?
Solved

Internal Spammer or External Spammer

Posted on 2011-10-19
13
Medium Priority
?
212 Views
Last Modified: 2012-05-12
How do i find out if Spam is coming from Internal or External Source.
My queues are filled with Spam and i have no way of finding out where it is coming from.
I want to stop it somehow too ... Can i setup a rule to drop it or something ?
0
Comment
Question by:Itomicltd
  • 6
  • 3
  • 3
  • +1
13 Comments
 

Author Comment

by:Itomicltd
ID: 36992328
Exchange 2007 on a Windows 2003 server.
0
 
LVL 14

Expert Comment

by:Shabarinath Ramadasan
ID: 36992386
See to which address those mails are getting delivered. Open that mailbox and see the message header of one spam. See from where its generating and take the corrective actions.

Good luck
Shaba
0
 

Author Comment

by:Itomicltd
ID: 36992415
Queues are going out... addresses are .HINET or Yahoo, See header below... No Internal IP listed....

Identity: mail07\83\626
Subject: Undeliverable: ¡¹¡¹§Ú¦³¤@¥÷­Ý¾ªº¤u§@¤¶²Ð±z¡¹¡¹related to
Internet Message ID: <31cce163-e08d-4032-9d61-d00bcb67672a>
From Address: <>
Status: Ready
Size (KB): 36
Message Source Name: DSN
Source IP: 255.255.255.255
SCL: -1
Date Received: 10/19/2011 12:32:31 PM
Expiration Time: 10/21/2011 12:32:31 PM
Last Error:
Queue ID: mail07\83
Recipients:  biotgrdqvxvyjw@ms12.hinet.net
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 21

Expert Comment

by:Papertrip
ID: 36995355
How do i find out if Spam is coming from Internal or External Source.
Put your server into http://www.mxtoolbox.com/diagnostic.aspx and make sure it is not an open relay.

If it comes back clean, then the spam is originating from inside your network and/or allowed relay domains.
0
 

Author Comment

by:Itomicltd
ID: 36998576
This is what came back. Now how do i close the relay (as i thought i had !).



 Spam Test
0
 

Author Comment

by:Itomicltd
ID: 36998976
Guys,

This is gone on for a number of days and no-one seems to be able to at least offer me a rule or something that says drop all mail send from external email address from inside the organisation (that's the only thing that is common, the mails are send from external address to external address)....there surely has to be someway to stop the mail flowing out first and foremost without effecting mail from domain addresses. I can find the problem after but this is vital i at least drop these mails before they get outside to interntet....

Cheers,

P.
0
 
LVL 17

Accepted Solution

by:
lucid8 earned 2000 total points
ID: 37001271
Solution 1

Here is a simple command that you can run from the Exchange Management Shell to close down an OPEN RELAY.

Get-ReceiveConnector “YourReceiveConnectorName” | Remove-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “ms-Exch-SMTP-Accept-Any-Recipient”

Replace “YourReceiveConnector” with the name of your Receive Connector and then run the command.

To test if you are an open relay, you can visit  http://www.mxtoolbox.com/diagnostic.aspx


Solution 2:

1. open exchange 2007 console and go to "Organization Configuration" and then to "Hub Transport"
   
2. Select "Transport Rules" tab
   
3. From the "Action Pane" on the right select "New Transport Rule"
   
4. Type any name and any comment and press next
   
5. From the conditions window select "From users inside or outside my organization" and "Send to users inside or outside my organization" and from the details select the "Inside" links and switch both to "outside" then press next
   
6. From the "Actions" window select the last action "Silently drop the message" and press next
    If you have any exceptions you can configure it in the "Exceptions" window ,If not just press next
    again  Press "New" then "finish"

This will prevent any email sent from any one outside your organization and sent to anyone outside too from passing through your server and will stop relay


For more information see this : http://technet.microsoft.com/en-us/library/315d9c42-1ab4-4ef4-9292-12cdcb9c98cf.aspx

and especially this note:
ms-Exch-SMTP-Accept-Any-Recipient
      
Submit Messages to any Recipient
      
This permission allows the session to relay messages through this connector. If this permission isn't granted, only messages addressed to recipients in accepted domains are accepted by this connector.
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 37001415
This is gone on for a number of days and no-one seems to be able to at least offer me a rule or something that says drop all mail send from external email address from inside the organisation
Yes, and you just answered the last question we had last night, and it did show that you have an open relay.  It's not like nobody has been trying to point you in the right direction.

Be patient.
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 37001425
Close the open relay as lucid8 instructed and we'll go from there.
0
 

Author Comment

by:Itomicltd
ID: 37002287
I got it sorted. I needed to disable the internal relay and Allow anonymous users on default connector.
I have had this issue a number of days and logged more than one question on various forums and no-one suggested this solution...I posted the "this has been going on for a number of days......" post out of frustration and posted to any forum i asked the question in...so apologies if i seemed impatient as this was only a recent thread i started....If you can imagine i had 3 days of mail flowing out and no-one suggested a rule or anything to stop it, i looked up forums to stop open relays and did all that was required.... Checked logs, put in transport rules...nada !!! So i called MS and boom...Solved! I'm sorry if i seemed petulant...
0
 
LVL 17

Expert Comment

by:lucid8
ID: 37002308
Glad you got it sorted and yeah I imagine it wasn't a fun time for you eh?
0
 

Author Comment

by:Itomicltd
ID: 37002339
Ha Ha.... not fun at all...Thanks for your help all the same...
0
 
LVL 17

Expert Comment

by:lucid8
ID: 37002355
Thanks for the points much appreciated
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post, we will learn to set up the Group Naming policy and will see how it is going to impact the Display Name and the Email addresses of the Group.
There are literally thousands of Exchange recovery applications out there. So how do you end up picking one that’s ideal for your business & purpose? By carefully scouting the product’s features, the benefits it offers you, & reading ample reviews f…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question