Avatar of gs1uk
gs1uk
 asked on

Message Queue Viewer | Is Hackers using my SMTP for SPAMING ?

Hi Experts,

I use a SBS 2008 server and would like some help from you.,

Today I just had a look at my Message Queue Viewer and noticed there are many address I dont send which was saying undelivered. when I opened them I saw these messages in the queue.
-----------------------------------------------------------------------------------------
Identity: SRV0801\27936\58191
Subject: Undeliverable: Max-Gentleman*Enlargement*Pills
Internet Message ID: <c7f88d63-c21b-4d02-a0cc-a5351c47d134>
From Address: <>
Status: Retry
Size (KB): 8
Message Source Name: DSN
Source IP: 255.255.255.255
SCL: -1
Date Received: 08/08/2011 12:00:00 PM
Expiration Time: 10/08/2011 12:00:00 PM
Last Error: 451 qqt failure (#4.3.0)
Queue ID: SRV0801\27936
Recipients:  siks@nfml.com
-----------------------------------------------------------------------------------------

Is my SMTP server compromised and How do i block it from hackers using it.

Please help.

Many Thanks
ExchangeSBS

Avatar of undefined
Last Comment
Alan Hardisty

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
5g6tdcv4

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
spiderwilk007

Simply turn off open relay.
SOLUTION
servacc

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Alan Hardisty

Messages from <> are Postmaster messages (Non Delivery Reports) and this issue can be resolved by enabling Recipient Filtering, but only if your server is the first server to receive your emails.  As you have SBS 2008 - the Anti-Spam tools are already installed and configured.  Did you / someone disable them, or do you not receive your mail directly?

If you use a 3rd party host who accepts your messages first, then passes them on to you - you can't recipient filter and your server then becomes responsible for sending NDR messages (which is what this message is) back to the spammer, but as this spammer has spoofed the sending address, the message is stuck in your queue.

You will probably find you are listed on backscatterer.org (check on www.mxtoolbox.com/blacklists.aspx) and if you are - you need to either enable Recipient Filtering or if you have a 3rd party receiving your mail first, then need to Recipient Filter for you.  If they can't do this - then I'd ditch them and receive mail directly to your server.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy