Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Exchange is sending SPAM user to user

Posted on 2009-05-19
9
220 Views
Last Modified: 2013-12-09
Hello,
I have an Exchange 2003 server and some users are receiving SPAM emails from themselves. I know this is a SPAM technique but what worries me is that some of the emails have REALLY been sent from Exchange. If I go to the  message tracking centre I can see that the email has been sent. The message ID appears as:

200905197317.46DDB690F56FB0@89-215-118-150.2072968958.ddns-lan.pl.ekk.bg

Is my Exchange server been compromised? Does the user have a virus?

Please help,
Briega
0
Comment
Question by:briega
  • 4
  • 3
  • 2
9 Comments
 

Author Comment

by:briega
ID: 24420039
When you click on one of the emails this is the Message History:

From: user@domain.com
To: user@domain.com
Subject: RE: DISCOUNT ID81968 75% OFF on Pfizer!
Message ID: HLCLDNS02F0SpvmoYoZ00002c1c@hlcldns02.hargrove.internal

18/05/2009 00:18 SMTP: Message Submitted to Advanced Queuing
18/05/2009 00:18 SMTP: Started Message Submission to Advanced Queue
18/05/2009 00:18 SMTP: Advanced Queue Failed to Deliver Message
0
 
LVL 24

Accepted Solution

by:
Rajith Enchiparambil earned 300 total points
ID: 24420050
Authenticated relaying, disable it following this article http://www.amset.info/exchange/smtp-relaysecure.asp

Check whether you are an open relay here http://www.mxtoolbox.com/diagnostic.aspx

Use smtp tarpitting and IMF in exchange 2003 to fight spam.

http://enchiparambil.com/smtp_tarpitting_for_exchange.aspx

http://www.petri.co.il/block_spam_with_exchange2003_imf.htm
0
 

Author Comment

by:briega
ID: 24420128
Thanks for answering.
The open relay check says:

Connect Time: 0 seconds - Good
Transaction Time: 0.516 seconds - Good
Relay Check: OK - This server is not an open relay.

The user is a valid user. Is that email been sent externaly or internaly? Is the user account compromised? Why does it appear in the tracking centre as sent?
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 24420458
Authenticated relaying, disable it following this article http://www.amset.info/exchange/smtp-relaysecure.asp
0
 

Author Comment

by:briega
ID: 24420558
Done! I will monitor the system to see if the issue has stopped. Why does this happen? Is a user machine infected with a virus?
0
 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 24420937
Can be a virus or malicious apps which run on the pc.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24424506
If it was authenticated relaying you could tell - your server would be full of spam. If the password is guessed then the server gets abused. This doesn't look like authenticated relaying.

To me it looks the message has been sent directly to your server, rather than bounced off another relay server. While unusual, it can happen.

Remember - its spam, the entire header cannot be trusted.

Simon.
0
 

Author Comment

by:briega
ID: 24430041
Is there any way of stopping this?
0
 
LVL 65

Assisted Solution

by:Mestha
Mestha earned 200 total points
ID: 24432217
Your antispam tool should be able to deal with those messages in just the same way that it deals with any other spam messages. Just ensure that you haven't white listed your own domain.

Simon.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
Read this checklist to learn more about the 15 things you should never include in an email signature.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question