 9

Author Comment

by:CDCOP
ID: 19629273
What about security? How is the login info sent? Plain text?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 19631691
The information is sent in plain text - as everything is on the internet. SMTP is not designed to do anything else.

Simon.
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question