David11011
asked on
Spam through a specific user exchange 2003
So, I checked our Exchange 2003 mail queue this morning and saw that there were 4,019 spam emails sitting in the mail queue. I turned up the logging settings for authentication and SMTP protocol. After reviewing the event logs I determined that that the spammers were authenticating through sales@mydomain.com. I disabled this account and there is no more spam entering the queue. When I re-enable the account a large number of spam emails enter the mail queue every few minutes. I reset the password to this account thinking that that would eliminate the spammers ability to use it to authenticate but spam is still piling in.
I disabled the sales@mydomain.com account again and haven't seen any spam in the queue for a while now. How can I keep this account active without allowing the spammers to authenticate against it? I would think that changing the password would work but it doesn't. Any ideas?
I disabled the sales@mydomain.com account again and haven't seen any spam in the queue for a while now. How can I keep this account active without allowing the spammers to authenticate against it? I would think that changing the password would work but it doesn't. Any ideas?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Restarting the SMTP server did the trick. I figured that the user authenticated against the domain controller every time it sends or receives an email. I guess I was wrong. You have to restart the SMTP service for password changes on the domain controller to take effect on the exchange server.