Solved

How do i for avoid sending SPAM from my LAN (Exchange 2003)?

Posted on 2010-11-17
4
537 Views
Last Modified: 2012-06-21
Hello,

My Exchange server 2003, have been blocked for sending email.

Curiosly, MBDATA directory it's growing brutally, and queues, are showing thousands and thousands of mails...not from my domain.

queue
How do i for avoiding this sort of SPAM attack?

My Exchange it's not Open Relay.

Thanks in advance
0
Comment
Question by:VMWARE
  • 2
4 Comments
 
LVL 5

Expert Comment

by:frostsystems
ID: 34159989
Use an Enterprise class spam filtering service like Postini or Spamsoap.

Afterwards, lock down your router and Exchange server to only receive SMTP traffic from Postini or Spamsoap IP ranges.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 34160137
You look like you are an authenticated relay - please have a read through my article, increase your logging, identify the abused account, change the password, restart the SMTP Service and then review your server security:

Article:
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2556-Why-are-my-outbound-queues-filling-up-with-mail-I-didn't-send.html

Blog Article (worth a read):
http://alanhardisty.wordpress.com/2010/09/28/increase-in-frequency-of-security-alerts-on-servers-from-hackers-trying-brute-force-password-programs/
0
 

Author Comment

by:VMWARE
ID: 34167503
Hello alanhardisty,

How it's possible this type of attack from the compromised account?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34167619
If I know a username and password for a user on your server, because I have tried brute force password attacks on your server or keep trying different usernames and passwords for various account names, it won't take me long to try thousands of passwords and eventually hit the right one.

If your server security does not enforce strong passwords, does not regularly require passwords to be changed and does not lockout accounts after a handful of invalid bad login attempts, then hackers will have a field-day with your server.

Armed with a username and password, essentially the same as giving squatters a key to your house, the spammers can send thousands of spam to your server which your server will instantly accept because you let authenticated users relay through your server.

As a result, until you identify the account that is being abused, the spammers will continue to send spam to your server, causing you all kinds of problems including blacklisting, clogged up internet connection and then problems sending out genuine emails due to the blacklisting.

Does that all make sense?
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now