Stop Spam From the Inside by Locking Down SMTP

Hi All

       how do i Stop Spam From the Inside by Locking Down SMTP, some people from outside using smtp auth mail relay on my exchange server, how do i restrict mail relay by using smtp auth ? can i block it by specific public ip addresses ? for example if someone using amtp auth with public ip from outside network, can my exchange block the remote ip using smtp auth other than the internal subnet from exchange server ?

Keith
piaakitAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Simon Butler (Sembee)ConsultantCommented:
Version of Exchange would help here.
Depending on the version of Exchange depends on what you need to do.

Exchange 2003 is very different to Exchange 2007/2010.

You should also identify which account is being abused to send the spam as well. You can do that from the event viewer.

Simon.
0
piaakitAuthor Commented:
From event viewer can see which account abused to send spam ?
0
Simon Butler (Sembee)ConsultantCommented:
You need to state which version of Exchange it is first.

There are currently six versions of Exchange in active use (some more than others) and they all work in different ways.

Simon.
0
piaakitAuthor Commented:
currently using exchange 2010 sp3 with latest rollup 9
0
Simon Butler (Sembee)ConsultantCommented:
Authenticated relaying is not enabled by default on port 25.
If you don't need it, then disable it. Disable the option Exchange Users on the Default Receive Connector.

The account being abused should show in the security log of the Exchange server. However the most common account to be attacked is the Administrator account.

You need to be very careful with restrictions by IP address, because the default Receive Connector is how you receive email from the internet. Therefore unless you are using an external spam filtering source, you cannot lock down the use of that connector. The most you can do is restrict the internal users from using it by adjusting the parameters on the Default Receive Connector within the Allow Connections from section.

Simon.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.