Help with Exchange tools and configuration

I need to assist a school in hardening their Exchange 2010 server. From what I have learned, users are getting bogus email about their mailbox and are clicking on the link provided in the message. This is somehow providing a pipe for spammers to use them as a relay through the schools internal mail server. They are being put on many blacklist because of this.

I need to help them harden up the configuration to prevent this and hopefully identify the local machine that is being used as the middle man.

I am not an expert with Exchange and could use some guidance in my effort to help them.
tamray_techAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

TheBDPSr. Sys EngineerCommented:
First things first.

Put the domain name into something like http://www.mxtoolbox.com and check for results

I'm guessing open relay to start with, but there are too many factors here to just guess at.

Do you have any error messages? Is anything in the exchange Logs? When you run best practice analyzer what are the results?

We're going to need as much information as you can provide.

Lastly Exchange is a pretty big deal. I would highly suggest engaging a 3rd party consultant.

Knowing when you're in over your head is half the battle.

*Disclaimer - I'd make sure you have a full backup of whatever you're working on and have a documented configuration of your current server before making any changes. You have no idea what they have done to get it working. So they very well might not be following any standards and nothing is like a normal install.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
achaldaveCommented:
You need spam filter device, application or hosted service these are some of the products which offer both in house or hosted solution.
http://www.gfi.com/products-and-solutions/email-and-messaging-solutions/gfi-mailessentials
http://www.trendmicro.com/us/small-business/hosted-email-security/index.html
http://technet.microsoft.com/en-us/forefront/ee708281.aspx
https://www.barracuda.com/
http://www.cisco.com/web/about/ac49/ac0/ac1/ac259/ironport.html

You can check with the school they might already have forefront online protection available with their license

You need to disable any open relay on the server to prevent outbound spams
http://alanhardisty.wordpress.com/2010/07/12/how-to-close-an-open-relay-in-exchange-2007-2010/
0
tamray_techAuthor Commented:
I will need to get more concrete information, but an initial test shows the domain is not on any of the 90 blacklist and is not accessible as an open relay when tested at mxtoolbox.com

The problem, as described to me, is that the internal users pc is somehow the conduit to relay through the Exchange server. I will know more tomorrow. We have firewall rules in place that only allow access to port 25 on their public IP from my mailscanner servers, and that was confirmed with the test.
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
My recommendation would be to outsource the anti-spam and anti-virus to a vendor such as FuseMail.com where your MX would be pointing to their servers, they will cleanse the messages and then forward it to your Exchange.  Your Exchange will be configured to relay all messages through their servers.  And the beauty of it is that would cost $2 to $3 per month and no admin work.
0
Simon Butler (Sembee)ConsultantCommented:
You need to be sure the email is coming from an internal source first. I would doubt if it is. To be an internal source it would have to be highly targetted. It is much easier for a spammer to just write a script that sends to the domain example.com and mentions example.com through the email message (Depending on the to email address).
If tha tis the case, then a decent antispam tool should catch it. SPF records setup correctly and antispam tools inside would also catch a lot of it. No need to outsource the filtering at all.

Simon.
0
tamray_techAuthor Commented:
School hired an exchange expert to deal with the issue.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.