Spammers in my SMTP Virtual Server Current Sessions
Hello all,
Windows SBS 2003 SP2 and Exchange 2003 SP2.
I am using AntiGen for SMTP servers.
After making sure i was not listed in a black list@ mxtoolbox.com, i have decided to enforce security on my exchange server.
I have made sure I was not open to relay.
In the Virtual Server i checked: Anonymous, Basic authentication and Widows Authentication.
Though, in the Relay section i have Checked : Only the List Below, this list is empty. I also left "Allow Computers..." Unchecked.
Even with those settings, i sometimes find spammers connected to my SMTP (Current Sessions). Is this normal? Are these spammers will be blocked by antigen, or I am relaying spam??
Thanks for reading, and I am sorry for my english is not perfect. :) I am French Canadian.
Windows SBS 2003 SP2 and Exchange 2003 SP2.
I am using AntiGen for SMTP servers.
After making sure i was not listed in a black list@ mxtoolbox.com, i have decided to enforce security on my exchange server.
I have made sure I was not open to relay.
In the Virtual Server i checked: Anonymous, Basic authentication and Widows Authentication.
Though, in the Relay section i have Checked : Only the List Below, this list is empty. I also left "Allow Computers..." Unchecked.
Even with those settings, i sometimes find spammers connected to my SMTP (Current Sessions). Is this normal? Are these spammers will be blocked by antigen, or I am relaying spam??
Thanks for reading, and I am sorry for my english is not perfect. :) I am French Canadian.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
One more Question though..
In My Event Viewer.. I see this kind of message all the time:
This is an SMTP protocol log for virtual server ID 1, connection #42971. The client at "91.124.2.171" sent a "mail" command, and the SMTP server responded with "250 2.1.0 xrydmmepywv@bogdog.com....
This address is listes on spamhaus.org, and if you check the log above: "Sender OK" is this a normal behaviour?
I assume this is where my antispam will filter the message right?
Thanks for your time.
In My Event Viewer.. I see this kind of message all the time:
This is an SMTP protocol log for virtual server ID 1, connection #42971. The client at "91.124.2.171" sent a "mail" command, and the SMTP server responded with "250 2.1.0 xrydmmepywv@bogdog.com....
This address is listes on spamhaus.org, and if you check the log above: "Sender OK" is this a normal behaviour?
I assume this is where my antispam will filter the message right?
Thanks for your time.
Yes, your antispam software will filter those messages that are spam, even if they are accepted by your SMTP gateway (i.e., the SMTP virtual server in Exchange). If you don't want to see these messages, you could lower the diagnostics logging level that is set on your server for SMTP communication. This setting is in the ESM, in the properties of the server object, click the Diagnostics Logging tab, click the MSExchangeTransport on the Service list, and then select SMTP Protocol on the Categories list.
There are other methods of logging that you can use to monitor the activity of your Exchange server. Here's a helpful article:
http://support.microsoft.c
I prefer the alternative methods, since the Diagnostics Logging settings in Exchange tend to fill up the event logs pretty quickly and make it harder to manage them.
There are other methods of logging that you can use to monitor the activity of your Exchange server. Here's a helpful article:
http://support.microsoft.c
I prefer the alternative methods, since the Diagnostics Logging settings in Exchange tend to fill up the event logs pretty quickly and make it harder to manage them.
ASKER
Thanks a lot hypercat.
i dont know if its related but, when I checked the option Allow Computer that can authenticate, my internet was going on and off..
i dont know if its related but, when I checked the option Allow Computer that can authenticate, my internet was going on and off..
Not sure I understand what you mean by saying your internet was going on and off. Are you losing your Internet connection?
ASKER
yeah, but i think it has something to do with my dns.. I can ping ip adresses but they dont resolve.. Thats another problem i guess.
Yes - it wouldn't have anything to do with the changes you made in Exchange. Post another question if you need help on that...Cheers!
ASKER