Solved

How do i for avoid sending SPAM from my LAN (Exchange 2003)?

Posted on 2010-11-17
4
538 Views
Last Modified: 2012-06-21
Hello,

My Exchange server 2003, have been blocked for sending email.

Curiosly, MBDATA directory it's growing brutally, and queues, are showing thousands and thousands of mails...not from my domain.

queue
How do i for avoiding this sort of SPAM attack?

My Exchange it's not Open Relay.

Thanks in advance
0
Comment
Question by:VMWARE
  • 2
4 Comments
 
LVL 5

Expert Comment

by:frostsystems
ID: 34159989
Use an Enterprise class spam filtering service like Postini or Spamsoap.

Afterwards, lock down your router and Exchange server to only receive SMTP traffic from Postini or Spamsoap IP ranges.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 34160137
You look like you are an authenticated relay - please have a read through my article, increase your logging, identify the abused account, change the password, restart the SMTP Service and then review your server security:

Article:
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2556-Why-are-my-outbound-queues-filling-up-with-mail-I-didn't-send.html

Blog Article (worth a read):
http://alanhardisty.wordpress.com/2010/09/28/increase-in-frequency-of-security-alerts-on-servers-from-hackers-trying-brute-force-password-programs/
0
 

Author Comment

by:VMWARE
ID: 34167503
Hello alanhardisty,

How it's possible this type of attack from the compromised account?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34167619
If I know a username and password for a user on your server, because I have tried brute force password attacks on your server or keep trying different usernames and passwords for various account names, it won't take me long to try thousands of passwords and eventually hit the right one.

If your server security does not enforce strong passwords, does not regularly require passwords to be changed and does not lockout accounts after a handful of invalid bad login attempts, then hackers will have a field-day with your server.

Armed with a username and password, essentially the same as giving squatters a key to your house, the spammers can send thousands of spam to your server which your server will instantly accept because you let authenticated users relay through your server.

As a result, until you identify the account that is being abused, the spammers will continue to send spam to your server, causing you all kinds of problems including blacklisting, clogged up internet connection and then problems sending out genuine emails due to the blacklisting.

Does that all make sense?
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Read this checklist to learn more about the 15 things you should never include in an email signature.
Familiarize people with the process of utilizing SQL Server stored procedures from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Micr…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

943 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now