?
Solved

Need help troubleshooting spam sent from my server

Posted on 2012-08-19
4
Medium Priority
?
621 Views
Last Modified: 2012-08-20
I've just noticed that over the last few days, my exchange server has recorded a bunch of NDR's in the event log. It looks like my server is being used to spam, and my IP is starting to show up on a few blacklists. I'm not sure what the source of the trouble is, and I could use some assistance in tracking this down.

I haven't seen any suspicious activity for about a day, and I've just now enabled message tracking on my server, so (as far as I know) I can't use the message tracking center for any of these messages.

I've run some web-based tests to confirm that I'm not an open relay.

Any suggestions for locating the source of this?
0
Comment
Question by:brandonrainbolt
  • 2
  • 2
4 Comments
 
LVL 33

Accepted Solution

by:
Exchange_Geek earned 2000 total points
ID: 38309815
Read the following article to confirm your box isn't open for relay

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_238-How-to-check-if-your-Exchange-Server-is-open-for-relay.html

AND the following article by a fellow EE Alan for fighting Spam on your server.

http://alanhardisty.wordpress.com/2010/02/25/how-to-prevent-spoofed-emails-in-exchange-2003/

If you have any questions, feel free to ask.

Regards,
Exchange_Geek
0
 

Author Comment

by:brandonrainbolt
ID: 38309831
Thanks for the reply. Any suggestions for getting information on the messages that were sent? I'd really like to know if they originated from a particular user or ip address. Anything along those line that I might use to track down the source of the issue.
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 38309912
There is only two ways to track such emails -

1) Using Message Tracking logs
2) Using SMTP VS logs (NCSA).

Check for SMTP virtual Server setting - and see if there is any logging enabled on it.

You'll find this at Server -> protocol -> SMTP -> Default SMTP VS -> properties

Regards,
Exchange_Geek
0
 

Author Closing Comment

by:brandonrainbolt
ID: 38313969
thanks
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
If you have come across a situation where you need to find some EDB mailbox recovery techniques, then here you will find the same. In this article, we will take you through three techniques using which you will be able to perform EDB recovery. You …
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question