OCUBE
asked on
EXCHANGE SMTP QUEUE SHOWS EMAILS FROM A SENDER NOT FROM OUR DOMAIN
We have a SBS 2003 server with Microsoft exchange 2003 mail server.
Recently we have seen that the SMTP queue in the exchange system manager shows up 100's of emails
in the queue . When I opened up some of the email properties to see the sender address, it shows up some
other email id, which is not from our domain. Looks like some 3rd party email id.
1) Is someone trying to send emails from our mail server ?
2) Our exchange server is not set to relay.
Any suggestions as how this can be controlled or is it something which is not to be worried about ?
Thanks
Recently we have seen that the SMTP queue in the exchange system manager shows up 100's of emails
in the queue . When I opened up some of the email properties to see the sender address, it shows up some
other email id, which is not from our domain. Looks like some 3rd party email id.
1) Is someone trying to send emails from our mail server ?
2) Our exchange server is not set to relay.
Any suggestions as how this can be controlled or is it something which is not to be worried about ?
Thanks
What kind of security do you have in place? Trend Micro, Bit Defender,/ Ect...??? How many users do you have? Are you using your own mail server or are your MX records ect outsourced? POP 3??? What is the content of these emails???
ASKER
1) we have snapgear sg580 firewall on the gateway
2) we have symantec mail security on the exchange server
3) Mx records are set in our domain registrar login pointing our internal ms exchange server IP adress
Use an open relay tester such as:
http://www.spamhelp.org/shopenrelay/
You did indicate your server is configured not to relay messages, but it would still be a good idea to test it. There could be a setting that is incorrect.
http://www.spamhelp.org/shopenrelay/
You did indicate your server is configured not to relay messages, but it would still be a good idea to test it. There could be a setting that is incorrect.
By default, authenticated relaying is enabled - it could be that someone has guessed your administrator password
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Are those regular emails or NDR?
ASKER
These emails comes in hundreds some times and thousands some times and sits in queue.
They are from different sources and different domains and most of them TO: address will be NONE
I had found the following words on those emails :
Delivery to the following recipients failed
THIS IS A WARNING MESSAGE ONLY
EPPICard - support@yahoo.com
Delivery Status Notification (Failure)
and so on..
I had checked and found my domain is looks good with the tools for mx and other records.
No open relay enabled on mail server
Any good thought to over come these issues?
They are from different sources and different domains and most of them TO: address will be NONE
I had found the following words on those emails :
Delivery to the following recipients failed
THIS IS A WARNING MESSAGE ONLY
EPPICard - support@yahoo.com
Delivery Status Notification (Failure)
and so on..
I had checked and found my domain is looks good with the tools for mx and other records.
No open relay enabled on mail server
Any good thought to over come these issues?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.