Solved

How do i for avoid sending SPAM from my LAN (Exchange 2003)?

Posted on 2010-11-17
4
542 Views
Last Modified: 2012-06-21
Hello,

My Exchange server 2003, have been blocked for sending email.

Curiosly, MBDATA directory it's growing brutally, and queues, are showing thousands and thousands of mails...not from my domain.

queue
How do i for avoiding this sort of SPAM attack?

My Exchange it's not Open Relay.

Thanks in advance
0
Comment
Question by:VMWARE
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 5

Expert Comment

by:frostsystems
ID: 34159989
Use an Enterprise class spam filtering service like Postini or Spamsoap.

Afterwards, lock down your router and Exchange server to only receive SMTP traffic from Postini or Spamsoap IP ranges.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 34160137
You look like you are an authenticated relay - please have a read through my article, increase your logging, identify the abused account, change the password, restart the SMTP Service and then review your server security:

Article:
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2556-Why-are-my-outbound-queues-filling-up-with-mail-I-didn't-send.html

Blog Article (worth a read):
http://alanhardisty.wordpress.com/2010/09/28/increase-in-frequency-of-security-alerts-on-servers-from-hackers-trying-brute-force-password-programs/
0
 

Author Comment

by:VMWARE
ID: 34167503
Hello alanhardisty,

How it's possible this type of attack from the compromised account?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34167619
If I know a username and password for a user on your server, because I have tried brute force password attacks on your server or keep trying different usernames and passwords for various account names, it won't take me long to try thousands of passwords and eventually hit the right one.

If your server security does not enforce strong passwords, does not regularly require passwords to be changed and does not lockout accounts after a handful of invalid bad login attempts, then hackers will have a field-day with your server.

Armed with a username and password, essentially the same as giving squatters a key to your house, the spammers can send thousands of spam to your server which your server will instantly accept because you let authenticated users relay through your server.

As a result, until you identify the account that is being abused, the spammers will continue to send spam to your server, causing you all kinds of problems including blacklisting, clogged up internet connection and then problems sending out genuine emails due to the blacklisting.

Does that all make sense?
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
In-place Upgrading Dirsync to Azure AD Connect
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question