• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 657
  • Last Modified:

Spam emails filling up Exchange 2003 Queue

All

I'm at my wits end.  I have a sbs 2003 with exchange and the queue seem to be constantly filling up.  I scanned pcs and servers with Malware Bytes, combofix, and Symantec.  Under the default virtual server I see some connections under the [current status].  These ips are known to be bad.  I terminate them but them come back after a while.  I need some program to trace where these are coming from.  I even shutdown every pc except the server and a couple other critical pcs.

help
0
jacobb_2000
Asked:
jacobb_2000
  • 3
  • 2
  • 2
  • +2
1 Solution
 
Alan HardistyCo-OwnerCommented:
My article discusses an Authenticated Relay situation (as well as an NDR attack) and due to the volume of Authenticated relay Attacks I have seen of late, I would suspect that this is what is happening.

Please have a read of my article and work through the logging level increase to isolate the account.

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2556-Why-are-my-outbound-queues-filling-up-with-mail-I-didn't-send.html

Also - please have a read of my two blog articles:

http://alanhardisty.wordpress.com/2010/09/28/increase-in-frequency-of-security-alerts-on-servers-from-hackers-trying-brute-force-password-programs/

http://alanhardisty.wordpress.com/2010/12/01/increase-in-hacker-attempts-on-windows-exchange-servers-one-way-to-slow-them-down/

The last blog entry has a quick fix which should stop the problem dead in it's tracks.

Alan
0
 
PradeepCommented:
Enable IMF settings and create a new Virtual SMTP server, rename the queue and restart the Smtp service.
0
 
GeodashCommented:
I had this happen to a client. We put them on MXLogic, tightened their firewall down to not accept or send ANY mail inbound or outbound unless it goes through MXLogic, it went away immediately.

It will take a long time to blacklist the IP ranges from China and Korea in your firewall.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
DLeaverCommented:
One way of stopping this when I have had this issue is adjusting the SMTP authentication/relay settings as I posted in this previous post here

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/SBS_Small_Business_Server/Q_27606804.html

This won't empty your queues once they are full but it should stop Exchange from getting full of SPAM once you have empted them- nice and simple
0
 
GeodashCommented:
What happened to a previous client of mine was they put the wrong setting somewhere in Exchange, I don't remember where, which allowed their server to be a relay from the web with some vulnerability on the server, Microsoft has patched it since. We fixed it and locked EVERYTHING down through MXLogic and the Sonicwall now absolutely nothing gets through.

There Queue was filling up with over 200,000k SPAM messages a day
0
 
jacobb_2000Author Commented:
Alan

I removed basic and integrated auth.  so far so good. let me give it a day or two and will give you the points if that solves the issues.
thx

Jake
0
 
GeodashCommented:
So removing basic and integrated auth, if a spammer out there is still sending say 2,000 mails per hour to your server, your server is still processing them, just not letting them through. There is still overhead and bandwidth and latency and everything else. I hope it fixes the issue.
0
 
jacobb_2000Author Commented:
Alan

so far all looking good.
thanks a lot.

I will give you all the points

jake
0
 
Alan HardistyCo-OwnerCommented:
Thanks Jake - glad your problem is sorted and thanks for the points.

Alan
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 3
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now