Lanee Kirby
asked on
Spam emails being sent out through my Excahnge 2010 server
I have an Exchange 2010 server and it is now sending out emails by the hundreds from one internal email address that we actually use for our backups. It is backup@xxxxx.com. I need help getting this to stop or correcting this. I am just not sure where to go. This is actually an email address that we used to use and have but no longer do.
Thanks
Lanee
Thanks
Lanee
Also make sure your port 25 receive connector isn't configured as an open relay. If you've configured an Open Relay connector for internal devices, make sure it isn't set up to allow access from the Internet.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
First change the password of that account and if you are not using that account disable it.
then start on working spam prevention and loopholes in your environment .
then start on working spam prevention and loopholes in your environment .
ASKER
I have checked the logs and it appears as if we are being a relay for another external server. I did find several connectors that did have externally secure checked and I have now corrected that and I have made sure to uncheck aounomous from the permissions that several connectors had checked. I have rebooted my server but the email queue is still growing by about 2-3 messages a minute. I am not sure what else to try. Any other suggestions?
Are the new emails (queue growing) also from an external source?
ASKER
Thanks That did it. Changed the password and made the necessary corrections to the connectors. Thanks all!
The queues growing is to be expected, but that doesn't mean the problem is still there.
The Exchange queue viewer is not capable of displaying everything that is in the queue when there are a large number of messages in the queue.
Therefore as emails are delivered, more are shown. I have seen queues "grow" on a system that is completely disconnected from the internet because of that fact, so don't worry on that score.
Have you changed the password for that account? If not, then you need to - anything else is a waste of time until you do.
The Exchange queue viewer is not capable of displaying everything that is in the queue when there are a large number of messages in the queue.
Therefore as emails are delivered, more are shown. I have seen queues "grow" on a system that is completely disconnected from the internet because of that fact, so don't worry on that score.
Have you changed the password for that account? If not, then you need to - anything else is a waste of time until you do.
ASKER
I did change the password for that account and no more messages in the queue. However, now I cannot receive any external email. Ugh!
Check the main Exchange setup for that
ASKER
Finding the account that was compromised and changing the password fixed my issue. Thanks so much!!
Can you look at the Exchange Logs and see who (what machine) is sending out the emails via Exchange.