How do I protect against authenticated users being used as spam relay
Posted on 2009-05-20
I have recently joined a company that has Exchange 2003 SP1 on a 2003 SP2 server. Our Firewall is a Watchguard Edge X55e using common packet filter policies. A Sendio I.C.E. box scans for spam & viruses before routing SMTP traffic to the mail server. OWA is enabled, so OWA traffic is NATed through the firewall directly to the mail server. We are not an open relay.
We recently got spam blacklisted, I think because a user account had been compromised & been used to relay spam. In the past users had been allowed very weak passwords & hardly ever changed them. A more rigorous regime is now in place & all passwords have been changed. We have been delisted & so far we're ok.
My question is, what else should I do to prevent against this happening again?
Any suggestions would be greatly appreciated as I am going on holiday on Saturday & would like the peace of mind of knowing that our system is secure whilst I'm away!