?
Solved

how do i check if my exchange server is spoofing or sending out spam?

Posted on 2007-10-18
4
Medium Priority
?
1,194 Views
Last Modified: 2010-12-14
how do i check if my exchange server is spoofing or sending out spam?
0
Comment
Question by:xpconsult
  • 3
4 Comments
 
LVL 32

Expert Comment

by:r-k
ID: 20102916
(1) Check the mail smtp queues in Exchange System Manager to see if there is unusual activity.

(2) Check your server at http://member.dnsstuff.com/pages/dnsreport.php

(3) See if your server's IP is listed with any RBL: http://www.robtex.com/

(4) Examine any samples submitted by users to see where they originated.

(5) In case you need to secure your server:
http://technet.microsoft.com/en-us/library/b218d8a9-8d3a-4c7d-b0a9-c969ee1232f6.aspx
http://www.microsoft.com/technet/security/prodtech/exchangeserver/excrelay.mspx
0
 

Author Comment

by:xpconsult
ID: 20103175
I had 4k email going out and 338 active connections,  we only have 4-5 users so i would call this very high and very bad.  
0
 
LVL 32

Accepted Solution

by:
r-k earned 2000 total points
ID: 20103328
That is certainly not good. You should determine the origin of some of those mails. Assuming you have closed any possibility of an open relay, it is likely you are the victim of an NDR flood, i.e. junk mail sent to non-existent users on your machine, causing hundreds of NDRs to be generated.

Probably the most effective tool to stop this is to not accept mail for non-users. See: http://www.amset.info/exchange/filter-unknown.asp

Also look into tarpitting and RBL filtering.

Some useful links:
http://www.microsoft.com/technet/technetmag/issues/2006/01/NewWeapons/default.aspx
http://www.amset.info/exchange/spam-cleanup.asp

0
 
LVL 32

Expert Comment

by:r-k
ID: 20107112
Thanks and good luck.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like me and like multiple layers of protection, read on!
Considering today’s continual security threats, which affect Information technology networks and systems worldwide, it is very important to practice basic security awareness. A normal system user can secure himself or herself by following these simp…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question