Solved

Spam Relay Problems

Posted on 2009-05-05
7
369 Views
Last Modified: 2012-05-06
I hope someone can shed some light onto thiw. None of the solutions I have found have worked.

A customer has an SBS 2003 server running exchange. They use SMTP for both incoming and outgoing mail.

Someone is sending 1000's of mails through their server as postmaster@theirdomain.com

I have tried all sorts to block them but they appear to have random IP addresses. If I disable SMTP relay then nobody can send or recieve mails. If I turn on authentication then outside servers cannot send mail to their mail server.

Hope someone has come across this before.

Thanks in advance
0
Comment
Question by:jgearhart
  • 3
  • 2
  • 2
7 Comments
 
LVL 24

Accepted Solution

by:
Rajith Enchiparambil earned 300 total points
ID: 24304189
This is NDR attack. Configure recipient filtering, smtp tarpitting.

Follow this article in full http://www.amset.info/exchange/spam-cleanup.asp

http://enchiparambil.com/smtp_tarpitting_for_exchange.aspx

Rajith.
0
 
LVL 24

Assisted Solution

by:Rajith Enchiparambil
Rajith Enchiparambil earned 300 total points
ID: 24304194
0
 
LVL 11

Assisted Solution

by:g000se
g000se earned 200 total points
ID: 24304219
Helllo,

In Exchange look under- Message Delivery.  You can block the Spam
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:jgearhart
ID: 24304684
I have checked using telnet and according to that the system is secure. I am at a loss to explain how they are managing to send mails through the server. They are sending them using out own postmaster address which I understand cannot be disabled.

The mail is going out FROM the server as postmaster not incoming as postmaster.

Is there a way to secure this so that only the system can recreate an outgoing mail as postmaster?

I have managed to stop the mails from leaving the server but they are just backing up in the queues now at a rate of about 600 per hour.

Any suggestions?

I have a watchguard x10e by the way if anyone has any suggestions on additional configuration options.
0
 
LVL 24

Assisted Solution

by:Rajith Enchiparambil
Rajith Enchiparambil earned 300 total points
ID: 24305433
have you configured IMF in Exchange 2003, especially sender id filtering? What about smtp tarpitting?

Configure IMF as a measure to fight spam. In your case, it seems like the spammer is sending emails to non-existent users in your domain and your server is responding with an ndr when the user is not found.

http://www.petri.co.il/block_spam_with_exchange2003_imf.htm
0
 
LVL 11

Assisted Solution

by:g000se
g000se earned 200 total points
ID: 24305783
Using the message delivery in Exchange is a no cost solution in fighting against SPAM.  You can also block it at the client level too in Outlook.
0
 

Author Closing Comment

by:jgearhart
ID: 31577996
I managed to solve the problem using the watchguard SMTP proxy built into the router.

This seems to be the solution with the lowest resource overhead since the server is not particually powerful.

I basically told the router to reject all mails in both directions for postmaster@domain.com

This seems to have cured the problem.

Many Thanks for all your comments

I have split the points between you because nobody came up with a solution that solved the problems but you all pointed me in the correct direction.

0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question