• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1062
  • Last Modified:

Spammers in my SMTP Virtual Server Current Sessions

Hello all,

Windows SBS 2003 SP2 and Exchange 2003 SP2.
I am using AntiGen for SMTP servers.

After making sure i was not listed in a black list@ mxtoolbox.com, i have decided to enforce security on my exchange server.

I have made sure I was not open to relay.
In the Virtual Server i checked: Anonymous, Basic authentication and Widows Authentication.
Though, in the Relay section i have Checked : Only the List Below, this list is empty. I  also left "Allow Computers..." Unchecked.

Even with those settings, i sometimes find  spammers connected to my SMTP (Current Sessions).  Is this normal?  Are these spammers will be blocked by antigen, or  I am relaying spam??
 

Thanks for reading, and I am sorry for my english is not perfect. :) I am French Canadian.


0
maxalarie
Asked:
maxalarie
  • 4
  • 4
1 Solution
 
Hypercat (Deb)Commented:
You will see incoming spam in your queues sometimes even in spite of your antispam software - some of it will get past your spam filters. You also might see outgoing queues that are created by your server attempting to send non-delivery notices for some spam that has gotten past your filters. This doesn't mean that your server is relaying spam.  You even might see open sessions that are representative of attempts by spammers to relay email through your SMTP server, but even if they initiate a connection they will not be able to relay anything because you have precautions in place to prevent that.
Just one thought - you might experience some problems with legitimate senders getting non-delivery reports due to having UN-checked the "Allow Computers that authenticate" check box.  Microsoft recommends leaving this box checked.
And your English is fine - I had no problem understanding your question.
0
 
maxalarieAuthor Commented:
Thanks you very much Hypercat. I will activate the checkbox Right away.
0
 
maxalarieAuthor Commented:
One more Question though..
In My Event Viewer.. I see this kind of message all the time:

This is an SMTP protocol log for virtual server ID 1, connection #42971. The client at "91.124.2.171" sent a "mail" command, and the SMTP server responded with "250 2.1.0 xrydmmepywv@bogdog.com....Sender OK  ". The full command sent was "mail FROM: <xrydmmepywv@bogdog.com>".  This is an informational event and  does not indicate an error.

This address is listes on spamhaus.org, and if you check the log above: "Sender OK"   is this a normal behaviour?

I assume this is where my antispam will filter the message right?

Thanks for your time.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
Hypercat (Deb)Commented:
Yes, your antispam software will filter those messages that are spam, even if they are accepted by your SMTP gateway (i.e., the SMTP virtual server in Exchange). If you don't want to see these messages, you could lower the diagnostics logging level that is set on your server for SMTP communication.  This setting is in the ESM, in the properties of the server object, click the Diagnostics Logging tab, click the MSExchangeTransport on the Service list, and then select SMTP Protocol on the Categories list.  
There are other methods of logging that you can use to monitor the activity of your Exchange server.  Here's a helpful article:
http://support.microsoft.com/kb/821910
I prefer the alternative methods, since the Diagnostics Logging settings in Exchange tend to fill up the event logs pretty quickly and make it harder to manage them.
0
 
maxalarieAuthor Commented:
Thanks a lot hypercat.
i dont know if its related but, when I checked the option Allow Computer that can authenticate, my internet was going on and off..
0
 
Hypercat (Deb)Commented:
Not sure I understand what you mean by saying your internet was going on and off.  Are you losing your Internet connection?
0
 
maxalarieAuthor Commented:
yeah, but i think it has something to do with my dns.. I can ping ip adresses but they dont resolve.. Thats another problem i guess.
0
 
Hypercat (Deb)Commented:
Yes - it wouldn't have anything to do with the changes you made in Exchange.  Post another question if you need help on that...Cheers!
0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now