gs1uk
asked on
Message Queue Viewer | Is Hackers using my SMTP for SPAMING ?
Hi Experts,
I use a SBS 2008 server and would like some help from you.,
Today I just had a look at my Message Queue Viewer and noticed there are many address I dont send which was saying undelivered. when I opened them I saw these messages in the queue.
--------------------------
Identity: SRV0801\27936\58191
Subject: Undeliverable: Max-Gentleman*Enlargement*
Internet Message ID: <c7f88d63-c21b-4d02-a0cc-a
From Address: <>
Status: Retry
Size (KB): 8
Message Source Name: DSN
Source IP: 255.255.255.255
SCL: -1
Date Received: 08/08/2011 12:00:00 PM
Expiration Time: 10/08/2011 12:00:00 PM
Last Error: 451 qqt failure (#4.3.0)
Queue ID: SRV0801\27936
Recipients: siks@nfml.com
--------------------------
Is my SMTP server compromised and How do i block it from hackers using it.
Please help.
Many Thanks
I use a SBS 2008 server and would like some help from you.,
Today I just had a look at my Message Queue Viewer and noticed there are many address I dont send which was saying undelivered. when I opened them I saw these messages in the queue.
--------------------------
Identity: SRV0801\27936\58191
Subject: Undeliverable: Max-Gentleman*Enlargement*
Internet Message ID: <c7f88d63-c21b-4d02-a0cc-a
From Address: <>
Status: Retry
Size (KB): 8
Message Source Name: DSN
Source IP: 255.255.255.255
SCL: -1
Date Received: 08/08/2011 12:00:00 PM
Expiration Time: 10/08/2011 12:00:00 PM
Last Error: 451 qqt failure (#4.3.0)
Queue ID: SRV0801\27936
Recipients: siks@nfml.com
--------------------------
Is my SMTP server compromised and How do i block it from hackers using it.
Please help.
Many Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
spiderwilk007
Simply turn off open relay.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Messages from <> are Postmaster messages (Non Delivery Reports) and this issue can be resolved by enabling Recipient Filtering, but only if your server is the first server to receive your emails. As you have SBS 2008 - the Anti-Spam tools are already installed and configured. Did you / someone disable them, or do you not receive your mail directly?
If you use a 3rd party host who accepts your messages first, then passes them on to you - you can't recipient filter and your server then becomes responsible for sending NDR messages (which is what this message is) back to the spammer, but as this spammer has spoofed the sending address, the message is stuck in your queue.
You will probably find you are listed on backscatterer.org (check on www.mxtoolbox.com/blacklists.aspx) and if you are - you need to either enable Recipient Filtering or if you have a 3rd party receiving your mail first, then need to Recipient Filter for you. If they can't do this - then I'd ditch them and receive mail directly to your server.
If you use a 3rd party host who accepts your messages first, then passes them on to you - you can't recipient filter and your server then becomes responsible for sending NDR messages (which is what this message is) back to the spammer, but as this spammer has spoofed the sending address, the message is stuck in your queue.
You will probably find you are listed on backscatterer.org (check on www.mxtoolbox.com/blacklists.aspx) and if you are - you need to either enable Recipient Filtering or if you have a 3rd party receiving your mail first, then need to Recipient Filter for you. If they can't do this - then I'd ditch them and receive mail directly to your server.