manelson05
asked on
Fictious mail domains in Exchange queue
This past week I ahve ntoiced all sorts of strange packet data on Wireshark.
I have been snooping on out mailserver and in the queue I noticed several fictious domains and all the mail being sent to these domains was from a user on our network to a recipient fuzbudgt@bmi.net
I have deleted all the mail in the queue from our internal user to this fictious user, the queue has cleared.
There are lots of random IT related sites and showing as making conenctiosn to our server.
How can I test the security of the Mailserver. Our Exchange 2003 server sits behind a Barracuda.
I do not ahve the server set up to relay.
I have been snooping on out mailserver and in the queue I noticed several fictious domains and all the mail being sent to these domains was from a user on our network to a recipient fuzbudgt@bmi.net
I have deleted all the mail in the queue from our internal user to this fictious user, the queue has cleared.
There are lots of random IT related sites and showing as making conenctiosn to our server.
How can I test the security of the Mailserver. Our Exchange 2003 server sits behind a Barracuda.
I do not ahve the server set up to relay.
The messages have already left the org, as the queues are empty, it just takes ESM a little while to clean up the empty queue listings.
Are you using a smart host, perhaps to send email out through the appliance?
When you looked at the traffic, while it was from a user, where did it originate? Do you have authenticated relaying enabled on the server? Can Exchange be seen from the internet on port 25?
-M
Are you using a smart host, perhaps to send email out through the appliance?
When you looked at the traffic, while it was from a user, where did it originate? Do you have authenticated relaying enabled on the server? Can Exchange be seen from the internet on port 25?
-M
ASKER
Ho can I test this out?I do not want any relaying at all.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
forged-mail-headers.bmp