Solved

Exchange Server being used to send Spam

Posted on 2009-05-04
2
512 Views
Last Modified: 2012-05-06
I have a customer that has an exchange server that is being used to send spam.  It a Windows SBS Server 2003, and everything was fine until this weekend.  I have checke dfor an open relay, there is none.  I was able to narrow down to an IP Address that was connecting to my server to send the spam, I blocked that IP Address.  How did this hapopen and what else can I check to see hwo it happened and also how do I prevent this.
0
Comment
Question by:rshooper76
2 Comments
 
LVL 65

Accepted Solution

by:
Mestha earned 500 total points
ID: 24300312
There are basically three ways an Exchange 2003 server can be abused.

Open Relay
Authenticated relay
NDR spam.

Authenticated relay is where an account is compromised and then used to authenticate when sending email. By default this option is turned on and the Administrator account is targeted.

NDR spam is where email is sent to the server with invalid email addresses on purpose, the idea being that the server then rejects the email and sends an NDR back to the "sender". The sender is spoofed and is the real target.

My spam cleanup article goes through all three methods and how to secure the server:
http://www.amset.info/exchange/spam-cleanup.asp

Simon.
0
 
LVL 9

Author Comment

by:rshooper76
ID: 24376509
I'll look at this and see what I find.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Utilizing an array to gracefully append to a list of EmailAddresses
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question