Solved

Exchange Email Spam

Posted on 2012-03-13
6
392 Views
Last Modified: 2012-03-15
I have an account using exchange email.  There domain has become infected somehow.  Two of the users are getting regular spam and the MX Lookup tool has had their account on suspended with some of the companies.  This is what has been done:

1. Full virus and malware scans (21 infections killed) on all  the machines using the domain.
2. Changed all of the machine passwords
3. Restored the reference to any companies listing the domain on the blacklist (CBL)
4. Registered the domain with emailreg

Two of the clients are still getting up to 150 spam emails a day.  They are going directly into the junk mail account but we need to stop the access.  Is there a way this can happen?
0
Comment
Question by:mcleeves
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 10

Expert Comment

by:pclinuxguru
ID: 37715525
We use Puremessage from Sophos. It cleans up the spam before it reaches the end user and it does antivirus.

Think they have a trial version available.

Once you get some control of the incoming spam use the Best Practices tool on your exchange server to check your exchange server setup. Little things like being an open relay will get you on a blacklist.
0
 
LVL 14

Expert Comment

by:isaman07
ID: 37715550
What version of exchange? Is IMF enabled?
0
 
LVL 3

Author Comment

by:mcleeves
ID: 37715794
The Exchange server is 2007.  This is the package that came with the Small Business 2008 server.
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 
LVL 14

Accepted Solution

by:
isaman07 earned 500 total points
ID: 37715865
Do you have content filtering enabled? Check it under anti spam settings. I know SBS comes with anti spam installed but not enabled, You will need to enable atleast the content filtering. If it is not installed then you will need to perform the following through the exchange shell

install-AntispamAgents.ps1
followed by
Restart-Service MSExchangeTransport

http://technet.microsoft.com/en-us/library/bb201691.aspx
0
 
LVL 8

Expert Comment

by:Tymetwister
ID: 37716646
Try using a program like Barracuda or Postini, if they are just getting spam emails it doesn't necessarily sound like an infection but that their actual email address was compromised somehow and fell into the hands of a spam company.
0
 
LVL 3

Author Closing Comment

by:mcleeves
ID: 37725867
I have resolved the issue.  Your post helped me investigate additional resources.  This is what I did that finally resolved the problem:

1. Setup a SPF record with the hosting company
2. Revised the content filter settings
3. I created a Quarantine email account and forwarded all level 6 email to that location
3. I then setup all level 8 and above email to be deleted automatically.
4. Level 7 goes into the users spam folder for them to determine.
5. Made sure the blacklisting issues were clean.

All seems to be quiet now.  The user has not complained since this security is in place.

Thank you for your efforts.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question