exchange 2003 Distribution Group sends spam

I think my one of exchange 2003 Distribution Group sends spam .There are 4 persons in this group.I removed all from list.
But anyway NDR mail from otherside server comes.
Exchasnge server waitingtools shows notthing only logs says mail sended.after that Mail delivery system mail comes.

Idea? what can i do?
apollo-13Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

KimputerCommented:
Can you show a bit of that log that says the spam mail was sent from your side?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Marshal HubsEmail ConsultantCommented:
Please go though this resource http://technet.microsoft.com/en-us/library/aa996956(v=exchg.65).aspx to know how to set restriction on Distribution Group to avoid Spam
0
apollo-13Author Commented:
which options do i need to choose here?

-Click From everyone to allow authenticated users to send mail to the selected distribution list.
-Click Only from to specify a select set of authenticated users or groups that can send messages to the selected distribution list. Click Add to specify the users or groups you want to allow to send messages to this distribution list.
-Click From everyone except to allow all authenticated users but a select set to send to the selected distribution list. Click Add to specify the list of users or groups that you do not want to allow to send messages to this distribution list.
Leave From authenticated users only cleared. If you leave this check box cleared, the following options are implemented as such:

Click From everyone to allow anyone to send messages to the selected distribution list. This includes anonymous users from the Internet.
Click Only from to specify a select set of users or groups that can send messages to the selected distribution list. Click Add to specify the users or groups you want to allow to send messages to this distribution list.
Click From everyone except to allow everyone but a select set of users or groups to send to the selected distribution list. Click Add to specify the list of users or groups you do not want to allow to send messages to this distribution list. These users or groups can be authenticated users or anonymous users.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

KimputerCommented:
This solution is for INCOMING spam only. You told us about OUTGOING spam, correct ? If so, provide the log file which proves this and give us more info on how to solve it.
0
apollo-13Author Commented:
yes OUTGOING spam ,I think because i get NDR mail from other server.
0
apollo-13Author Commented:
but logs says always other mails address but changehiereverytime@mail.ru
0
KimputerCommented:
Do you have a part of the log you can show us? Or you only have the NDR?
0
apollo-13Author Commented:
NDR:
This is the mail system at host abk.adi-biznes-karta.ru.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<maclub@mail.ru>: host mxs.mail.ru[217.69.139.150] said: 550 spam message
    rejected. Please visit
    http://help.mail.ru/notspam-support/id?c=q6j9jqT57VUACSR4hBoWsQXBjCPUMdQhYKKcj1vWS9AIAAAA4JkAAPJdWyQ~
    or  report details to abuse@corp.mail.ru. Error code:
    8EFDA8AB55EDF9A478240900B1161A84238CC10521D431D48F9CA260D04BD65B. ID:
    00000008000099E0245B5DF2. (in reply to end of DATA command)
0
KimputerCommented:
You are confusing an NDR as a log for sending. An NDR doesn't mean you actually sent it. Therefore I asked for a piece or your SMTP log where you contacted this mxs.mail.ru server.
Please note, you can receive thousand or even millions of NDR's, even if you never sent spam.
NDR are based on the FROM header. As you may know, ANYONE on the Internet can set this FROM header in his email client, and there are usually no checks performed for that validity. So if I set my FROM address to that distribution address, then send out spam to mail.ru, YOU will get the NDR!
To know if you sent out spam or not, you have to check your SMTP logs for outgoing connections to mxs.mail.ru, OR the NDR has to be clear between which two servers it was talking. In this case  abk.adi-biznes-karta.ru was talking to mxs.mail.ru. If you do not recognise  abk.adi-biznes-karta.ru and have no contact with them and you never heard of them, it's clear that mailserver received the spam from another user (who has access to their system). You can just ignore this NDR, or you can force the sysadmin of that server to start investigating this matter.
If  abk.adi-biznes-karta.ru is YOUR SMTP relay, then you are probably sending out spam somehow, if not through the server, then through some Outlook client or maybe even a spambot in your network.
So now please let us know if you have any knowledge of this  abk.adi-biznes-karta.ru server?
0
Gareth GudgerCommented:
I wonder if this is just an NDR backscatter attack. :)

What are we using for antispam?
0
apollo-13Author Commented:
yes it is
local we use nothing ,we use ISP Spam filter ,but i think this is from local
0
KimputerCommented:
If you think it's local, why didn't you answer this question I posted before??
If  abk.adi-biznes-karta.ru is YOUR SMTP relay, then you are probably sending out spam somehow, if not through the server, then through some Outlook client or maybe even a spambot in your network.
 So now please let us know if you have any knowledge of this  abk.adi-biznes-karta.ru server?
0
Gareth GudgerCommented:
we use ISP Spam filter

How are you using your ISPs spam filter? Are your MX records pointing to them? Then your ISP forwards to you?

Is this a paid anti-spam solution or something free your ISP offers.

If free, its probably not all that good. I would recommend looking at Exchange Online Protection from Microsoft. Runs $1 per user / month and gets the job done. It will prevent NDR backscatter attacks. They also have a free trial.
http://products.office.com/en-us/exchange/microsoft-exchange-online-protection-email-filter-and-anti-spam-protection-email-security-email-spam
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.