Fictious mail domains in Exchange queue

Posted on 2009-02-13
Last Modified: 2012-05-06
This past week I ahve ntoiced all sorts of strange packet data on Wireshark.
I have been snooping on out mailserver and in the queue I noticed several fictious domains and all the mail being sent to these domains was from a user on our network to a recipient

I have deleted all the mail in the queue from our internal user to this fictious user, the queue has cleared.
There are lots of random IT related sites and showing as making conenctiosn to our server.

How can I test the security of the Mailserver. Our Exchange 2003 server sits behind a Barracuda.
I do not ahve the server set up to relay.
Question by:manelson05

    Author Comment

    Here is a screen shot, I keep seeing random connections.
    LVL 65

    Expert Comment

    The messages have already left the org, as the queues are empty, it just takes ESM a little while to clean up the empty queue listings.
    Are you using a smart host, perhaps to send email out through the appliance?

    When you looked at the traffic, while it was from a user, where did it originate? Do you have authenticated relaying enabled on the server? Can Exchange be seen from the internet on port 25?


    Author Comment

    Ho can I test this out?I do not want any relaying at all.
    LVL 65

    Accepted Solution

    Exchange is relay secure by default, so unless you have changed something it shouldn't be an issue.

    This article on my web site has instructions on how to check the server for relaying:

    The other way that relaying that could be taking place is authenticated relaying. If you don't have any SMTP clients then you can turn off authenticated relaying on the SMTP virtual server.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Integrate social media with email signatures

    Is your company active on social media? Do you also use email signatures? Including social media icons in your email signature is a great way to get fans for free. Let all your email users know you’re on social media quickly and easily, in a single click.

    Suggested Solutions

    Granting full access permission allows users to access mailboxes present in their database. By giving full access permission one can open and read the content of any mailbox but cannot send emails from that mailbox.
    Create high volume marketing opportunities using email signatures with these top 10 DOs and DON'Ts of email signature marketing.
    The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
    The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now