Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

My Exchange 2003 SBS postmaster account is sending spam

Posted on 2009-04-09
3
Medium Priority
?
1,162 Views
Last Modified: 2012-05-06
I have a small business server 2003 running exchange 2003. Recently the server is sending out lots of NDRs to .co.uk domains (which we do not have contact with).

The subject of all the emails is "One Unread Message" sent to noreply@allianceleicester.co.uk

I thought my server might be under an NDR attack, so I followed steps to turn off NDR notices, enable recipient filtering, and DENY access from the IP address known to be sending these out:
http://www.projecthoneypot.org/ip_195.121.247.24

However after restarting the SMTP server service (as well as GFI service) my mail queue is still being filled with NDR messages and the NDRs are still being sent out, one every 10 seconds. I have Tarpitting set to a 10 second delay so maybe that has something to do with it.

Any insight would be helpful. It could be that I have a virus, but no information appears in google when I try the subject or email address mentioned above. Could one of my SBS clients (25) have a virus and be causing this?
0
Comment
Question by:acidgold
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 65

Accepted Solution

by:
Mestha earned 750 total points
ID: 24111603
Disabling NDRs will not help, so reverse that.
Recipient filtering was the right thing to do, but all that does is stop new messages. It doesn't do anything for the messages that are already on the server. Those needs to be cleaned up.

http://www.amset.info/exchange/spam-cleanup.asp

There is nothing wrong with any of your clients or the server, it just a spammer taking advantage of a default configuration of the server.

Simon.
0
 

Author Comment

by:acidgold
ID: 24115580
Thank you for pointing me in the right direction Mestha. I had no idea my server was setup as an open relay... this problem just arose in April 2009 and I have had no incidents since 2005!

I followed the steps on the page you provided to disable my server as an open relay, then used the SMTP connector trick to get all the NDRs into one mail queue on the server and delete them.
0
 

Author Closing Comment

by:acidgold
ID: 31568641
Good solution however you could have been a bit more verbose in your comment accompanying the solution.
0

Featured Post

Enroll in September's Course of the Month

This month’s featured course covers 16 hours of training in installation, management, and deployment of VMware vSphere virtualization environments. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question