?
Solved

Is my server spamming?

Posted on 2009-05-06
15
Medium Priority
?
372 Views
Last Modified: 2012-08-13
I've noticed a couple of odd things lately.  I got this email in my junk mail folder and looked at the Internet headers.  It seems odd to me and has raised the question as if my mail server is trying to be used as a relay server but the emails aren't going out.  Here are the headers.  I have changed my server name in the headers for privacy.  Where you see MY.SERVER, MY IP ADDRESS, and mail.mycompany.com, that is me.

Note that I do have 2 mail relays set up for internal use with the following properties:

Authentication: Basic Authentication, Exchange Server Authentication, and Integrated Windows Authentication
Permission Groups: Exchange Users, Exchange Servers

Received: from mail.mycompany.com (MY IP ADDRESS) by
 MY.SERVER (MY IP ADDRESS) with Microsoft SMTP Server (TLS) id
 8.1.358.0; Tue, 5 May 2009 16:47:14 -0400
Received: from sa3.bezeqint.net (192.115.104.17) by MY.SERVER
 (MY IP ADDRESS) with Microsoft SMTP Server id 8.1.358.0; Tue, 5 May 2009
 16:47:01 -0400
Received: from localhost (sa3 [127.0.0.1])      by sa3.bezeqint.net (Bezeq
 International SMTP out Mail Server) with ESMTP id 842213049A;      Tue,  5 May
 2009 23:49:52 +0300 (IDT)
Received: from sa3.bezeqint.net ([127.0.0.1])      by localhost (sa3.bezeqint.net
 [127.0.0.1]) (amavisd-new, port 10024)      with ESMTP id JCoz2jveehZV; Tue,  5
 May 2009 23:49:51 +0300 (IDT)
Received: from smtp.prv.pl (bzq-79-176-139-211.red.bezeqint.net
 [79.176.139.211])      by sa3.bezeqint.net (Bezeq International SMTP out Mail
 Server) with ESMTP;      Tue,  5 May 2009 23:49:51 +0300 (IDT)
Received: from nwap.aace.com ([24.33.56.225]) by mhuu.aace.com (Sun Java
 System Messaging Server 6.1 HotFix 0.03 (built Aug 22 2004)) with ESMTP id
 <0D5A00BR142DG52@185.140.1.236.aace.com> for elcangri-3030@hotmail.com; Tue,
 05 May 2009 15:50:03 -0600 (IST)
Date: Tue, 5 May 2009 15:50:03 -0600
From: Augusta Mccormick <burgessbskatea@aace.com>
To: <elcangri-3030@hotmail.com>
Subject: Do You follow Penny Company
Message-ID: <k2Xzk_7X38l31VP3V6w4@aace.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-WatchGuard-Spam-ID: str=0001.0A090207.4A00A673.0081,ss=2,fgs=0
X-WatchGuard-Spam-Score: 2, suspect; 0, no virus
X-WatchGuard-Mail-Client-IP: 192.115.104.17
X-WatchGuard-Mail-From: burgessbskatea@aace.com
Return-Path: burgessbskatea@aace.com
X-MS-Exchange-Organization-PRD: aace.com
Received-SPF: PermError (MY.SERVER: domain of
 burgessbskatea@aace.com used an invalid SPF mechanism)
X-MS-Exchange-Organization-SenderIdResult: PERMERROR
0
Comment
Question by:wakebrdr77
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 6
15 Comments
 

Author Comment

by:wakebrdr77
ID: 24314039
UPDATE

I also have another mail relay set up on Exchange with the following below.  It's used for a secure site I have hosted in IIS for users to fill out forms and then mail them to us.

Authentication: Transport Layer (TLS) and Externally Secured
Permission Groups: Anonymous, Exchange Users, Exchange Servers
0
 
LVL 24

Accepted Solution

by:
Rajith Enchiparambil earned 1500 total points
ID: 24314046
Check whether you are an open relay here http://www.mxtoolbox.com/diagnostic.aspx to start with.
0
 

Author Comment

by:wakebrdr77
ID: 24315158
It says that I'm not an open relay.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 6

Expert Comment

by:MrJesse34
ID: 24315390
Check your SMTP Server in Exchange Manager.  SEe what the current active connections are.  If you have a bunch of weird connections you don't recognize, you could be spamming.  why don't you post any wierd connections that you see?

You can also set a logfile to monitor these logins.
0
 

Author Comment

by:wakebrdr77
ID: 24315617
I have the Default and Client Receive connectors and then the 2 relays that I set up.

What do you mean by the current active connections? Where do I see this at?
0
 
LVL 6

Expert Comment

by:MrJesse34
ID: 24315624
Under the SMTP Protocol
0
 

Author Comment

by:wakebrdr77
ID: 24315648
I'm sorry but that doesn't tell me exactly where to look and what I'm looking for.
0
 
LVL 6

Expert Comment

by:MrJesse34
ID: 24315673
Go into Exchange Manager, Open up the protocols for your local Exchange Server instance, and then it will have a list like this:

X400
POP3
IMAP
SMTP

and each of the nodes will be expandable.  Expand the SMTP node and look at the current sessions option.
0
 

Author Comment

by:wakebrdr77
ID: 24316018
I'm not seeing this in Exchange 2007.  I've resulted to further research on the Internet.  If you can tell me how to get to the Protocols AFTER I open Exchange Manager that may help.
0
 
LVL 6

Expert Comment

by:MrJesse34
ID: 24316064
Check the picture attached:


exchange.JPG
0
 

Author Comment

by:wakebrdr77
ID: 24316089
I'm using Exchange 2007, isn't this for 2003? I don't have this.
0
 
LVL 6

Expert Comment

by:MrJesse34
ID: 24316122
Yeah you're right sorry.  Still, you should be able to find the protocols somewhere.  You need to get to your defaul SMTP virtual server to find out what current sessions are running.  Like I said before, you can enable logging on this as well to tell you if people are connecting where they shouldnt.
0
 

Author Comment

by:wakebrdr77
ID: 24317340
Exchange 2007 uses Receive Connectors in place of the SMTP virtual server.  I have enabled protocol logging, but am unsure of how to see if people are connecting where they shouldn't.  I've ran a few more relay tests and everything seems to be ok.  I'm just going to go with this for now. Thanks.
0
 
LVL 6

Expert Comment

by:MrJesse34
ID: 24317386
Ok, well I'm glad I spent the time on this if you were just gonna give the answer to the first person who responded.
0
 

Author Comment

by:wakebrdr77
ID: 24317456
Maybe I should've been more specific in the beginning by stating that I was using EXCHANGE 2007 as ALL of your answers were for 2003.  There's no need to be sarcastic about this, just in my experience if no one has responded within a few hours of posting, no one does.  I was doing this research on my own as your answers were incorrect and I was tired of bouncing back on here for stuff that wasn't helping me at all.

I wanted to give you the benefit of the doubt for taking the time and offering me that link, but next time I'll think twice as I deserve more respect than your petty sarcasm.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question