[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Fictious mail domains in Exchange queue

Posted on 2009-02-13
4
Medium Priority
?
277 Views
Last Modified: 2012-05-06
This past week I ahve ntoiced all sorts of strange packet data on Wireshark.
I have been snooping on out mailserver and in the queue I noticed several fictious domains and all the mail being sent to these domains was from a user on our network to a recipient fuzbudgt@bmi.net

I have deleted all the mail in the queue from our internal user to this fictious user, the queue has cleared.
There are lots of random IT related sites and showing as making conenctiosn to our server.

How can I test the security of the Mailserver. Our Exchange 2003 server sits behind a Barracuda.
I do not ahve the server set up to relay.
0
Comment
Question by:manelson05
  • 2
  • 2
4 Comments
 

Author Comment

by:manelson05
ID: 23633308
Here is a screen shot, I keep seeing random connections.
forged-mail-headers.bmp
0
 
LVL 65

Expert Comment

by:Mestha
ID: 23636529
The messages have already left the org, as the queues are empty, it just takes ESM a little while to clean up the empty queue listings.
Are you using a smart host, perhaps to send email out through the appliance?

When you looked at the traffic, while it was from a user, where did it originate? Do you have authenticated relaying enabled on the server? Can Exchange be seen from the internet on port 25?

-M
0
 

Author Comment

by:manelson05
ID: 23649855
Ho can I test this out?I do not want any relaying at all.
0
 
LVL 65

Accepted Solution

by:
Mestha earned 2000 total points
ID: 23652300
Exchange is relay secure by default, so unless you have changed something it shouldn't be an issue.

This article on my web site has instructions on how to check the server for relaying:
http://www.amset.info/exchange/smtp-openrelay.asp

The other way that relaying that could be taking place is authenticated relaying. If you don't have any SMTP clients then you can turn off authenticated relaying on the SMTP virtual server.

-M
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
Suggested Courses
Course of the Month20 days, 8 hours left to enroll

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question