[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 960
  • Last Modified:

Exchange server 2003 Spam relay?

Hi there,

I have an interesting problem here.  Exchange server 2003 looks like it's been used to send out hordes of
spam emails.

In the Log file are thousands of these:

#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2007-10-18 00:00:00
#Fields: date time c-ip cs-username s-sitename s-computername s-ip cs-method sc-status sc-win32-status
2007-10-18 00:00:00 86.127.10.92 User SMTPSVC1 MAILSERV1 192.168.10.145 RCPT 250 0
2007-10-18 00:00:00 86.127.10.92 User SMTPSVC1 MAILSERV1 192.168.10.145 RCPT 250 0
2007-10-18 00:00:00 86.127.10.92 User SMTPSVC1 MAILSERV1 192.168.10.145 RCPT 250 0
2007-10-18 00:00:00 86.127.10.92 User SMTPSVC1 MAILSERV1 192.168.10.145 RCPT 250 0
2007-10-18 00:00:00 86.127.10.92 User SMTPSVC1 MAILSERV1 192.168.10.145 RCPT 250 0
2007-10-18 00:00:00 86.127.10.92 User SMTPSVC1 MAILSERV1 192.168.10.145 RCPT 250 0


I can see that the IP 86.127.10.92 Is thrashing my mail server but it seems to be connecting with the user "User"??? This is what i'm confused about.  There's no 'user' in my domain user list so i'm having trouble identifying whether a user account has been cracked

rgds

0
Allan_Shiels
Asked:
Allan_Shiels
1 Solution
 
SembeeCommented:
The email address is in Russia. Probably some script kiddy has not configured their script correctly to try different usernames. Have you shut off the traffic from that address to your server at the firewall?

Are the queues full of email messages?
If they are, then you need my spam cleanup article: http://www.amset.info/exchange/spam-cleanup.asp

Forth posting of that URL today.

Simon.

--
If your question has been answered, please remember to accept the answer and close the question.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now