• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 289
  • Last Modified:

Spam through a specific user exchange 2003

So, I checked our Exchange 2003 mail queue this morning and saw that there were 4,019  spam emails sitting in the mail queue.  I turned up the logging settings for authentication and SMTP protocol. After reviewing the event logs I determined that that the spammers were authenticating through sales@mydomain.com. I disabled this account and there is no more spam entering the queue.  When I re-enable the account a large number of spam emails enter the mail queue every few minutes. I reset the password to this account thinking that that would eliminate the spammers ability to use it to authenticate but spam is still piling in.

I disabled the sales@mydomain.com account again and haven't seen any spam in the queue for a while now. How can I keep this account active without allowing the spammers to authenticate against it? I would think that changing the password would work but it doesn't. Any ideas?
0
David11011
Asked:
David11011
1 Solution
 
Alan HardistyCo-OwnerCommented:
After you have changed the password - you HAVE to restart the Simple Mail Transfer Protocol Service otherwise the spammers can still use the old username / password.

Once you have restarted the service, they will have to either work out the new password or find another account with a weak password to abuse.

Some useful reading for you from my blog:

http://alanhardisty.wordpress.com/2010/09/28/increase-in-frequency-of-security-alerts-on-servers-from-hackers-trying-brute-force-password-programs/

http://alanhardisty.wordpress.com/2010/12/01/increase-in-hacker-attempts-on-windows-exchange-servers-one-way-to-slow-them-down/

Alan
0
 
David11011Author Commented:
Thanks Alan,
Restarting the SMTP server did the trick. I figured that the user authenticated against the domain controller every time it sends or receives an email. I guess I was wrong. You have to restart the SMTP service for password changes on the domain controller to take effect on the exchange server.
0

Featured Post

Take Control of Web Hosting For Your Clients

As a web developer or IT admin, successfully managing multiple client accounts can be challenging. In this webinar we will look at the tools provided by Media Temple and Plesk to make managing your clients’ hosting easier.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now