Solved

Exchange Server being used to send Spam

Posted on 2009-05-04
2
509 Views
Last Modified: 2012-05-06
I have a customer that has an exchange server that is being used to send spam.  It a Windows SBS Server 2003, and everything was fine until this weekend.  I have checke dfor an open relay, there is none.  I was able to narrow down to an IP Address that was connecting to my server to send the spam, I blocked that IP Address.  How did this hapopen and what else can I check to see hwo it happened and also how do I prevent this.
0
Comment
Question by:rshooper76
2 Comments
 
LVL 65

Accepted Solution

by:
Mestha earned 500 total points
ID: 24300312
There are basically three ways an Exchange 2003 server can be abused.

Open Relay
Authenticated relay
NDR spam.

Authenticated relay is where an account is compromised and then used to authenticate when sending email. By default this option is turned on and the Administrator account is targeted.

NDR spam is where email is sent to the server with invalid email addresses on purpose, the idea being that the server then rejects the email and sends an NDR back to the "sender". The sender is spoofed and is the real target.

My spam cleanup article goes through all three methods and how to secure the server:
http://www.amset.info/exchange/spam-cleanup.asp

Simon.
0
 
LVL 9

Author Comment

by:rshooper76
ID: 24376509
I'll look at this and see what I find.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now