Solved

Exchange Server being used to send Spam

Posted on 2009-05-04
2
513 Views
Last Modified: 2012-05-06
I have a customer that has an exchange server that is being used to send spam.  It a Windows SBS Server 2003, and everything was fine until this weekend.  I have checke dfor an open relay, there is none.  I was able to narrow down to an IP Address that was connecting to my server to send the spam, I blocked that IP Address.  How did this hapopen and what else can I check to see hwo it happened and also how do I prevent this.
0
Comment
Question by:rshooper76
2 Comments
 
LVL 65

Accepted Solution

by:
Mestha earned 500 total points
ID: 24300312
There are basically three ways an Exchange 2003 server can be abused.

Open Relay
Authenticated relay
NDR spam.

Authenticated relay is where an account is compromised and then used to authenticate when sending email. By default this option is turned on and the Administrator account is targeted.

NDR spam is where email is sent to the server with invalid email addresses on purpose, the idea being that the server then rejects the email and sends an NDR back to the "sender". The sender is spoofed and is the real target.

My spam cleanup article goes through all three methods and how to secure the server:
http://www.amset.info/exchange/spam-cleanup.asp

Simon.
0
 
LVL 9

Author Comment

by:rshooper76
ID: 24376509
I'll look at this and see what I find.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Utilizing an array to gracefully append to a list of EmailAddresses
Read this checklist to learn more about the 15 things you should never include in an email signature.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question