We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

Fictious mail domains in Exchange queue

manelson05
manelson05 asked
on
Medium Priority
289 Views
Last Modified: 2012-05-06
This past week I ahve ntoiced all sorts of strange packet data on Wireshark.
I have been snooping on out mailserver and in the queue I noticed several fictious domains and all the mail being sent to these domains was from a user on our network to a recipient fuzbudgt@bmi.net

I have deleted all the mail in the queue from our internal user to this fictious user, the queue has cleared.
There are lots of random IT related sites and showing as making conenctiosn to our server.

How can I test the security of the Mailserver. Our Exchange 2003 server sits behind a Barracuda.
I do not ahve the server set up to relay.
Comment
Watch Question

Author

Commented:
Here is a screen shot, I keep seeing random connections.
forged-mail-headers.bmp
Expert of the Quarter 2009
Expert of the Year 2009

Commented:
The messages have already left the org, as the queues are empty, it just takes ESM a little while to clean up the empty queue listings.
Are you using a smart host, perhaps to send email out through the appliance?

When you looked at the traffic, while it was from a user, where did it originate? Do you have authenticated relaying enabled on the server? Can Exchange be seen from the internet on port 25?

-M

Author

Commented:
Ho can I test this out?I do not want any relaying at all.
Expert of the Quarter 2009
Expert of the Year 2009
Commented:
Exchange is relay secure by default, so unless you have changed something it shouldn't be an issue.

This article on my web site has instructions on how to check the server for relaying:
http://www.amset.info/exchange/smtp-openrelay.asp

The other way that relaying that could be taking place is authenticated relaying. If you don't have any SMTP clients then you can turn off authenticated relaying on the SMTP virtual server.

-M

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.