[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1069
  • Last Modified:

My Exchange Server is sending SPAM!

I just deployed a new exchange 2007 server and it sends and recieves mail fine.  I joined about 10 pre-existing workstations to the domain and setup oulook to work with exchange mailboxes.  When I look at my que it looks as though my server is sending SPAM.  My guess is that one of the client machines has an infection that is sending mail through exchange.  Does anyone have experience troubleshooting this?  What is the process for ending these issues?
0
tarkmyler
Asked:
tarkmyler
  • 7
  • 5
1 Solution
 
LeeDerbyshireCommented:
What is showing as the sender name in your queues?  If it's empty, or <>, then you are just seeing NDRs.
0
 
tarkmylerAuthor Commented:
No name / e-mail address just <>.  I have disabled port 25 and 110 on my firewall device and this issue stopped.  It is someone on the internet trying to route mail through my server.  How do I lock them out without disabling incoming/outgoing mail entirely?  Am I on the right track?
0
 
tarkmylerAuthor Commented:
Can you please elaborate on this?  Thank you.  I understand that NDR is a no delivery report, but I get a boat load.  Allot are reporting that they cannot route using DNS.  Is someone just trying to use me to spam the world and it is unsuccessful?  Please explain..  Thank You.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LeeDerbyshireCommented:
The NDRs mean that someone is sending you a lot of spam (no surprise there, we all get it), but some of it is addressed to 'guessed' addresses in your domain, such as sales@yourdomain.com , orders@yourdomain.com , admin@yourdomain.com , etc.  Each time the address can't be matched to a valid user, the server sends a NDR back to the sender (it doesn't know they are spam).  Unfortunately, the sending address is often bogus, too, so the server is unable to deliver it.  So it sits in your own queue for a few days, until the server gives up.  You can either turn off NDRs (not actually recommended), or ignore them like most of us do.  The only time you need to worry is when the sender is an address not in your domain.  That means that you are an open relay.
0
 
tarkmylerAuthor Commented:
Wow, I thought the the <> meant that the attack was masked somehow.  And to take it a step farthur I notices that the source IP was 255.255.255.255.  It looked like someone was using me like an open relay and hiding this information so that I could not track them down.  So the sender being labeled as <> in your que is fine then?  Few, thanks.

Can you tell me if a stand alone exchange 2007 server needs to have an edge transport configured?  If its stand alone do you configure that role on the same box or just forget it?  Thanks again!

0
 
LeeDerbyshireCommented:
Yes, the sender of the NDR is blank so that mail loops are not created.  Imagine if an NDR was created at the other end in response to your own NDR.  Etc....

You can certainly have all the Exchange roles you need on one server.  The Edge server role needs a dedicated server, but you can easily manage without it, since your Hub role will take over the duties of delivering SMTP mail.
0
 
tarkmylerAuthor Commented:
You get all points on this one.  Thanks for clearing this up for me..  Just one last question.  I need to configure a certificate for OWA/ActiveSync/Outlook Anywhere and am looking for a real simple/easy to understand walk through from A - B.  I am very familiar with the process for Exchange 2003, but I am just lost here.

Also, should I be worried about applying exchange 2007 SP1 if it is not installed already?  Anything to fear here?  How do I verify that SP1 is or is not installed already?  Microsoft update does not show it as a downloadable option, but the build of my version of exchange looks like original release.  Thanks soooooo much!!!!
0
 
LeeDerbyshireCommented:
Since all the certificate stuff is done in IIS Manager, the process is the same as for E2003, if you are already familiar with that.  Except that you select the 'require' checkbox on the OWA VDir instead of Exchange.  Also require it on RPC (for Outlook Anywhere) and Microsoft-Server-Activesync (for ActiveSync).

SP1 isn't available as a separate download.  In effect, it's a reinstall.  You have to get E2007 /with/ SP1, and install that on top of what you have.  I've not heard of any issues with it.  Actually, I can't think of any easy way to see if SP1 is installed.  In your EMC, highlight one of the roles in the Server Configuration container, and your servers should be listed on the right.  My SP1 server shows version 8.1, but I think an unpatched server would v 8.0 .
0
 
tarkmylerAuthor Commented:
An in place upgrade of the SP1 E2007 has been pretty safe?  No issues that you have heard of?  Aply the update and everything still works?  I have about 40 hours into the deployment is why I ask......
0
 
tarkmylerAuthor Commented:
Mine says Version 8.0.....  Why!!@#$%!@$%^!@$%  Ahhhhhhhhhhh!  they just baught this from microsoft direct and downloaded it from their site...  Just drives me crazy..  How would I get the SP1 version?
0
 
tarkmylerAuthor Commented:
Thanks for everything!
0

Featured Post

Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

  • 7
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now