Fernando Marambio
asked on
Exchange 2007 Queue full with fake domains
We have a SBS 2008 with Exchange 2007 SP3 Build 08.03.0444.000
The message queue is full of fake domains
We are not being black listed but ISP like bigpond are rejecting our emails because or senders score rate is below 20
We are using our own public IP address to send out emails as our ISP doesnt have a smtp relay
i have created a Dmarc record
Im not sure if i need a spf records as well
When we send emails to these domain names first we get a delayed bounce back after some time and then we get a failed email later after that
we use Trend Micro Worry Free Advance as a spam filter on the server
i have contacted the support department and they said the software only filters incoming emails not out going
I'm not sure on how to stop these fake domains coming into the queue
Exchange-Build-Number.JPG
Exchange-Queue-viewer.JPG
The message queue is full of fake domains
We are not being black listed but ISP like bigpond are rejecting our emails because or senders score rate is below 20
We are using our own public IP address to send out emails as our ISP doesnt have a smtp relay
i have created a Dmarc record
Im not sure if i need a spf records as well
When we send emails to these domain names first we get a delayed bounce back after some time and then we get a failed email later after that
we use Trend Micro Worry Free Advance as a spam filter on the server
i have contacted the support department and they said the software only filters incoming emails not out going
I'm not sure on how to stop these fake domains coming into the queue
Exchange-Build-Number.JPG
Exchange-Queue-viewer.JPG
Last Comment
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thanks for the comments
below is the information from the command
also im running malware bytes now
MaxInboundConnectionPerSou
MaxInboundConnectionPercen
MaxHeaderSize : 64KB
MaxHopCount : 30
MaxLocalHopCount : 8
MaxLogonFailures : 3
MaxMessageSize : 150240KB
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 5000
PermissionGroups : ExchangeUsers, ExchangeServers, Excha
ngeLegacyServers
PipeliningEnabled : True
ProtocolLoggingLevel : None
RemoteIPRanges : {192.168.100.2-192.168.100
68.100.0-192.168.100.0}
RequireEHLODomain : False
RequireTLS : False
EnableAuthGSSAPI : False
ExtendedProtectionPolicy : None
ExtendedProtectionTlsTermi
Server : LIL-SYD-SVR01
SizeEnabled : EnabledWithoutValue
TarpitInterval : 00:00:05
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : Default LIL-SYD-SVR01
DistinguishedName : CN=Default LIL-SYD-SVR01,CN=SMTP Rece
ive Connectors,CN=Protocols,CN
D-SVR01,CN=Servers,CN=Exch
strative Group (FYDIBOHF23SPDLT),CN=A
dministrative Groups,CN=First Organiz
ation,CN=Microsoft Exchange,CN=Servic
es,CN=Configuration,DC=lil
Identity : LIL-SYD-SVR01\Default LIL-SYD-SVR01
Guid : 839b328d-d5c4-435d-8fa6-90
ObjectCategory : lily.local/Configuration/S
ch-Smtp-Receive-Connector
ObjectClass : {top, msExchSmtpReceiveConnector
WhenChanged : 27/07/2016 12:24:15 PM
WhenCreated : 28/03/2011 3:33:10 PM
OriginatingServer : LIL-SYD-SVR01.lily.local
IsValid : True
AuthMechanism : Tls
Banner :
BinaryMimeEnabled : True
Bindings : {192.168.100.2:25}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotification
EightBitMimeEnabled : True
DomainSecureEnabled : False
EnhancedStatusCodesEnabled
LongAddressesEnabled : False
OrarEnabled : False
Fqdn : remote.domainname.com.au
Comment :
Enabled : True
ConnectionTimeout : 00:10:00
