ISP denied send ability due to SPAM increase using Exchange 2007


Our ISP has blocked use of our send ability. presumably someone is relaying SPAM through our server. I have checked all AV and malware software is up to date on each of our clients (about 15) but the SPAM is still being queued. Is there a way to find where this is coming from as they wont give us a connection until it is resolved. The messages in the Exchange queue all have the from address as <> and they are all SPAM. We are generating about 100 per hour.

Is it worth changing the user passwords on the server ?

Is it just a server issue or could the clients be causing the problem - if so would disconnecting the clients help the problem ?

I am not overly technical so if anyone is able to offer any suggestions please keep them simple.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Simon Butler (Sembee)ConsultantCommented:
Have you got recipient filtering enabled? If not then it is probably NDR spam. This is where email is sent to your server with invalid recipients on purpose. The server then bounces the email to the "sender" which is the actual target of the spam.

If it was authenticated relaying then I would expect to see actual from addresses rather than <>

best start monitoring your exchange server wireshark. Before capturing, clear the queue. Port 25 messages are easily read, but it it's originating from an Outlook client, it's much harder to read. just ask everyone to leave their PC alone for a while and check email activity in the server. if nothing happens, it could be that the spam starts generating only after Outlook is used.So then ask users to start Outlook and leave the pc alone.
If the machine is affected by Bot or any other malware this issue will occur.

How about your Public IP is it black listed? and how about the IP reputation?

Go to enter your IP address under Black list section and check.

If your Public IP is black listed then you need to delist by contacting your ISP or by contacting the concern RBL, like Barracuda,CBL etc.

After this your email flow will start working. Again run virus scan in your server and ensure the server is not affected by spyware, malware etc.

Imran Shariff
Jezza1505Author Commented:
In the end our IT consultant sorted the problem out - I'm not sure what he did or whether he used the information provided by the Experts. So I'm closing this question. Thanks for your help in stressfull times though.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jezza1505Author Commented:
Our IT consultant fixed the problem and I am unsure as to what he actually did.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.