Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Exchange 2003 Sending Spam

Posted on 2008-06-11
2
Medium Priority
?
430 Views
Last Modified: 2013-11-30
Hello,
I am running MS Exchange 2003 behind a firewall. Yesterday I went into ESM Server/Queues I found that there is a large volume of spam email coming from administrator@"mydomain".com being sent to domains all over the globe. I froze as many as I could but new ones keep popping up.
I have checked and found that my server is not a relay server.
I've tried to run RootkitRevealer in a console window but I keep getting the error message that it must be run from a console window.....
I am new to Exchange and am looking for some guidance as to my next step and or some reference material.

Thank you in advance for your help.
0
Comment
Question by:BC_Ethics
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 31

Accepted Solution

by:
rid earned 2000 total points
ID: 21766581
Perhaps the queue consists of NDRs that your server tries to deliver? If you have the NDR function "On", your server tries to notify the sender if an incoming message has a bad (user) address. If the sender of the incoming message is faked, however, or delivery is difficult for some other reason, this causes messages to queue up in your server.

This is called NDR SPAM, or backscatter SPAM, I believe. The spammer sends messages to your domain with random usernames and faked "From" entries. The NDRs created at your server go to the purported senders, making it look like your server is the SPAM server... Not much to do, usually, just wait until the attack subsides. You can, of course, turn off the NDR function and just drop messages to non-existant users on your domain; much better IMHO.
/RID
0
 

Author Closing Comment

by:BC_Ethics
ID: 31466244
Thank You! That was extremely helpful!!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article was originally published on Monitis Blog, you can check it here . If you have responsibility for software in production, I bet you’d like to know more about it. I don’t mean that you’d like an extra peek into the bowels of the sourc…
Invest in your employees with these five simple steps to improve employee engagement and retention.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question