troubleshooting Question

Exchange Server 2003 - ISP Blocked Outgoing SMTP 550

Avatar of Higalv
HigalvFlag for United Kingdom of Great Britain and Northern Ireland asked on
ExchangeEmail ServersEmail Protocols
3 Comments2 Solutions1838 ViewsLast Modified:
We are running Exchange server 2003 and this morning it appears that someone has been sending a large bulk of outgoing mail

There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator.
            <mailserver.com #5.5.0 smtp;550-<mailserver IP here> is blocked due to abuse. Contact abuse@demon.net for more

The block has now been removed but I am trying to understand more about how this has occurred and how to prevent this from re-occurring in the future.

As far as I can see a large number (about 5000) of messages were sent from our exchange server this morning.

I can see the IP address of the user who was connected to our exchange server when these messages were sent but not how they managed to get onto our exchange box in the first place.

Our ISP placed the block on us sending outgoing mail after they were informed by other ISP's that and address on their network was sending a large amount of mail. With that address being our mail servers IP.

Our ISP's response regarding this was:
This is an SMTP Authentication issue. Basically there are 1 or
more weak passwords for user accounts to access your mail server
and one or more have been compromised allowing the hacker to relay
their mail through your server.

We require you to change and secure every users password and
preferably perform a full and thorough scan to each computer on the
network.

Please then report back to us when finished and we'll unblock the
service.

I have since set every active directory user account to 'Must change password at next login' and our ISP has removed the block. Was this really as simple as someone somehow cracking or guessing a username and password and sending SMTP commands to use our exchange server for sending out Bulk amounts of SPAM?

Is there an easy way to spot what exactly has happened and what steps should we take to try and prevent this happening again in the future?
ASKER CERTIFIED SOLUTION
Join our community to see this answer!
Unlock 2 Answers and 3 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 3 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros