Exchange Email Spam

I have an account using exchange email.  There domain has become infected somehow.  Two of the users are getting regular spam and the MX Lookup tool has had their account on suspended with some of the companies.  This is what has been done:

1. Full virus and malware scans (21 infections killed) on all  the machines using the domain.
2. Changed all of the machine passwords
3. Restored the reference to any companies listing the domain on the blacklist (CBL)
4. Registered the domain with emailreg

Two of the clients are still getting up to 150 spam emails a day.  They are going directly into the junk mail account but we need to stop the access.  Is there a way this can happen?
LVL 3
mcleevesAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

pclinuxguruCommented:
We use Puremessage from Sophos. It cleans up the spam before it reaches the end user and it does antivirus.

Think they have a trial version available.

Once you get some control of the incoming spam use the Best Practices tool on your exchange server to check your exchange server setup. Little things like being an open relay will get you on a blacklist.
0
isaman07Commented:
What version of exchange? Is IMF enabled?
0
mcleevesAuthor Commented:
The Exchange server is 2007.  This is the package that came with the Small Business 2008 server.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

isaman07Commented:
Do you have content filtering enabled? Check it under anti spam settings. I know SBS comes with anti spam installed but not enabled, You will need to enable atleast the content filtering. If it is not installed then you will need to perform the following through the exchange shell

install-AntispamAgents.ps1
followed by
Restart-Service MSExchangeTransport

http://technet.microsoft.com/en-us/library/bb201691.aspx
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TymetwisterCommented:
Try using a program like Barracuda or Postini, if they are just getting spam emails it doesn't necessarily sound like an infection but that their actual email address was compromised somehow and fell into the hands of a spam company.
0
mcleevesAuthor Commented:
I have resolved the issue.  Your post helped me investigate additional resources.  This is what I did that finally resolved the problem:

1. Setup a SPF record with the hosting company
2. Revised the content filter settings
3. I created a Quarantine email account and forwarded all level 6 email to that location
3. I then setup all level 8 and above email to be deleted automatically.
4. Level 7 goes into the users spam folder for them to determine.
5. Made sure the blacklisting issues were clean.

All seems to be quiet now.  The user has not complained since this security is in place.

Thank you for your efforts.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.