Solved

Default SMTP Virtual Server Question

Posted on 2007-11-26
12
195 Views
Last Modified: 2013-11-30
Recently I have had problems with bad emails coming thru the server and building up in the queues folders.  I noticed that there was a current session in the default SMTP Virtual server.  So I blocked the IP Address and everything seems to be working fine.  I noticed another IP Address this morning and I blocked it too.  No queues problems but I would like to know how I can prevent this problem.  I have looked up this problem with no resolution.  Thank you.
0
Comment
Question by:rwboisvert
  • 7
  • 5
12 Comments
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
Blocking IP addresses is not the solution, as you will be constantly fighting that.
You haven't said what the messages are. If they are to users who don't exist on your domain then you should configure recipient filtering. http://www.amset.info/exchange/filter-unknown.asp

If they are other messages then you need to state what those are.

Simon.
0
 

Author Comment

by:rwboisvert
Comment Utility
Hello Simon,

That's done already.  

Thanks thou

I guess I'll leave this case open for a while and hopefully get other ideas.  I was having issues with fake email names and then it going back to the sender's email (postmaster - error) invalid email address.  No real emails would go out until i cleaned up the queue log.
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
They aren't Out of Office replies? That can do similar things.
if recipient filtering is enabled correctly, there are very few other reasons why postmaster@ emails should be generated.

Simon.
0
 

Author Comment

by:rwboisvert
Comment Utility
Simon,

They are not Out of Office Replies because the email going to the postmaster isn't even in our domain.  It seemed like they were sending an NDR attack thru the server.

Ron
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
The most common form of attack is authenticated user. Do you allow authenticated users to relay through the server? Is that restricted in any way? If not then your administrator password has probably been compromised.

Simon.
0
 

Author Comment

by:rwboisvert
Comment Utility
That's what I thought and I changed it.  The administrator account.  It seemed to solve the problem for like a two days and then it slammed me with about 1,200 emails and all also had postmaster errors.  Yes, I allow authenticated users to relay thru the server.  
0
Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 
LVL 104

Expert Comment

by:Sembee
Comment Utility
Do you have anything else with an SMTP engine that is exposed to the internet?
Did you not restrict the authenticated relaying to exclude the administrator account? It is always the administrator account that is attacked.

After changing the password, did you restart the server or SMTP Server service?

Simon.
0
 

Author Comment

by:rwboisvert
Comment Utility
Good Morning Simon,

I didn't restrict the admin account .. I'll do that now.  I restarted the server after I reset the password.

Ron
0
 

Author Comment

by:rwboisvert
Comment Utility
How do I put it on the restricted list??

Ron
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
Comment Utility
You will need to create a group to limit access to.
http://www.amset.info/exchange/smtp-relaysecure.asp

Simon.
0
 

Author Comment

by:rwboisvert
Comment Utility
thanks for that site.  I guess I'll have to watch it for the next couple of days Simon.  Thanks again.
0
 

Author Closing Comment

by:rwboisvert
Comment Utility
Thanks again.  It's going well so far and I am crossing my fingers.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now