Message Queue Viewer | Is Hackers using my SMTP for SPAMING ?

gs1uk
gs1uk used Ask the Experts™
on
Hi Experts,

I use a SBS 2008 server and would like some help from you.,

Today I just had a look at my Message Queue Viewer and noticed there are many address I dont send which was saying undelivered. when I opened them I saw these messages in the queue.
-----------------------------------------------------------------------------------------
Identity: SRV0801\27936\58191
Subject: Undeliverable: Max-Gentleman*Enlargement*Pills
Internet Message ID: <c7f88d63-c21b-4d02-a0cc-a5351c47d134>
From Address: <>
Status: Retry
Size (KB): 8
Message Source Name: DSN
Source IP: 255.255.255.255
SCL: -1
Date Received: 08/08/2011 12:00:00 PM
Expiration Time: 10/08/2011 12:00:00 PM
Last Error: 451 qqt failure (#4.3.0)
Queue ID: SRV0801\27936
Recipients:  siks@nfml.com
-----------------------------------------------------------------------------------------

Is my SMTP server compromised and How do i block it from hackers using it.

Please help.

Many Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Simply turn off open relay.
Commented:
This could be a problem with your antispam settings. I guess you are using POP-Connector to recieve your emails.

If you do, you should turn of antispam in Exchange, otherwise automatic responses to emails that are allowed by your provider, but rejected by Exchange will get "trapped", because the spamer used a fake or missing sender address. It is problematic to have two layers of antispam (Provider + Exchange), because emails that are already accepted by your provider can not be simply rejected by Exchange - they need to be answered by regulations of the SMTP protocol.

I don't believe that you have a security problem (open relay) on your server. It is very hard to do that kind of misconfiguration with Exchange.To be sure you should use the link provided in the first answer.

Even better than turning off antispam in Exchange would be to swtich from POP-Connector to SMTP. Here are some reasons, why this is better: http://blog.sembee.co.uk/post/Why-you-shouldnt-use-a-POP3-Connector.aspx
Alan HardistyCo-Owner
Top Expert 2011

Commented:
Messages from <> are Postmaster messages (Non Delivery Reports) and this issue can be resolved by enabling Recipient Filtering, but only if your server is the first server to receive your emails.  As you have SBS 2008 - the Anti-Spam tools are already installed and configured.  Did you / someone disable them, or do you not receive your mail directly?

If you use a 3rd party host who accepts your messages first, then passes them on to you - you can't recipient filter and your server then becomes responsible for sending NDR messages (which is what this message is) back to the spammer, but as this spammer has spoofed the sending address, the message is stuck in your queue.

You will probably find you are listed on backscatterer.org (check on www.mxtoolbox.com/blacklists.aspx) and if you are - you need to either enable Recipient Filtering or if you have a 3rd party receiving your mail first, then need to Recipient Filter for you.  If they can't do this - then I'd ditch them and receive mail directly to your server.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial