[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 338
  • Last Modified:

Spam issues - Need to lock Exchange Server down RE: Outbound SMTP

Hi there,

My clients network consists of 30 LAN users and 2 Servers.
DC/Mail Server is running SBS2003 with Exchange 2003 SP2. Second server runs Server 2003 Standard R2.

The current firewall set-up only allows mail from Message Labs IP addresses inbound. The DC smart hosts outbound via a Message Labs FQDN. The firewall also blocks 25 outbound by default, and only the DC/Mail Server can send via SMTP port 25. This all works well. Clients cannot telnet outbound on 25 within the LAN.

The problem is that my client is still receiving spam mail! Message Labs have a whitelist for valid e-mail addresses that are allowed to send from our network. This whitelist gets updated automatically when a user sends mail successfully outbound. It's handy when you create a new user within the LAN because all you have to do is send one test e-mail outbound and the Message Labs whitelists is updated automatically. This is a feature they cannot turn off. What is now happening is that the whitelist is constantly populated with fake e-mail addresses. This tells me that someone within the LAN is sending spam messages outbound.

I have scanned the network with "sniffing" software but there is not much going on. I have manually gone around to all client PCs and searched for anything out of the ordinary but to no avail. I also scanned our servers but cannot find anything. At this point I am stressed out a bit!

Is there a really good way of locking down our DC/Mail server so that only Active Directory users can send/receive mail? Any help with this would be much appreciated.

Thanks in Advance.
0
wilsonkjit
Asked:
wilsonkjit
  • 2
  • 2
1 Solution
 
michaelgoldsmithCommented:
You can set Exchange to only allow specific PC's in the domain to send/receive mail. Just take a look at the settings on your Default SMTP Connector.
0
 
wilsonkjitAuthor Commented:
Thanks for the comment.
Rather than having PCs able to route mail via the server, is there a good way to only allow Active Directory users/groups?
0
 
gupnitCommented:
Hi,
You can check "Authenticated users only" and then uncheck Anonymous Users
I would also follow this: http://www.amset.info/exchange/spam-cleanup.asp
Thanks
Nitin
0
 
wilsonkjitAuthor Commented:
Thanks for that.
I'll enable this option via SMTP VS properties & let you know how I go.

Cheers
0
 
gupnitCommented:
Surething....
Cheers
Nitin
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now