Solved

Exchange 2003 Sending Spam and IP Blocked

Posted on 2014-01-15
10
377 Views
Last Modified: 2014-01-15
Hi,

I have a issue with a Exchange 2003 server, for the last 2 x days it keeps getting black listed by spamhaus as something is sending spam out, we have checked Anti Virus and all seems ok, any ideas where to start ?

Regards
0
Comment
Question by:ComexIT
  • 5
  • 4
10 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39783690
My article is a good place to start and should hopefully help you nail the problem quickly so you can get off the blacklists and get your mail flowing again:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2556-Why-are-my-outbound-queues-filling-up-with-mail-I-didn't-send.html

Any questions, please ask.

Alan
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39783692
First - are you sure that it is Exchange?
If you look in the queues you will see messages hanging around if the server is being abused, because spammer's lists are not very clean.
If the queues are clean, then the source isn't Exchange.

The next step is to simply block SMTP traffic on the firewall except from the Exchange server. Turn on logging and wait. A compromised workstation will soon appear on the logs and can be found and removed.

If you do have messages in the queues on the Exchange server, it is unlikely to be malware, just a compromised account being used to send out spam.

Simon.
0
 

Author Comment

by:ComexIT
ID: 39783700
Thanks Simon, do you have a list of steps for me to check etc ?

Thanks
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39783709
Try reading my article - link above.

Alan
0
 

Author Comment

by:ComexIT
ID: 39783748
Thanks Alan,

I think its the ndr version as it shows from postmaster@domain etc, I have applied the filter etc, Do i need to clear the ques ?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39783774
You should do - it will be NDR's going back to invalid addresses, and you don't want to hit any more blacklists sites and get blacklisted.

Are you on Backscatterer.org?

Alan
0
 

Author Comment

by:ComexIT
ID: 39783789
it says not listed but was before etc
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39783797
Good - let's hope you stay that way.

Have you resolved the Recipient Filtering yet so it doesn't happen again?

Alan
0
 

Author Comment

by:ComexIT
ID: 39783807
yes i have enabled the receip filter etc so that should now be ok, why does it happen .... it's a real pain, we thought it was a pc in network etc
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 39783822
Spammers having fun!  God knows why, but they like to see if they can send their crap out and bombard servers with all manner of rubbish in the hope that one or two make it through and as a result of you not filtering the recipient, the server has to send back NDR's and as the sender addresses are spoofed, some of the NDR's hit unpublished email addresses specifically designed to catch spam and you got caught not filtering invalid recipients.

Hopefully you don't get caught by the other option in my article as that can be very messy and a bit harder to isolate.

Alan
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange 2013 DL hack 4 38
exchange 2007, exchange 2010, exchange 2013 9 23
Restored mailboxes and OST 11 36
exchange , office 365 3 20
Read this checklist to learn more about the 15 things you should never include in an email signature.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question