Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Default SMTP Virtual Server Question

Posted on 2007-11-26
12
Medium Priority
?
244 Views
Last Modified: 2013-11-30
Recently I have had problems with bad emails coming thru the server and building up in the queues folders.  I noticed that there was a current session in the default SMTP Virtual server.  So I blocked the IP Address and everything seems to be working fine.  I noticed another IP Address this morning and I blocked it too.  No queues problems but I would like to know how I can prevent this problem.  I have looked up this problem with no resolution.  Thank you.
0
Comment
Question by:rwboisvert
  • 7
  • 5
12 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 20349562
Blocking IP addresses is not the solution, as you will be constantly fighting that.
You haven't said what the messages are. If they are to users who don't exist on your domain then you should configure recipient filtering. http://www.amset.info/exchange/filter-unknown.asp

If they are other messages then you need to state what those are.

Simon.
0
 

Author Comment

by:rwboisvert
ID: 20350923
Hello Simon,

That's done already.  

Thanks thou

I guess I'll leave this case open for a while and hopefully get other ideas.  I was having issues with fake email names and then it going back to the sender's email (postmaster - error) invalid email address.  No real emails would go out until i cleaned up the queue log.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20351185
They aren't Out of Office replies? That can do similar things.
if recipient filtering is enabled correctly, there are very few other reasons why postmaster@ emails should be generated.

Simon.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:rwboisvert
ID: 20351426
Simon,

They are not Out of Office Replies because the email going to the postmaster isn't even in our domain.  It seemed like they were sending an NDR attack thru the server.

Ron
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20351606
The most common form of attack is authenticated user. Do you allow authenticated users to relay through the server? Is that restricted in any way? If not then your administrator password has probably been compromised.

Simon.
0
 

Author Comment

by:rwboisvert
ID: 20352484
That's what I thought and I changed it.  The administrator account.  It seemed to solve the problem for like a two days and then it slammed me with about 1,200 emails and all also had postmaster errors.  Yes, I allow authenticated users to relay thru the server.  
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20352640
Do you have anything else with an SMTP engine that is exposed to the internet?
Did you not restrict the authenticated relaying to exclude the administrator account? It is always the administrator account that is attacked.

After changing the password, did you restart the server or SMTP Server service?

Simon.
0
 

Author Comment

by:rwboisvert
ID: 20357393
Good Morning Simon,

I didn't restrict the admin account .. I'll do that now.  I restarted the server after I reset the password.

Ron
0
 

Author Comment

by:rwboisvert
ID: 20357407
How do I put it on the restricted list??

Ron
0
 
LVL 104

Accepted Solution

by:
Sembee earned 2000 total points
ID: 20357477
You will need to create a group to limit access to.
http://www.amset.info/exchange/smtp-relaysecure.asp

Simon.
0
 

Author Comment

by:rwboisvert
ID: 20360611
thanks for that site.  I guess I'll have to watch it for the next couple of days Simon.  Thanks again.
0
 

Author Closing Comment

by:rwboisvert
ID: 31410965
Thanks again.  It's going well so far and I am crossing my fingers.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
Stellar Exchange Toolkit: this 5 in 1 toolkit comes loaded with mega-software tool. Here’s an introduction to tools’ usage and advantages:
This video discusses moving either the default database or any database to a new volume.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question