Solved

Exchange 2003 Sending Spam

Posted on 2008-06-11
2
414 Views
Last Modified: 2013-11-30
Hello,
I am running MS Exchange 2003 behind a firewall. Yesterday I went into ESM Server/Queues I found that there is a large volume of spam email coming from administrator@"mydomain".com being sent to domains all over the globe. I froze as many as I could but new ones keep popping up.
I have checked and found that my server is not a relay server.
I've tried to run RootkitRevealer in a console window but I keep getting the error message that it must be run from a console window.....
I am new to Exchange and am looking for some guidance as to my next step and or some reference material.

Thank you in advance for your help.
0
Comment
Question by:BC_Ethics
2 Comments
 
LVL 31

Accepted Solution

by:
rid earned 500 total points
ID: 21766581
Perhaps the queue consists of NDRs that your server tries to deliver? If you have the NDR function "On", your server tries to notify the sender if an incoming message has a bad (user) address. If the sender of the incoming message is faked, however, or delivery is difficult for some other reason, this causes messages to queue up in your server.

This is called NDR SPAM, or backscatter SPAM, I believe. The spammer sends messages to your domain with random usernames and faked "From" entries. The NDRs created at your server go to the purported senders, making it look like your server is the SPAM server... Not much to do, usually, just wait until the attack subsides. You can, of course, turn off the NDR function and just drop messages to non-existant users on your domain; much better IMHO.
/RID
0
 

Author Closing Comment

by:BC_Ethics
ID: 31466244
Thank You! That was extremely helpful!!
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Workplace bullying has increased with the use of email and social media. Retain evidence of this with email archiving to protect your employees.
Let’s list some of the technologies that enable smooth teleworking. 
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now