My Exchange Server is sending SPAM!

I just deployed a new exchange 2007 server and it sends and recieves mail fine.  I joined about 10 pre-existing workstations to the domain and setup oulook to work with exchange mailboxes.  When I look at my que it looks as though my server is sending SPAM.  My guess is that one of the client machines has an infection that is sending mail through exchange.  Does anyone have experience troubleshooting this?  What is the process for ending these issues?
tarkmylerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

LeeDerbyshireCommented:
What is showing as the sender name in your queues?  If it's empty, or <>, then you are just seeing NDRs.
0
tarkmylerAuthor Commented:
No name / e-mail address just <>.  I have disabled port 25 and 110 on my firewall device and this issue stopped.  It is someone on the internet trying to route mail through my server.  How do I lock them out without disabling incoming/outgoing mail entirely?  Am I on the right track?
0
tarkmylerAuthor Commented:
Can you please elaborate on this?  Thank you.  I understand that NDR is a no delivery report, but I get a boat load.  Allot are reporting that they cannot route using DNS.  Is someone just trying to use me to spam the world and it is unsuccessful?  Please explain..  Thank You.
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

LeeDerbyshireCommented:
The NDRs mean that someone is sending you a lot of spam (no surprise there, we all get it), but some of it is addressed to 'guessed' addresses in your domain, such as sales@yourdomain.com , orders@yourdomain.com , admin@yourdomain.com , etc.  Each time the address can't be matched to a valid user, the server sends a NDR back to the sender (it doesn't know they are spam).  Unfortunately, the sending address is often bogus, too, so the server is unable to deliver it.  So it sits in your own queue for a few days, until the server gives up.  You can either turn off NDRs (not actually recommended), or ignore them like most of us do.  The only time you need to worry is when the sender is an address not in your domain.  That means that you are an open relay.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
tarkmylerAuthor Commented:
Wow, I thought the the <> meant that the attack was masked somehow.  And to take it a step farthur I notices that the source IP was 255.255.255.255.  It looked like someone was using me like an open relay and hiding this information so that I could not track them down.  So the sender being labeled as <> in your que is fine then?  Few, thanks.

Can you tell me if a stand alone exchange 2007 server needs to have an edge transport configured?  If its stand alone do you configure that role on the same box or just forget it?  Thanks again!

0
LeeDerbyshireCommented:
Yes, the sender of the NDR is blank so that mail loops are not created.  Imagine if an NDR was created at the other end in response to your own NDR.  Etc....

You can certainly have all the Exchange roles you need on one server.  The Edge server role needs a dedicated server, but you can easily manage without it, since your Hub role will take over the duties of delivering SMTP mail.
0
tarkmylerAuthor Commented:
You get all points on this one.  Thanks for clearing this up for me..  Just one last question.  I need to configure a certificate for OWA/ActiveSync/Outlook Anywhere and am looking for a real simple/easy to understand walk through from A - B.  I am very familiar with the process for Exchange 2003, but I am just lost here.

Also, should I be worried about applying exchange 2007 SP1 if it is not installed already?  Anything to fear here?  How do I verify that SP1 is or is not installed already?  Microsoft update does not show it as a downloadable option, but the build of my version of exchange looks like original release.  Thanks soooooo much!!!!
0
LeeDerbyshireCommented:
Since all the certificate stuff is done in IIS Manager, the process is the same as for E2003, if you are already familiar with that.  Except that you select the 'require' checkbox on the OWA VDir instead of Exchange.  Also require it on RPC (for Outlook Anywhere) and Microsoft-Server-Activesync (for ActiveSync).

SP1 isn't available as a separate download.  In effect, it's a reinstall.  You have to get E2007 /with/ SP1, and install that on top of what you have.  I've not heard of any issues with it.  Actually, I can't think of any easy way to see if SP1 is installed.  In your EMC, highlight one of the roles in the Server Configuration container, and your servers should be listed on the right.  My SP1 server shows version 8.1, but I think an unpatched server would v 8.0 .
0
tarkmylerAuthor Commented:
An in place upgrade of the SP1 E2007 has been pretty safe?  No issues that you have heard of?  Aply the update and everything still works?  I have about 40 hours into the deployment is why I ask......
0
tarkmylerAuthor Commented:
Mine says Version 8.0.....  Why!!@#$%!@$%^!@$%  Ahhhhhhhhhhh!  they just baught this from microsoft direct and downloaded it from their site...  Just drives me crazy..  How would I get the SP1 version?
0
tarkmylerAuthor Commented:
Thanks for everything!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.