Default SMTP Virtual Server Question

Recently I have had problems with bad emails coming thru the server and building up in the queues folders.  I noticed that there was a current session in the default SMTP Virtual server.  So I blocked the IP Address and everything seems to be working fine.  I noticed another IP Address this morning and I blocked it too.  No queues problems but I would like to know how I can prevent this problem.  I have looked up this problem with no resolution.  Thank you.
rwboisvertAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
SembeeConnect With a Mentor Commented:
You will need to create a group to limit access to.
http://www.amset.info/exchange/smtp-relaysecure.asp

Simon.
0
 
SembeeCommented:
Blocking IP addresses is not the solution, as you will be constantly fighting that.
You haven't said what the messages are. If they are to users who don't exist on your domain then you should configure recipient filtering. http://www.amset.info/exchange/filter-unknown.asp

If they are other messages then you need to state what those are.

Simon.
0
 
rwboisvertAuthor Commented:
Hello Simon,

That's done already.  

Thanks thou

I guess I'll leave this case open for a while and hopefully get other ideas.  I was having issues with fake email names and then it going back to the sender's email (postmaster - error) invalid email address.  No real emails would go out until i cleaned up the queue log.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
SembeeCommented:
They aren't Out of Office replies? That can do similar things.
if recipient filtering is enabled correctly, there are very few other reasons why postmaster@ emails should be generated.

Simon.
0
 
rwboisvertAuthor Commented:
Simon,

They are not Out of Office Replies because the email going to the postmaster isn't even in our domain.  It seemed like they were sending an NDR attack thru the server.

Ron
0
 
SembeeCommented:
The most common form of attack is authenticated user. Do you allow authenticated users to relay through the server? Is that restricted in any way? If not then your administrator password has probably been compromised.

Simon.
0
 
rwboisvertAuthor Commented:
That's what I thought and I changed it.  The administrator account.  It seemed to solve the problem for like a two days and then it slammed me with about 1,200 emails and all also had postmaster errors.  Yes, I allow authenticated users to relay thru the server.  
0
 
SembeeCommented:
Do you have anything else with an SMTP engine that is exposed to the internet?
Did you not restrict the authenticated relaying to exclude the administrator account? It is always the administrator account that is attacked.

After changing the password, did you restart the server or SMTP Server service?

Simon.
0
 
rwboisvertAuthor Commented:
Good Morning Simon,

I didn't restrict the admin account .. I'll do that now.  I restarted the server after I reset the password.

Ron
0
 
rwboisvertAuthor Commented:
How do I put it on the restricted list??

Ron
0
 
rwboisvertAuthor Commented:
thanks for that site.  I guess I'll have to watch it for the next couple of days Simon.  Thanks again.
0
 
rwboisvertAuthor Commented:
Thanks again.  It's going well so far and I am crossing my fingers.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.