ConnectionInactivityTimeou
MessageRateLimit : unlimited
MaxInboundConnection : 5000
MaxInboundConnectionPerSou
MaxInboundConnectionPercen
MaxHeaderSize : 64KB
MaxHopCount : 30
MaxLocalHopCount : 8
MaxLogonFailures : 3
MaxMessageSize : 150240KB
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 200
PermissionGroups : AnonymousUsers
PipeliningEnabled : True
ProtocolLoggingLevel : None
RemoteIPRanges : {192.168.101.0-255.255.255
68.100.254-192.168.100.254
92.168.99.255}
RequireEHLODomain : False
RequireTLS : False
EnableAuthGSSAPI : False
ExtendedProtectionPolicy : None
ExtendedProtectionTlsTermi
Server : LIL-SYD-SVR01
SizeEnabled : Enabled
TarpitInterval : 00:00:05
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : Windows SBS Internet Receive LIL-SYD-
SVR01
DistinguishedName : CN=Windows SBS Internet Receive LIL-S
YD-SVR01,CN=SMTP Receive Connectors,C
N=Protocols,CN=LIL-SYD-SVR
rs,CN=Exchange Administrative Group (
FYDIBOHF23SPDLT),CN=Admini
oups,CN=First Organization,CN=Microso
ft Exchange,CN=Services,CN=Co
ion,DC=lily,DC=local
Identity : LIL-SYD-SVR01\Windows SBS Internet Re
ceive LIL-SYD-SVR01
Guid : f28037af-681b-4304-afe0-18
ObjectCategory : lily.local/Configuration/S
ch-Smtp-Receive-Connector
ObjectClass : {top, msExchSmtpReceiveConnector
WhenChanged : 26/07/2016 5:01:00 PM
WhenCreated : 28/03/2013 9:32:27 AM
OriginatingServer : LIL-SYD-SVR01.lily.local
IsValid : True
AuthMechanism : BasicAuth
Banner :
BinaryMimeEnabled : True
Bindings : {127.0.0.1:25}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotification
EightBitMimeEnabled : True
DomainSecureEnabled : False
EnhancedStatusCodesEnabled
LongAddressesEnabled : False
OrarEnabled : False
Fqdn : LIL-SYD-SVR01.lily.local
Comment :
Enabled : True
ConnectionTimeout : 06:00:00
ConnectionInactivityTimeou
MessageRateLimit : unlimited
MaxInboundConnection : 5000
MaxInboundConnectionPerSou
MaxInboundConnectionPercen
MaxHeaderSize : 64KB
MaxHopCount : 30
MaxLocalHopCount : 8
MaxLogonFailures : 3
MaxMessageSize : 20240KB
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 200
PermissionGroups : AnonymousUsers, ExchangeUsers
PipeliningEnabled : True
ProtocolLoggingLevel : None
RemoteIPRanges : {127.0.0.1-127.0.0.1}
RequireEHLODomain : False
RequireTLS : False
EnableAuthGSSAPI : False
ExtendedProtectionPolicy : None
ExtendedProtectionTlsTermi
Server : LIL-SYD-SVR01
SizeEnabled : Enabled
TarpitInterval : 00:00:05
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : Windows SBS Fax Sharepoint Receive LI
L-SYD-SVR01
DistinguishedName : CN=Windows SBS Fax Sharepoint Receive
LIL-SYD-SVR01,CN=SMTP Receive Connec
tors,CN=Protocols,CN=LIL-S
=Servers,CN=Exchange Administrative G
roup (FYDIBOHF23SPDLT),CN=Admin
ive Groups,CN=First Organization,CN=M
icrosoft Exchange,CN=Services,CN=Co
iguration,DC=lily,DC=local
Identity : LIL-SYD-SVR01\Windows SBS Fax Sharepo
int Receive LIL-SYD-SVR01
Guid : 69b81e2e-a85c-468d-8cce-ac
ObjectCategory : lily.local/Configuration/S
ch-Smtp-Receive-Connector
ObjectClass : {top, msExchSmtpReceiveConnector
WhenChanged : 20/04/2015 2:32:57 PM
WhenCreated : 28/03/2013 9:32:27 AM
OriginatingServer : LIL-SYD-SVR01.lily.local
IsValid : True
AuthMechanism : Tls, Integrated, BasicAuth, BasicAuth
RequireTLS, ExchangeServer
Banner :
BinaryMimeEnabled : True
Bindings : {0.0.0.0:25}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotification
EightBitMimeEnabled : True
DomainSecureEnabled : False
EnhancedStatusCodesEnabled
LongAddressesEnabled : False
OrarEnabled : False
Fqdn : LIL-SYD-SVR01.lily.local
Comment :
Enabled : True
ConnectionTimeout : 00:10:00
ConnectionInactivityTimeou
MessageRateLimit : unlimited
MaxInboundConnection : 5000
MaxInboundConnectionPerSou
MaxInboundConnectionPercen
MaxHeaderSize : 64KB
MaxHopCount : 30
MaxLocalHopCount : 8
MaxLogonFailures : 3
MaxMessageSize : 1510240KB
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 200
PermissionGroups : ExchangeUsers, ExchangeServers, Excha
ngeLegacyServers
PipeliningEnabled : True
ProtocolLoggingLevel : None
RemoteIPRanges : {192.168.100.202, 192.168.100.200, 19
2.168.100.201}
RequireEHLODomain : False
RequireTLS : False
EnableAuthGSSAPI : False
ExtendedProtectionPolicy : None
ExtendedProtectionTlsTermi
Server : LIL-SYD-SVR01
SizeEnabled : Enabled
TarpitInterval : 00:00:05
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : Printer Relay
DistinguishedName : CN=Printer Relay,CN=SMTP Receive Conn
ectors,CN=Protocols,CN=LIL
CN=Servers,CN=Exchange Administrative
Group (FYDIBOHF23SPDLT),CN=Admin
ative Groups,CN=First Organization,CN
=Microsoft Exchange,CN=Services,CN=Co
nfiguration,DC=lily,DC=loc
Identity : LIL-SYD-SVR01\Printer Relay
Guid : 74106d93-aa0a-4226-9779-0d
ObjectCategory : lily.local/Configuration/S
ch-Smtp-Receive-Connector
ObjectClass : {top, msExchSmtpReceiveConnector
WhenChanged : 31/05/2017 11:47:44 AM
WhenCreated : 26/07/2016 4:48:48 PM
OriginatingServer : LIL-SYD-SVR01.lily.local
IsValid : True
AuthMechanism : Tls, Integrated
Banner :
BinaryMimeEnabled : True
Bindings : {0.0.0.0:587}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotification
EightBitMimeEnabled : True
DomainSecureEnabled : True
EnhancedStatusCodesEnabled
LongAddressesEnabled : False
OrarEnabled : False
Fqdn : remote.domainname.com.au
Comment :
Enabled : True
ConnectionTimeout : 00:10:00
ConnectionInactivityTimeou
MessageRateLimit : unlimited
MaxInboundConnection : 5000
MaxInboundConnectionPerSou
MaxInboundConnectionPercen
MaxHeaderSize : 64KB
MaxHopCount : 30
MaxLocalHopCount : 8
MaxLogonFailures : 3
MaxMessageSize : 10MB
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 200
PermissionGroups : ExchangeUsers, ExchangeServers, Excha
ngeLegacyServers
PipeliningEnabled : True
ProtocolLoggingLevel : None
RemoteIPRanges : {0.0.0.0-255.255.255.255}
RequireEHLODomain : False
RequireTLS : False
EnableAuthGSSAPI : False
ExtendedProtectionPolicy : None
ExtendedProtectionTlsTermi
Server : LIL-SYD-SVR01
SizeEnabled : Enabled
TarpitInterval : 00:00:05
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : POP3 Sending connector on Port 587
DistinguishedName : CN=POP3 Sending connector on Port 587
,CN=SMTP Receive Connectors,CN=Protoc
ols,CN=LIL-SYD-SVR01,CN=Se
change Administrative Group (FYDIBOHF
23SPDLT),CN=Administrative
First Organization,CN=Microsoft Excha
nge,CN=Services,CN=Configu
ily,DC=local
Identity : LIL-SYD-SVR01\POP3 Sending connector
on Port 587
Guid : 84aa9889-2130-4ea0-bef4-20
ObjectCategory : lily.local/Configuration/S
ch-Smtp-Receive-Connector
ObjectClass : {top, msExchSmtpReceiveConnector
WhenChanged : 16/06/2017 6:41:20 PM
WhenCreated : 2/06/2017 4:16:15 PM
OriginatingServer : LIL-SYD-SVR01.lily.local
IsValid : True
below is the information from the command
also im running malware bytes now
MaxInboundConnectionPerSou
MaxInboundConnectionPercen
MaxHeaderSize : 64KB
MaxHopCount : 30
MaxLocalHopCount : 8
MaxLogonFailures : 3
MaxMessageSize : 150240KB
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 5000
PermissionGroups : ExchangeUsers, ExchangeServers, Excha
ngeLegacyServers
PipeliningEnabled : True
ProtocolLoggingLevel : None
RemoteIPRanges : {192.168.100.2-192.168.100
68.100.0-192.168.100.0}
RequireEHLODomain : False
RequireTLS : False
EnableAuthGSSAPI : False
ExtendedProtectionPolicy : None
ExtendedProtectionTlsTermi
Server : LIL-SYD-SVR01
SizeEnabled : EnabledWithoutValue
TarpitInterval : 00:00:05
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : Default LIL-SYD-SVR01
DistinguishedName : CN=Default LIL-SYD-SVR01,CN=SMTP Rece
ive Connectors,CN=Protocols,CN
D-SVR01,CN=Servers,CN=Exch
strative Group (FYDIBOHF23SPDLT),CN=A
dministrative Groups,CN=First Organiz
ation,CN=Microsoft Exchange,CN=Servic
es,CN=Configuration,DC=lil
Identity : LIL-SYD-SVR01\Default LIL-SYD-SVR01
Guid : 839b328d-d5c4-435d-8fa6-90
ObjectCategory : lily.local/Configuration/S
ch-Smtp-Receive-Connector
ObjectClass : {top, msExchSmtpReceiveConnector
WhenChanged : 27/07/2016 12:24:15 PM
WhenCreated : 28/03/2011 3:33:10 PM
OriginatingServer : LIL-SYD-SVR01.lily.local
IsValid : True
AuthMechanism : Tls
Banner :
BinaryMimeEnabled : True
Bindings : {192.168.100.2:25}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotification
EightBitMimeEnabled : True
DomainSecureEnabled : False
EnhancedStatusCodesEnabled
LongAddressesEnabled : False
OrarEnabled : False
Fqdn : remote.domainname.com.au
Comment :
Enabled : True
ConnectionTimeout : 00:10:00
ConnectionInactivityTimeou
MessageRateLimit : unlimited
MaxInboundConnection : 5000
MaxInboundConnectionPerSou
MaxInboundConnectionPercen
MaxHeaderSize : 64KB
MaxHopCount : 30
MaxLocalHopCount : 8
MaxLogonFailures : 3
MaxMessageSize : 150240KB
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 200
PermissionGroups : AnonymousUsers
PipeliningEnabled : True
ProtocolLoggingLevel : None
RemoteIPRanges : {192.168.101.0-255.255.255
68.100.254-192.168.100.254
92.168.99.255}
RequireEHLODomain : False
RequireTLS : False
EnableAuthGSSAPI : False
ExtendedProtectionPolicy : None
ExtendedProtectionTlsTermi
Server : LIL-SYD-SVR01
SizeEnabled : Enabled
TarpitInterval : 00:00:05
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : Windows SBS Internet Receive LIL-SYD-
SVR01
DistinguishedName : CN=Windows SBS Internet Receive LIL-S
YD-SVR01,CN=SMTP Receive Connectors,C
N=Protocols,CN=LIL-SYD-SVR
rs,CN=Exchange Administrative Group (
FYDIBOHF23SPDLT),CN=Admini
oups,CN=First Organization,CN=Microso
ft Exchange,CN=Services,CN=Co
ion,DC=lily,DC=local
Identity : LIL-SYD-SVR01\Windows SBS Internet Re
ceive LIL-SYD-SVR01
Guid : f28037af-681b-4304-afe0-18
ObjectCategory : lily.local/Configuration/S
ch-Smtp-Receive-Connector
ObjectClass : {top, msExchSmtpReceiveConnector
WhenChanged : 26/07/2016 5:01:00 PM
WhenCreated : 28/03/2013 9:32:27 AM
OriginatingServer : LIL-SYD-SVR01.lily.local
IsValid : True
AuthMechanism : BasicAuth
Banner :
BinaryMimeEnabled : True
Bindings : {127.0.0.1:25}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotification
EightBitMimeEnabled : True
DomainSecureEnabled : False
EnhancedStatusCodesEnabled
LongAddressesEnabled : False
OrarEnabled : False
Fqdn : LIL-SYD-SVR01.lily.local
Comment :
Enabled : True
ConnectionTimeout : 06:00:00
ConnectionInactivityTimeou
MessageRateLimit : unlimited
MaxInboundConnection : 5000
MaxInboundConnectionPerSou
MaxInboundConnectionPercen
MaxHeaderSize : 64KB
MaxHopCount : 30
MaxLocalHopCount : 8
MaxLogonFailures : 3
MaxMessageSize : 20240KB
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 200
PermissionGroups : AnonymousUsers, ExchangeUsers
PipeliningEnabled : True
ProtocolLoggingLevel : None
RemoteIPRanges : {127.0.0.1-127.0.0.1}
RequireEHLODomain : False
RequireTLS : False
EnableAuthGSSAPI : False
ExtendedProtectionPolicy : None
ExtendedProtectionTlsTermi
Server : LIL-SYD-SVR01
SizeEnabled : Enabled
TarpitInterval : 00:00:05
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : Windows SBS Fax Sharepoint Receive LI
L-SYD-SVR01
DistinguishedName : CN=Windows SBS Fax Sharepoint Receive
LIL-SYD-SVR01,CN=SMTP Receive Connec
tors,CN=Protocols,CN=LIL-S
=Servers,CN=Exchange Administrative G
roup (FYDIBOHF23SPDLT),CN=Admin
ive Groups,CN=First Organization,CN=M
icrosoft Exchange,CN=Services,CN=Co
iguration,DC=lily,DC=local
Identity : LIL-SYD-SVR01\Windows SBS Fax Sharepo
int Receive LIL-SYD-SVR01
Guid : 69b81e2e-a85c-468d-8cce-ac
ObjectCategory : lily.local/Configuration/S
ch-Smtp-Receive-Connector
ObjectClass : {top, msExchSmtpReceiveConnector
WhenChanged : 20/04/2015 2:32:57 PM
WhenCreated : 28/03/2013 9:32:27 AM
OriginatingServer : LIL-SYD-SVR01.lily.local
IsValid : True
AuthMechanism : Tls, Integrated, BasicAuth, BasicAuth
RequireTLS, ExchangeServer
Banner :
BinaryMimeEnabled : True
Bindings : {0.0.0.0:25}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotification
EightBitMimeEnabled : True
DomainSecureEnabled : False
EnhancedStatusCodesEnabled
LongAddressesEnabled : False
OrarEnabled : False
Fqdn : LIL-SYD-SVR01.lily.local
Comment :
Enabled : True
ConnectionTimeout : 00:10:00
ConnectionInactivityTimeou
MessageRateLimit : unlimited
MaxInboundConnection : 5000
MaxInboundConnectionPerSou
MaxInboundConnectionPercen
MaxHeaderSize : 64KB
MaxHopCount : 30
MaxLocalHopCount : 8
MaxLogonFailures : 3
MaxMessageSize : 1510240KB
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 200
PermissionGroups : ExchangeUsers, ExchangeServers, Excha
ngeLegacyServers
PipeliningEnabled : True
ProtocolLoggingLevel : None
RemoteIPRanges : {192.168.100.202, 192.168.100.200, 19
2.168.100.201}
RequireEHLODomain : False
RequireTLS : False
EnableAuthGSSAPI : False
ExtendedProtectionPolicy : None
ExtendedProtectionTlsTermi
Server : LIL-SYD-SVR01
SizeEnabled : Enabled
TarpitInterval : 00:00:05
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : Printer Relay
DistinguishedName : CN=Printer Relay,CN=SMTP Receive Conn
ectors,CN=Protocols,CN=LIL
CN=Servers,CN=Exchange Administrative
Group (FYDIBOHF23SPDLT),CN=Admin
ative Groups,CN=First Organization,CN
=Microsoft Exchange,CN=Services,CN=Co
nfiguration,DC=lily,DC=loc
Identity : LIL-SYD-SVR01\Printer Relay
Guid : 74106d93-aa0a-4226-9779-0d
ObjectCategory : lily.local/Configuration/S
ch-Smtp-Receive-Connector
ObjectClass : {top, msExchSmtpReceiveConnector
WhenChanged : 31/05/2017 11:47:44 AM
WhenCreated : 26/07/2016 4:48:48 PM
OriginatingServer : LIL-SYD-SVR01.lily.local
IsValid : True
AuthMechanism : Tls, Integrated
Banner :
BinaryMimeEnabled : True
Bindings : {0.0.0.0:587}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotification
EightBitMimeEnabled : True
DomainSecureEnabled : True
EnhancedStatusCodesEnabled
LongAddressesEnabled : False
OrarEnabled : False
Fqdn : remote.domainname.com.au
Comment :
Enabled : True
ConnectionTimeout : 00:10:00
ConnectionInactivityTimeou
MessageRateLimit : unlimited
MaxInboundConnection : 5000
MaxInboundConnectionPerSou
MaxInboundConnectionPercen
MaxHeaderSize : 64KB
MaxHopCount : 30
MaxLocalHopCount : 8
MaxLogonFailures : 3
MaxMessageSize : 10MB
