Solved

exchange 2013 Sending out SPAM

Posted on 2015-01-12
2
698 Views
Last Modified: 2015-01-27
Hi Everyone,
We have an Exchange Server on Server 2012.
Everything has been working great.  But I noticed that somehow either the Server or a workstation got infected and was sending out SPAM.
So email goes out (monitored through the Queue Viewer in Toolbox) and gets stuck because most of it cannot be delivered.
When I look at the body of the message there is no sender, or the sender is blank like <>@mycompany.com
So I'm not sure who is infected.
How can I track down where the email is coming from?

I have:

Shut off all the systems connected to it (small network of 8 workstations)
Shut off the VPN
Scanned all the systems using Malware Bytes (Servers and Workstations)

I admit the Servers were freshly deployed and didn't have their own AV yet.  There is  a Hyper Host and 2 VMs, one the DC the other the Exchange Server.

Microsoft's Exchange Connectivity online tool says the server is not an open relay when I tested email to one of my accounts.

Any suggestions?

Thanks!
0
Comment
Question by:2ndFloor
2 Comments
 
LVL 22

Assisted Solution

by:Nick Rhode
Nick Rhode earned 250 total points
ID: 40545170
No workstations are acting suspicious?  Also what kind of filter do you have prior to mail hitting your exchange server?  Is this NDR spam from your exchange server sending out non delivery requests for non-existing users in the exchange database?  An external mail filter would take care of that by blocking all mail excluding existing users etc.  This type of spam is known a backscatter
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 250 total points
ID: 40545232
That's not spam - that is Backscatter - which means you are not filtering messages for invalid recipients and accept the emails, then when it is determined that the recipient doesn't exist, because your server accepted the message, it HAS to send back a Non-Delivery Report (NDR) message and that is what you are seeing in the queue with the sender as <> which is the administrator.

If you install / configure some Anti-Spam tools and at least enable Recipient Filtering, the problem will go away.

Alternatively, if your Exchange server isn't the 1st server to receive emails for your domain (e.g. you use a 3rd party for spam filtering), then they need to be performing recipient filtering).

Some useful reading:

http://www.msexchange.org/articles-tutorials/exchange-server-2013/security-message-hygiene/anti-spam-and-anti-malware-protection-exchange-2013-part1.html

Alan
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now