Link to home
Start Free TrialLog in
Avatar of kingcastle
kingcastleFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Exchange 2003 Current Connections

Hi

I am having lots probelms with spam on this server, our server is not an open reply but somehow there is lots and lots spam in the queues, so i have followed the MS article on how to clean the queus but the problem is they keep filling up with more and more of the same guff and if i look at the smtp server current connections it seems to tbe the same three ip addresses in there all the time.

help please.

cheers
Avatar of belowzerotech
belowzerotech

if you have a firewall you can deny those IP's and see if it stops. If not you should be able to implicitly state deny these IP's from mail relay.
Setting an implicit deny for the IPs from the mail relay setting will not stop them from connecting or sending SPAM, the place to put those IPs if you want to block mail from them would be the SMTP virtual server's IP Allow/Deny list (denying those IPs the ability to submit mail).

However I do not reccomend mucking with the queues or attempting to modify the allow/deny lists.  It's cumbersome, not terrily effective, and hard to support.

What I recommend is configuring the built-in anti-SPAM functionality (SP2); configured correctly it should block the majority of the SPAM and require very little manual interaction.  Here is a good article on how to configure the functionality:
http://www.petri.co.il/block_spam_with_exchange_2003.htm

Cheers,
Erik
Avatar of kieran_b
Have a look at the messages in the queue - find out who they are from.

I will be you a ham sandwich they are from postmaster@yourdomain.com - meaning they are NDR spam.

The way to combat that is recipient filtering and tarpitting -> http://www.amset.info/exchange/filter-unknown.asp

Kieran
Avatar of kingcastle

ASKER

hi thanks for that and theres ham sandwich on route as they were all postmaster spam, but i did all the things suggested and the queues continued to fill up so the only way around it was to create a new smtp connector and forward all the mail through a smarthost at the isp.

cheers
ASKER CERTIFIED SOLUTION
Avatar of kieran_b
kieran_b
Flag of Australia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial