Solved

Default SMTP Virtual Server Question

Posted on 2007-11-26
12
205 Views
Last Modified: 2013-11-30
Recently I have had problems with bad emails coming thru the server and building up in the queues folders.  I noticed that there was a current session in the default SMTP Virtual server.  So I blocked the IP Address and everything seems to be working fine.  I noticed another IP Address this morning and I blocked it too.  No queues problems but I would like to know how I can prevent this problem.  I have looked up this problem with no resolution.  Thank you.
0
Comment
Question by:rwboisvert
  • 7
  • 5
12 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 20349562
Blocking IP addresses is not the solution, as you will be constantly fighting that.
You haven't said what the messages are. If they are to users who don't exist on your domain then you should configure recipient filtering. http://www.amset.info/exchange/filter-unknown.asp

If they are other messages then you need to state what those are.

Simon.
0
 

Author Comment

by:rwboisvert
ID: 20350923
Hello Simon,

That's done already.  

Thanks thou

I guess I'll leave this case open for a while and hopefully get other ideas.  I was having issues with fake email names and then it going back to the sender's email (postmaster - error) invalid email address.  No real emails would go out until i cleaned up the queue log.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20351185
They aren't Out of Office replies? That can do similar things.
if recipient filtering is enabled correctly, there are very few other reasons why postmaster@ emails should be generated.

Simon.
0
 

Author Comment

by:rwboisvert
ID: 20351426
Simon,

They are not Out of Office Replies because the email going to the postmaster isn't even in our domain.  It seemed like they were sending an NDR attack thru the server.

Ron
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20351606
The most common form of attack is authenticated user. Do you allow authenticated users to relay through the server? Is that restricted in any way? If not then your administrator password has probably been compromised.

Simon.
0
 

Author Comment

by:rwboisvert
ID: 20352484
That's what I thought and I changed it.  The administrator account.  It seemed to solve the problem for like a two days and then it slammed me with about 1,200 emails and all also had postmaster errors.  Yes, I allow authenticated users to relay thru the server.  
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 104

Expert Comment

by:Sembee
ID: 20352640
Do you have anything else with an SMTP engine that is exposed to the internet?
Did you not restrict the authenticated relaying to exclude the administrator account? It is always the administrator account that is attacked.

After changing the password, did you restart the server or SMTP Server service?

Simon.
0
 

Author Comment

by:rwboisvert
ID: 20357393
Good Morning Simon,

I didn't restrict the admin account .. I'll do that now.  I restarted the server after I reset the password.

Ron
0
 

Author Comment

by:rwboisvert
ID: 20357407
How do I put it on the restricted list??

Ron
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 20357477
You will need to create a group to limit access to.
http://www.amset.info/exchange/smtp-relaysecure.asp

Simon.
0
 

Author Comment

by:rwboisvert
ID: 20360611
thanks for that site.  I guess I'll have to watch it for the next couple of days Simon.  Thanks again.
0
 

Author Closing Comment

by:rwboisvert
ID: 31410965
Thanks again.  It's going well so far and I am crossing my fingers.
0

Featured Post

Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now