Exchange 2003 Sending Spam and IP Blocked

My article is a good place to start and should hopefully help you nail the problem quickly so you can get off the blacklists and get your mail flowing again:

https://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2556-Why-are-my-outbound-queues-filling-up-with-mail-I-didn't-send.html

Any questions, please ask.

Alan

First - are you sure that it is Exchange?
If you look in the queues you will see messages hanging around if the server is being abused, because spammer's lists are not very clean.
If the queues are clean, then the source isn't Exchange.

The next step is to simply block SMTP traffic on the firewall except from the Exchange server. Turn on logging and wait. A compromised workstation will soon appear on the logs and can be found and removed.

If you do have messages in the queues on the Exchange server, it is unlikely to be malware, just a compromised account being used to send out spam.

Simon.

Thanks Simon, do you have a list of steps for me to check etc ?

Thanks

Try reading my article - link above.

Alan

Thanks Alan,

I think its the ndr version as it shows from postmaster@domain etc, I have applied the filter etc, Do i need to clear the ques ?

You should do - it will be NDR's going back to invalid addresses, and you don't want to hit any more blacklists sites and get blacklisted.

Are you on Backscatterer.org?

Alan

it says not listed but was before etc

Good - let's hope you stay that way.

Have you resolved the Recipient Filtering yet so it doesn't happen again?

Alan

yes i have enabled the receip filter etc so that should now be ok, why does it happen .... it's a real pain, we thought it was a pc in network etc