SPAM email being sent through our Exchange server

Posted on 2014-02-07
Last Modified: 2014-02-20
We are finding each night that someone is sending emails through our Exchange server from outside.  This is Exchange 2010 and I am certain that we have the open realy turned off.  In the Receive connector we do NOT have externally secured checked off on the Authentication tab.  I believe that is how you turn on or off an open realy.  I also have set on the network tab to only receive email from our internal networks.  However these emails are originating from ip addresses outside of our networks.  We have a Barracuda SPAM filtering gateway so all the spam is being stopped there, however, we want to find a way to say that only email FROM our organization is permitted on the Exchange server.  Last night the emails were all coming FROM  The night before they were coming from  Only email from (our domain) should be permitted to leave our exchange server.

Can anyone help me to set this up?

Question by:pgoldwasser
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 15

Expert Comment

ID: 39841808
This could still be coming from an infected machine on your network.

Check your Event logs for ID 1708 and see if a user is hitting the exchange constantly. This may give you a clue.

Check tips:

Expert Comment

by:Leon Kammer
ID: 39841898

Just did a short test, and your server is not allowing external relays either to or from or, so it must be internal. (i have removed the ip and your servername)

Connecting to

220 ESMTP [889 ms]
250- Hello [], pleased to meet you
250-SIZE 100000000
250 HELP [686 ms]
250 Sender <> OK [686 ms]
550 relay not permitted [718 ms]



Author Comment

ID: 39842347
No 1708 in my event logs.  I had thought it might be internal from the start, but when the emails would hit the server the source ip would show as outside ipaddresses.  I could find no evidence of internal ip addresses in any log that I look at.

Accepted Solution

Leon Kammer earned 500 total points
ID: 39842384

I noticed you are using barracuda.
Have you checked your barracuda filter outgoing rules?

Just tried again spoofing a domain name and got the response
550 No such domain at this location


LVL 15

Expert Comment

ID: 39842414
Make sure your server is patched.

Change pc passwords.

Update and run antivirus and malware checks on internal machines to be sure.

Featured Post

Comparison of Amazon Drive, Google Drive, OneDrive

What is Best for Backup: Amazon Drive, Google Drive or MS OneDrive? In this free whitepaper we look at their performance, pricing, and platform availability to help you decide which cloud drive is right for your situation. Download and read the results of our testing for free!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Server error: '550 5.7.1 Unable to relay' 2 29
Outlook Outbox Messages in Exchange 4 28
Block Hacker? 2 38
Exchange 2010 3 32
Find out what you should include to make the best professional email signature for your organization.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question