Fictious mail domains in Exchange queue

This past week I ahve ntoiced all sorts of strange packet data on Wireshark.
I have been snooping on out mailserver and in the queue I noticed several fictious domains and all the mail being sent to these domains was from a user on our network to a recipient fuzbudgt@bmi.net

I have deleted all the mail in the queue from our internal user to this fictious user, the queue has cleared.
There are lots of random IT related sites and showing as making conenctiosn to our server.

How can I test the security of the Mailserver. Our Exchange 2003 server sits behind a Barracuda.
I do not ahve the server set up to relay.
manelson05Asked:
Who is Participating?
 
MesthaConnect With a Mentor Commented:
Exchange is relay secure by default, so unless you have changed something it shouldn't be an issue.

This article on my web site has instructions on how to check the server for relaying:
http://www.amset.info/exchange/smtp-openrelay.asp

The other way that relaying that could be taking place is authenticated relaying. If you don't have any SMTP clients then you can turn off authenticated relaying on the SMTP virtual server.

-M
0
 
manelson05Author Commented:
Here is a screen shot, I keep seeing random connections.
forged-mail-headers.bmp
0
 
MesthaCommented:
The messages have already left the org, as the queues are empty, it just takes ESM a little while to clean up the empty queue listings.
Are you using a smart host, perhaps to send email out through the appliance?

When you looked at the traffic, while it was from a user, where did it originate? Do you have authenticated relaying enabled on the server? Can Exchange be seen from the internet on port 25?

-M
0
 
manelson05Author Commented:
Ho can I test this out?I do not want any relaying at all.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.