Solved

Exchange 2003 Sending Spam

Posted on 2008-06-11
2
426 Views
Last Modified: 2013-11-30
Hello,
I am running MS Exchange 2003 behind a firewall. Yesterday I went into ESM Server/Queues I found that there is a large volume of spam email coming from administrator@"mydomain".com being sent to domains all over the globe. I froze as many as I could but new ones keep popping up.
I have checked and found that my server is not a relay server.
I've tried to run RootkitRevealer in a console window but I keep getting the error message that it must be run from a console window.....
I am new to Exchange and am looking for some guidance as to my next step and or some reference material.

Thank you in advance for your help.
0
Comment
Question by:BC_Ethics
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 31

Accepted Solution

by:
rid earned 500 total points
ID: 21766581
Perhaps the queue consists of NDRs that your server tries to deliver? If you have the NDR function "On", your server tries to notify the sender if an incoming message has a bad (user) address. If the sender of the incoming message is faked, however, or delivery is difficult for some other reason, this causes messages to queue up in your server.

This is called NDR SPAM, or backscatter SPAM, I believe. The spammer sends messages to your domain with random usernames and faked "From" entries. The NDRs created at your server go to the purported senders, making it look like your server is the SPAM server... Not much to do, usually, just wait until the attack subsides. You can, of course, turn off the NDR function and just drop messages to non-existant users on your domain; much better IMHO.
/RID
0
 

Author Closing Comment

by:BC_Ethics
ID: 31466244
Thank You! That was extremely helpful!!
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This guide will walk you through the essential considerations and tech stack for building scalable websites. Know how to grow your business the smart way!
There are many software programs on offer that will claim to magically speed up your computer. The best advice I can give you is to avoid them like the plague, because they will often cause far more problems than they solve. Try some of these "do it…
An overview on how to enroll an hourly employee into the employee database and how to give them access into the clock in terminal.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question