• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 520
  • Last Modified:

Exchange Server being used to send Spam

I have a customer that has an exchange server that is being used to send spam.  It a Windows SBS Server 2003, and everything was fine until this weekend.  I have checke dfor an open relay, there is none.  I was able to narrow down to an IP Address that was connecting to my server to send the spam, I blocked that IP Address.  How did this hapopen and what else can I check to see hwo it happened and also how do I prevent this.
0
rshooper76
Asked:
rshooper76
1 Solution
 
MesthaCommented:
There are basically three ways an Exchange 2003 server can be abused.

Open Relay
Authenticated relay
NDR spam.

Authenticated relay is where an account is compromised and then used to authenticate when sending email. By default this option is turned on and the Administrator account is targeted.

NDR spam is where email is sent to the server with invalid email addresses on purpose, the idea being that the server then rejects the email and sends an NDR back to the "sender". The sender is spoofed and is the real target.

My spam cleanup article goes through all three methods and how to secure the server:
http://www.amset.info/exchange/spam-cleanup.asp

Simon.
0
 
rshooper76Author Commented:
I'll look at this and see what I find.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now