Solved

exchange 2003 Distribution Group sends spam

Posted on 2014-11-25
13
91 Views
Last Modified: 2014-12-02
I think my one of exchange 2003 Distribution Group sends spam .There are 4 persons in this group.I removed all from list.
But anyway NDR mail from otherside server comes.
Exchasnge server waitingtools shows notthing only logs says mail sended.after that Mail delivery system mail comes.

Idea? what can i do?
0
Comment
Question by:apollo-13
  • 5
  • 5
  • 2
  • +1
13 Comments
 
LVL 35

Accepted Solution

by:
Kimputer earned 313 total points
Comment Utility
Can you show a bit of that log that says the spam mail was sent from your side?
0
 
LVL 9

Assisted Solution

by:Marshal Hubs
Marshal Hubs earned 63 total points
Comment Utility
Please go though this resource http://technet.microsoft.com/en-us/library/aa996956(v=exchg.65).aspx to know how to set restriction on Distribution Group to avoid Spam
0
 

Author Comment

by:apollo-13
Comment Utility
which options do i need to choose here?

-Click From everyone to allow authenticated users to send mail to the selected distribution list.
-Click Only from to specify a select set of authenticated users or groups that can send messages to the selected distribution list. Click Add to specify the users or groups you want to allow to send messages to this distribution list.
-Click From everyone except to allow all authenticated users but a select set to send to the selected distribution list. Click Add to specify the list of users or groups that you do not want to allow to send messages to this distribution list.
Leave From authenticated users only cleared. If you leave this check box cleared, the following options are implemented as such:

Click From everyone to allow anyone to send messages to the selected distribution list. This includes anonymous users from the Internet.
Click Only from to specify a select set of users or groups that can send messages to the selected distribution list. Click Add to specify the users or groups you want to allow to send messages to this distribution list.
Click From everyone except to allow everyone but a select set of users or groups to send to the selected distribution list. Click Add to specify the list of users or groups you do not want to allow to send messages to this distribution list. These users or groups can be authenticated users or anonymous users.
0
 
LVL 35

Assisted Solution

by:Kimputer
Kimputer earned 313 total points
Comment Utility
This solution is for INCOMING spam only. You told us about OUTGOING spam, correct ? If so, provide the log file which proves this and give us more info on how to solve it.
0
 

Author Comment

by:apollo-13
Comment Utility
yes OUTGOING spam ,I think because i get NDR mail from other server.
0
 

Author Comment

by:apollo-13
Comment Utility
but logs says always other mails address but changehiereverytime@mail.ru
0
Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

 
LVL 35

Assisted Solution

by:Kimputer
Kimputer earned 313 total points
Comment Utility
Do you have a part of the log you can show us? Or you only have the NDR?
0
 

Author Comment

by:apollo-13
Comment Utility
NDR:
This is the mail system at host abk.adi-biznes-karta.ru.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<maclub@mail.ru>: host mxs.mail.ru[217.69.139.150] said: 550 spam message
    rejected. Please visit
    http://help.mail.ru/notspam-support/id?c=q6j9jqT57VUACSR4hBoWsQXBjCPUMdQhYKKcj1vWS9AIAAAA4JkAAPJdWyQ~
    or  report details to abuse@corp.mail.ru. Error code:
    8EFDA8AB55EDF9A478240900B1161A84238CC10521D431D48F9CA260D04BD65B. ID:
    00000008000099E0245B5DF2. (in reply to end of DATA command)
0
 
LVL 35

Assisted Solution

by:Kimputer
Kimputer earned 313 total points
Comment Utility
You are confusing an NDR as a log for sending. An NDR doesn't mean you actually sent it. Therefore I asked for a piece or your SMTP log where you contacted this mxs.mail.ru server.
Please note, you can receive thousand or even millions of NDR's, even if you never sent spam.
NDR are based on the FROM header. As you may know, ANYONE on the Internet can set this FROM header in his email client, and there are usually no checks performed for that validity. So if I set my FROM address to that distribution address, then send out spam to mail.ru, YOU will get the NDR!
To know if you sent out spam or not, you have to check your SMTP logs for outgoing connections to mxs.mail.ru, OR the NDR has to be clear between which two servers it was talking. In this case  abk.adi-biznes-karta.ru was talking to mxs.mail.ru. If you do not recognise  abk.adi-biznes-karta.ru and have no contact with them and you never heard of them, it's clear that mailserver received the spam from another user (who has access to their system). You can just ignore this NDR, or you can force the sysadmin of that server to start investigating this matter.
If  abk.adi-biznes-karta.ru is YOUR SMTP relay, then you are probably sending out spam somehow, if not through the server, then through some Outlook client or maybe even a spambot in your network.
So now please let us know if you have any knowledge of this  abk.adi-biznes-karta.ru server?
0
 
LVL 30

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 124 total points
Comment Utility
I wonder if this is just an NDR backscatter attack. :)

What are we using for antispam?
0
 

Author Comment

by:apollo-13
Comment Utility
yes it is
local we use nothing ,we use ISP Spam filter ,but i think this is from local
0
 
LVL 35

Assisted Solution

by:Kimputer
Kimputer earned 313 total points
Comment Utility
If you think it's local, why didn't you answer this question I posted before??
If  abk.adi-biznes-karta.ru is YOUR SMTP relay, then you are probably sending out spam somehow, if not through the server, then through some Outlook client or maybe even a spambot in your network.
 So now please let us know if you have any knowledge of this  abk.adi-biznes-karta.ru server?
0
 
LVL 30

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 124 total points
Comment Utility
we use ISP Spam filter

How are you using your ISPs spam filter? Are your MX records pointing to them? Then your ISP forwards to you?

Is this a paid anti-spam solution or something free your ISP offers.

If free, its probably not all that good. I would recommend looking at Exchange Online Protection from Microsoft. Runs $1 per user / month and gets the job done. It will prevent NDR backscatter attacks. They also have a free trial.
http://products.office.com/en-us/exchange/microsoft-exchange-online-protection-email-filter-and-anti-spam-protection-email-security-email-spam
0

Featured Post

Want to promote your upcoming event?

Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now