Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 428
  • Last Modified:

spam looks like being sent from our server.

I was looking at message tracking log in our exchagne server 2003, some spam emails look like being sent from our email server(screen capture attached).
I restricted email relay in our server (screen capture attached) and tested using open relay test (http://www.checkor.com/), it blocks it properly. Where can I check how the spams being sent from in our email server?
hhhhhhhhhh.jpg
ggggggg.jpg
0
crcsupport
Asked:
crcsupport
1 Solution
 
Alan HardistyCommented:
My article discusses an Authenticated Relay situation (as well as an NDR attack) and due to the volume of Authenticated relay Attacks I have seen of late, I would suspect that this is what is happening.

Please have a read of my article and work through the logging level increase to isolate the account.

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2556-Why-are-my-outbound-queues-filling-up-with-mail-I-didn't-send.html

Also - please have a read of my two blog articles:

http://alanhardisty.wordpress.com/2010/09/28/increase-in-frequency-of-security-alerts-on-servers-from-hackers-trying-brute-force-password-programs/

http://alanhardisty.wordpress.com/2010/12/01/increase-in-hacker-attempts-on-windows-exchange-servers-one-way-to-slow-them-down/

The last blog entry has a quick fix which should stop the problem dead in it's tracks.

Alan
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now