Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

How do i for avoid sending SPAM from my LAN (Exchange 2003)?

Posted on 2010-11-17
4
Medium Priority
?
547 Views
Last Modified: 2012-06-21
Hello,

My Exchange server 2003, have been blocked for sending email.

Curiosly, MBDATA directory it's growing brutally, and queues, are showing thousands and thousands of mails...not from my domain.

queue
How do i for avoiding this sort of SPAM attack?

My Exchange it's not Open Relay.

Thanks in advance
0
Comment
Question by:VMWARE
  • 2
4 Comments
 
LVL 5

Expert Comment

by:frostsystems
ID: 34159989
Use an Enterprise class spam filtering service like Postini or Spamsoap.

Afterwards, lock down your router and Exchange server to only receive SMTP traffic from Postini or Spamsoap IP ranges.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 2000 total points
ID: 34160137
You look like you are an authenticated relay - please have a read through my article, increase your logging, identify the abused account, change the password, restart the SMTP Service and then review your server security:

Article:
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2556-Why-are-my-outbound-queues-filling-up-with-mail-I-didn't-send.html

Blog Article (worth a read):
http://alanhardisty.wordpress.com/2010/09/28/increase-in-frequency-of-security-alerts-on-servers-from-hackers-trying-brute-force-password-programs/
0
 

Author Comment

by:VMWARE
ID: 34167503
Hello alanhardisty,

How it's possible this type of attack from the compromised account?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34167619
If I know a username and password for a user on your server, because I have tried brute force password attacks on your server or keep trying different usernames and passwords for various account names, it won't take me long to try thousands of passwords and eventually hit the right one.

If your server security does not enforce strong passwords, does not regularly require passwords to be changed and does not lockout accounts after a handful of invalid bad login attempts, then hackers will have a field-day with your server.

Armed with a username and password, essentially the same as giving squatters a key to your house, the spammers can send thousands of spam to your server which your server will instantly accept because you let authenticated users relay through your server.

As a result, until you identify the account that is being abused, the spammers will continue to send spam to your server, causing you all kinds of problems including blacklisting, clogged up internet connection and then problems sending out genuine emails due to the blacklisting.

Does that all make sense?
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to effectively resolve the number one email related issue received by helpdesks.
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question