nightshft
asked on
Exchange sending out Spam Emails
I'm using Exchange 2003, and have been having a problem for a while now. My mail cue fills up trying to send out junk from inside our system. It usually uses bogus or old email addresses. I go to the line and freeze & delete as many as I can, but I cant seem to find the computer on our network with the virus.
I'm using Trend Micro 8.9, I've scanned, and cleaned up all the problems that I've found, but I continue to get these emails filling up my system.
I've looked at several answers on here, but I'm only running a single exchange server, so some answers dont apply.
Any suggestions? Tools to find where this might be coming from? Big hammer to beat the crap out of the server?
Thanks
I'm using Trend Micro 8.9, I've scanned, and cleaned up all the problems that I've found, but I continue to get these emails filling up my system.
I've looked at several answers on here, but I'm only running a single exchange server, so some answers dont apply.
Any suggestions? Tools to find where this might be coming from? Big hammer to beat the crap out of the server?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
1. I am not an open relay
2. I am using IMAP clients, so I cant disable the relay.
And for DCSDAVE, I have checked on some of the emails, most are not addresses inside our network, there have been a few that were old deleted emails, but not any from actual network users.
I'm going to work on the SMTP Tarpitting
Thanks
2. I am using IMAP clients, so I cant disable the relay.
And for DCSDAVE, I have checked on some of the emails, most are not addresses inside our network, there have been a few that were old deleted emails, but not any from actual network users.
I'm going to work on the SMTP Tarpitting
Thanks
If you are running SBS2003/Exchange you can go to server management/monitoring and reporting and view the server usage reports to see who is sending the most emails and go from there.
You might have to setup the feature and wait a few days before it will display any valid data.
Cheers!
You might have to setup the feature and wait a few days before it will display any valid data.
Cheers!
If you are not an open relay and still have spam emails going out, then it is an authenticated relay by a compromised workstation. You need to disable authenticated relay following the article posted above and see whether it is making a difference.
Why are you giving users IMAP access when you can use OWA or Outlook RPC Over HTTPS?
Why are you giving users IMAP access when you can use OWA or Outlook RPC Over HTTPS?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Keep me posted.