Company mail server being used as a spam relay
Posted on 2012-08-15
Our Imail server is being used to relay large amounts of spam. The spam fills the spool, backs up legitimate messages, and sometimes even crashes the Imail. This is a huge problem for us as we manage email domains for external clients and they are affected by this.
My colleague and I are baffled as to how the spammer is pulling this off. For one, we have Imail configured to only send mail to domains that we manage. It is specifically configured not to send any email to outside domains (Yahoo, Hotmail, Gmail, ect... where most of the spam is going). Additionally, we've added the spammer's email to Imail's "kill list" which should block him, but he is still getting through. I've looking up the IP that the spam is coming from and blocked port 25 for that IP on our firewall. Somehow, spam is still getting through.
After blocking the email and IP, spam continued to come in (and be relayed successfully) from the email account in question. After a few hours, spam started coming in from a new email address. Experts, we are baffled! Please, any suggestions would be appreciated. I can provide any other info you may need.