Solved

SPAM email being sent through our Exchange server

Posted on 2014-02-07
5
536 Views
Last Modified: 2014-02-20
We are finding each night that someone is sending emails through our Exchange server from outside.  This is Exchange 2010 and I am certain that we have the open realy turned off.  In the Receive connector we do NOT have externally secured checked off on the Authentication tab.  I believe that is how you turn on or off an open realy.  I also have set on the network tab to only receive email from our internal networks.  However these emails are originating from ip addresses outside of our networks.  We have a Barracuda SPAM filtering gateway so all the spam is being stopped there, however, we want to find a way to say that only email FROM our organization is permitted on the Exchange server.  Last night the emails were all coming FROM test@live.com.  The night before they were coming from e-mails@yahoo.com.  Only email from tbj.org (our domain) should be permitted to leave our exchange server.

Can anyone help me to set this up?

Thanks!
0
Comment
Question by:pgoldwasser
  • 2
  • 2
5 Comments
 
LVL 15

Expert Comment

by:jerseysam
ID: 39841808
This could still be coming from an infected machine on your network.

Check your Event logs for ID 1708 and see if a user is hitting the exchange constantly. This may give you a clue.

Check tips:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2556-Why-are-my-outbound-queues-filling-up-with-mail-I-didn%27t-send.html
0
 
LVL 5

Expert Comment

by:Leon Kammer
ID: 39841898
Hi,

Just did a short test, and your server is not allowing external relays either to or from live.com or yahoo.com, so it must be internal. (i have removed the ip and your servername)

Connecting to

220 ESMTP [889 ms]
EHLO smtp.live.com
250- Hello smtp.live.com [65.55.172.254], pleased to meet you
250-SIZE 100000000
250-PIPELINING
250-8BITMIME
250 HELP [686 ms]
MAIL FROM: <me@live.com>
250 Sender <me@live.com> OK [686 ms]
RCPT TO: <me@yahoo.com>
550 relay not permitted [718 ms]

Cheers

Leon
0
 

Author Comment

by:pgoldwasser
ID: 39842347
No 1708 in my event logs.  I had thought it might be internal from the start, but when the emails would hit the server the source ip would show as outside ipaddresses.  I could find no evidence of internal ip addresses in any log that I look at.
0
 
LVL 5

Accepted Solution

by:
Leon Kammer earned 500 total points
ID: 39842384
Hi,

I noticed you are using barracuda.
Have you checked your barracuda filter outgoing rules?

Just tried again spoofing a domain name and got the response
RCPT TO: <hitchhiker@slartibartfast.co>
550 No such domain at this location

Cheers

Leon
0
 
LVL 15

Expert Comment

by:jerseysam
ID: 39842414
Make sure your server is patched.

Change pc passwords.

Update and run antivirus and malware checks on internal machines to be sure.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now