• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 430
  • Last Modified:

spam looks like being sent from our server.

I was looking at message tracking log in our exchagne server 2003, some spam emails look like being sent from our email server(screen capture attached).
I restricted email relay in our server (screen capture attached) and tested using open relay test (http://www.checkor.com/), it blocks it properly. Where can I check how the spams being sent from in our email server?
hhhhhhhhhh.jpg
ggggggg.jpg
0
crcsupport
Asked:
crcsupport
1 Solution
 
Alan HardistyCo-OwnerCommented:
My article discusses an Authenticated Relay situation (as well as an NDR attack) and due to the volume of Authenticated relay Attacks I have seen of late, I would suspect that this is what is happening.

Please have a read of my article and work through the logging level increase to isolate the account.

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2556-Why-are-my-outbound-queues-filling-up-with-mail-I-didn't-send.html

Also - please have a read of my two blog articles:

http://alanhardisty.wordpress.com/2010/09/28/increase-in-frequency-of-security-alerts-on-servers-from-hackers-trying-brute-force-password-programs/

http://alanhardisty.wordpress.com/2010/12/01/increase-in-hacker-attempts-on-windows-exchange-servers-one-way-to-slow-them-down/

The last blog entry has a quick fix which should stop the problem dead in it's tracks.

Alan
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now