Solved

Default SMTP Virtual Server Question

Posted on 2007-11-26
12
235 Views
Last Modified: 2013-11-30
Recently I have had problems with bad emails coming thru the server and building up in the queues folders.  I noticed that there was a current session in the default SMTP Virtual server.  So I blocked the IP Address and everything seems to be working fine.  I noticed another IP Address this morning and I blocked it too.  No queues problems but I would like to know how I can prevent this problem.  I have looked up this problem with no resolution.  Thank you.
0
Comment
Question by:rwboisvert
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
12 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 20349562
Blocking IP addresses is not the solution, as you will be constantly fighting that.
You haven't said what the messages are. If they are to users who don't exist on your domain then you should configure recipient filtering. http://www.amset.info/exchange/filter-unknown.asp

If they are other messages then you need to state what those are.

Simon.
0
 

Author Comment

by:rwboisvert
ID: 20350923
Hello Simon,

That's done already.  

Thanks thou

I guess I'll leave this case open for a while and hopefully get other ideas.  I was having issues with fake email names and then it going back to the sender's email (postmaster - error) invalid email address.  No real emails would go out until i cleaned up the queue log.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20351185
They aren't Out of Office replies? That can do similar things.
if recipient filtering is enabled correctly, there are very few other reasons why postmaster@ emails should be generated.

Simon.
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 

Author Comment

by:rwboisvert
ID: 20351426
Simon,

They are not Out of Office Replies because the email going to the postmaster isn't even in our domain.  It seemed like they were sending an NDR attack thru the server.

Ron
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20351606
The most common form of attack is authenticated user. Do you allow authenticated users to relay through the server? Is that restricted in any way? If not then your administrator password has probably been compromised.

Simon.
0
 

Author Comment

by:rwboisvert
ID: 20352484
That's what I thought and I changed it.  The administrator account.  It seemed to solve the problem for like a two days and then it slammed me with about 1,200 emails and all also had postmaster errors.  Yes, I allow authenticated users to relay thru the server.  
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20352640
Do you have anything else with an SMTP engine that is exposed to the internet?
Did you not restrict the authenticated relaying to exclude the administrator account? It is always the administrator account that is attacked.

After changing the password, did you restart the server or SMTP Server service?

Simon.
0
 

Author Comment

by:rwboisvert
ID: 20357393
Good Morning Simon,

I didn't restrict the admin account .. I'll do that now.  I restarted the server after I reset the password.

Ron
0
 

Author Comment

by:rwboisvert
ID: 20357407
How do I put it on the restricted list??

Ron
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 20357477
You will need to create a group to limit access to.
http://www.amset.info/exchange/smtp-relaysecure.asp

Simon.
0
 

Author Comment

by:rwboisvert
ID: 20360611
thanks for that site.  I guess I'll have to watch it for the next couple of days Simon.  Thanks again.
0
 

Author Closing Comment

by:rwboisvert
ID: 31410965
Thanks again.  It's going well so far and I am crossing my fingers.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Pop culture is prime bait for hackers seeking to infect user’s computers and mobile devices with malicious malware. Hackers know exactly what the latest trends are online and know how to use them to their advantage.
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
Suggested Courses

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question