• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 214
  • Last Modified:

ISP denied send ability due to SPAM increase using Exchange 2007


Our ISP has blocked use of our send ability. presumably someone is relaying SPAM through our server. I have checked all AV and malware software is up to date on each of our clients (about 15) but the SPAM is still being queued. Is there a way to find where this is coming from as they wont give us a connection until it is resolved. The messages in the Exchange queue all have the from address as <> and they are all SPAM. We are generating about 100 per hour.

Is it worth changing the user passwords on the server ?

Is it just a server issue or could the clients be causing the problem - if so would disconnecting the clients help the problem ?

I am not overly technical so if anyone is able to offer any suggestions please keep them simple.

1 Solution
Simon Butler (Sembee)ConsultantCommented:
Have you got recipient filtering enabled? If not then it is probably NDR spam. This is where email is sent to your server with invalid recipients on purpose. The server then bounces the email to the "sender" which is the actual target of the spam.

If it was authenticated relaying then I would expect to see actual from addresses rather than <>

best start monitoring your exchange server wireshark. Before capturing, clear the queue. Port 25 messages are easily read, but it it's originating from an Outlook client, it's much harder to read. just ask everyone to leave their PC alone for a while and check email activity in the server. if nothing happens, it could be that the spam starts generating only after Outlook is used.So then ask users to start Outlook and leave the pc alone.
If the machine is affected by Bot or any other malware this issue will occur.

How about your Public IP is it black listed? and how about the IP reputation?

Go to www.mxtoolbox.com enter your IP address under Black list section and check.

If your Public IP is black listed then you need to delist by contacting your ISP or by contacting the concern RBL, like Barracuda,CBL etc.

After this your email flow will start working. Again run virus scan in your server and ensure the server is not affected by spyware, malware etc.

Imran Shariff
Jezza1505Author Commented:
In the end our IT consultant sorted the problem out - I'm not sure what he did or whether he used the information provided by the Experts. So I'm closing this question. Thanks for your help in stressfull times though.

Jezza1505Author Commented:
Our IT consultant fixed the problem and I am unsure as to what he actually did.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now