Link to home
Start Free TrialLog in
Avatar of Jezza1505
Jezza1505

asked on

ISP denied send ability due to SPAM increase using Exchange 2007

Hi

Our ISP has blocked use of our send ability. presumably someone is relaying SPAM through our server. I have checked all AV and malware software is up to date on each of our clients (about 15) but the SPAM is still being queued. Is there a way to find where this is coming from as they wont give us a connection until it is resolved. The messages in the Exchange queue all have the from address as <> and they are all SPAM. We are generating about 100 per hour.

Is it worth changing the user passwords on the server ?

Is it just a server issue or could the clients be causing the problem - if so would disconnecting the clients help the problem ?

I am not overly technical so if anyone is able to offer any suggestions please keep them simple.

Thanks
Jeremy
Avatar of Simon Butler (Sembee)
Simon Butler (Sembee)
Flag of United Kingdom of Great Britain and Northern Ireland image

Have you got recipient filtering enabled? If not then it is probably NDR spam. This is where email is sent to your server with invalid recipients on purpose. The server then bounces the email to the "sender" which is the actual target of the spam.
http://semb.ee/filterunknown

If it was authenticated relaying then I would expect to see actual from addresses rather than <>

Simon.
Avatar of Kimputer
Kimputer

best start monitoring your exchange server wireshark. Before capturing, clear the queue. Port 25 messages are easily read, but it it's originating from an Outlook client, it's much harder to read. just ask everyone to leave their PC alone for a while and check email activity in the server. if nothing happens, it could be that the spam starts generating only after Outlook is used.So then ask users to start Outlook and leave the pc alone.
If the machine is affected by Bot or any other malware this issue will occur.

How about your Public IP is it black listed? and how about the IP reputation?

Go to www.mxtoolbox.com enter your IP address under Black list section and check.

If your Public IP is black listed then you need to delist by contacting your ISP or by contacting the concern RBL, like Barracuda,CBL etc.

After this your email flow will start working. Again run virus scan in your server and ensure the server is not affected by spyware, malware etc.

Regards
Imran Shariff
ASKER CERTIFIED SOLUTION
Avatar of Jezza1505
Jezza1505

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Jezza1505

ASKER

Our IT consultant fixed the problem and I am unsure as to what he actually did.