exchange server 2003 wont send emails to the internet

My server was working fine until yesterday .
It mow will not send email s to the internet but will send internally.
The SMTP connector was sent to rouet directly to the internet via DNS and was working fine ..

Now when i check the queue weird things are there ..

Heaps of what looks like spam generated by the server to be sent to 100's of random addresses by a email account called postmaster@mysmtp.com.au, which ismt a user account , they all are in the queue state and retry to send amongst legitimate emails but fail to send.. i try to force them to connect to no avail.

Im currently running a virus check with eset NOD32 antivirus ..nothing so far

Has my exchange SMTP been overtaken by a virus? or is a virus running a SMTP engine thats preventing port 25 from being used ..

Can anyone tell me how i can diagnose another process using port 25 or suggest whats going on ??

PLease help im screwed without internet email , i can attache a screeny of the queue if anybody wantd to have a look see...

Kramer
Kramer8uAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mike ThomasConsultantCommented:
It is nost likely that your relaying, read this article on how to prevent this  happening.

http://www.petri.co.il/preventing_exchange_2000_2003_from_relaying.htm

NOD32 is pretty god so i doubt you have a virus.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mike ThomasConsultantCommented:
Also check if you have been blacklisted by checking your external IP

http://www.mxtoolbox.com/blacklists.aspx

If you have been relaying for a while you might find yourself on this list, and hence unable to send.
0
Kramer8uAuthor Commented:
i followed the howto i think your right 100%
the howto states that i wont be able to receive any emails if i enable authentication , how do i make sure emailas are recieved but prevent external relaying.
Is this right?
Under SMTP access tab i have set basic and windows integrated authentication and selected the group authenticated users group for submit and relay permission .

Then i set everyone group submit , i thought this might allow emails through , am I on the right trak, or is this unnecessary????

i think your onto it i just need to stop external relaying but allow in emai flow in l for the smtp domain..

I will check you blacklist service to see if we are being dropped i checked spamhuas but we came up clean will try your list hopefully i can unblacklist !!!!!
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Kramer8uAuthor Commented:
only 2 lists returned blacklisting :

Backscatter.org       LISTED      Sorry 60.242.191.1xx is blacklisted at Detail
Return codes were: 127.0.0.2      2100      343
UCEPROTECTL1       LISTED      IP 60.242.191.1xx is UCEPROTECT-Level 1 listed. See Detail
Return codes were: 127.0.0.2      2100      359

what do i do?
0
Kramer8uAuthor Commented:
Finally
also in the exchange queue all the failed smtp sends state the same error:

"The remote server did not respond to a connection attempt."

does this suggest blacklisting or something else?
0
Kramer8uAuthor Commented:
i cant get it working

 all i want to do is somehow filter all inbound relaying or apply some sort of filter so that the SMTP domain name the exchange server handles only gets through.

I dont know if the sever has been hacked , i think it has because even when i disable relaying or only authenticated users only can relay
still hundreds of ip addresses still are able to connect and relay even after i have disabled relaying i dont understand i have set only the users in the smtp connector to relay outbound
 i have set only the servers IP as the only IP that can relay yet still spammer IP's connect and add relayed emails to the ques every minute ..

I think im screwed
should i re-install exchange? should i move to  a hosted email service and use a pop connector cause im lost here.

0
Mike ThomasConsultantCommented:
Don't rebuild just make sure the default setting are as per the article, I would consider using a service like messagelabs which will filter inbound and outbound email and notify you of any issues, you will also have to apply to get off the blacklist but this is not a process I have had to go through.

0
MegaNuk3Commented:
Unless you have POP/IMAP users then untick the "authenticated users can relay"

don't allow the server's IP address to send either as this can be spoofed.
0
MegaNuk3Commented:
Why do you have users allowed to relay on the SMTP connector? Outlook/MAPI users don't need that to send messages
0
MegaNuk3Commented:
Does mxtoolbox say that your server is an open relay?
0
Kramer8uAuthor Commented:
sorry for not getting back to this earlier guys i do appreciate your time in responding.
it was all of the sudden , the default smtp setting were in place but the server was somehow relaying.
I check mxtoolbox and it said i was a open relay.
so i turned off relaying but this stopped the users sending emails , why i don't know , i did try authenticated users only adding individual user accounts .
the users just have a exchange account in their outlook that's it . the server then relays to the ISP smtp via a connector and this was working fine for literally years ..
im not sue if i got this relaying issue clear in my head ,,
if i turn it off will users still be able to send emails via exchange account if so is there a howto one could suggest for secure configuration , so just SMTP no other protocols are in use at the moment
0
MegaNuk3Commented:
How are your users connected? Through Outlook/MAPI? If so, then relaying will have no effect on them.

If they use POP/IMAP then relaying will have an effect. Allowing "Authenticated users" to relay should be enough as long as their Outlook is configured to authenticate with the sending server.
0
MegaNuk3Commented:
when you turn relaying off, what error do the users get when trying to send messages?
0
Kramer8uAuthor Commented:
No error or i don't know where to look, the mail just wont get sent.

Maybe this is because of the open relay blacklisting ??

the use a exchange server profile i guess this is MAPI ?
they don't use IMAP4 or POP3.

Even if i enable autheticated users on the relay i still get random IP addresses add spam to the outgoing queue somehow like 10 -20 a minute from all sorts of IP's , so i don't know how they can use the SMTP to relay when i only allow the users...

Im in the process of just hosting the domain with a email hosting company out of frustration , turning port 25 off and using a exchange pop connector and have a hosting company handle this bullsh..
I hate spammers so bad !!!!!!

Its just i never had this happen before to any of my windows servers
I wonder if there's some sort or exploit for the SMTP service , cause its the only port open on this server
Anyways I give up on a solution and advise others who may experience this to use a commercial email hosting company.
0
MegaNuk3Commented:
Have a look at allowed IP addresses for relaying:
Under ESM expand your Exchange organization-->Administrative Groups-->whatever your AGs are called-->Servers--><expand your servername>-->Protocols-->SMTP-->right click on "Default SMTP Virtual Server"-->Properties-->Access-->Relay-->

Is "only the list below" ticked and is that list empty?
0
Kramer8uAuthor Commented:
thanks for the help , but i just re-configured the server for external pop3 and a pop3 colletor for exchange and closed port 25
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.