VMWARE
asked on
How do i for avoid sending SPAM from my LAN (Exchange 2003)?
Hello,
My Exchange server 2003, have been blocked for sending email.
Curiosly, MBDATA directory it's growing brutally, and queues, are showing thousands and thousands of mails...not from my domain.
How do i for avoiding this sort of SPAM attack?
My Exchange it's not Open Relay.
Thanks in advance
My Exchange server 2003, have been blocked for sending email.
Curiosly, MBDATA directory it's growing brutally, and queues, are showing thousands and thousands of mails...not from my domain.
How do i for avoiding this sort of SPAM attack?
My Exchange it's not Open Relay.
Thanks in advance
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello alanhardisty,
How it's possible this type of attack from the compromised account?
How it's possible this type of attack from the compromised account?
If I know a username and password for a user on your server, because I have tried brute force password attacks on your server or keep trying different usernames and passwords for various account names, it won't take me long to try thousands of passwords and eventually hit the right one.
If your server security does not enforce strong passwords, does not regularly require passwords to be changed and does not lockout accounts after a handful of invalid bad login attempts, then hackers will have a field-day with your server.
Armed with a username and password, essentially the same as giving squatters a key to your house, the spammers can send thousands of spam to your server which your server will instantly accept because you let authenticated users relay through your server.
As a result, until you identify the account that is being abused, the spammers will continue to send spam to your server, causing you all kinds of problems including blacklisting, clogged up internet connection and then problems sending out genuine emails due to the blacklisting.
Does that all make sense?
If your server security does not enforce strong passwords, does not regularly require passwords to be changed and does not lockout accounts after a handful of invalid bad login attempts, then hackers will have a field-day with your server.
Armed with a username and password, essentially the same as giving squatters a key to your house, the spammers can send thousands of spam to your server which your server will instantly accept because you let authenticated users relay through your server.
As a result, until you identify the account that is being abused, the spammers will continue to send spam to your server, causing you all kinds of problems including blacklisting, clogged up internet connection and then problems sending out genuine emails due to the blacklisting.
Does that all make sense?
Afterwards, lock down your router and Exchange server to only receive SMTP traffic from Postini or Spamsoap IP ranges.