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 200
PermissionGroups : ExchangeUsers, ExchangeServers, Excha
ngeLegacyServers
PipeliningEnabled : True
ProtocolLoggingLevel : None
RemoteIPRanges : {0.0.0.0-255.255.255.255}
RequireEHLODomain : False
RequireTLS : False
EnableAuthGSSAPI : False
ExtendedProtectionPolicy : None
ExtendedProtectionTlsTermi
Server : LIL-SYD-SVR01
SizeEnabled : Enabled
TarpitInterval : 00:00:05
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : POP3 Sending connector on Port 587
DistinguishedName : CN=POP3 Sending connector on Port 587
,CN=SMTP Receive Connectors,CN=Protoc
ols,CN=LIL-SYD-SVR01,CN=Se
change Administrative Group (FYDIBOHF
23SPDLT),CN=Administrative
First Organization,CN=Microsoft Excha
nge,CN=Services,CN=Configu
ily,DC=local
Identity : LIL-SYD-SVR01\POP3 Sending connector
on Port 587
Guid : 84aa9889-2130-4ea0-bef4-20
ObjectCategory : lily.local/Configuration/S
ch-Smtp-Receive-Connector
ObjectClass : {top, msExchSmtpReceiveConnector
WhenChanged : 16/06/2017 6:41:20 PM
WhenCreated : 2/06/2017 4:16:15 PM
OriginatingServer : LIL-SYD-SVR01.lily.local
IsValid : True
ASKER
Sorry i did have a SPF record
v=spf1 mx a ip4:PublicIPADDRESS ?all
v=DMARC1; p=none; sp=none; rua=mailto:MYEMAIL; ruf=mailto:MYEMAIL; rf=afrf; pct=100; ri=86400
v=spf1 mx a ip4:PublicIPADDRESS ?all
v=DMARC1; p=none; sp=none; rua=mailto:MYEMAIL; ruf=mailto:MYEMAIL; rf=afrf; pct=100; ri=86400
Scan your server first.
https://www.malwarebytes.com/
Ensure your server is not an open relay
https://mxtoolbox.com/diagnostic.aspx
https://www.malwarebytes.com/
Ensure your server is not an open relay
https://mxtoolbox.com/diagnostic.aspx
ASKER
Hi Mas
I have ran malwarebytes and it only picked up the quarantine folder from Trend Micro
I also ran an open relay test and that came back good
I have attached screen shots
open-relay-test.JPG
malwarebytes-Scan.JPG
I have ran malwarebytes and it only picked up the quarantine folder from Trend Micro
I also ran an open relay test and that came back good
I have attached screen shots
open-relay-test.JPG
malwarebytes-Scan.JPG
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Well I saw, you exchange is infected with viruses you need to remove this one first.
ASKER
Hi Arif
Thanks for your information
Do we need to subscribe to a DKIM signing provider?
or
Do i generate a DKIM key and add it to the public DNS TXT record and that's it
does anything need to be added to the exchange 2007 server ?
Thanks for your information
Do we need to subscribe to a DKIM signing provider?
or
Do i generate a DKIM key and add it to the public DNS TXT record and that's it
does anything need to be added to the exchange 2007 server ?
What is the current situation?
ASKER
Hi Mas
Yesterday i scanned the server as mentioned above
i found a site suggesting to turn on recipient filtering
i turned that on but still had messages in queue so i suspended all the messages and removed them with out sending NDR
and the queue has not filled up since
But i'm not sure if that's fixed the problem because everyone in the office had shutdown there workstations for the weekend or not
recipient-filtering.JPG
Yesterday i scanned the server as mentioned above
i found a site suggesting to turn on recipient filtering
i turned that on but still had messages in queue so i suspended all the messages and removed them with out sending NDR
and the queue has not filled up since
But i'm not sure if that's fixed the problem because everyone in the office had shutdown there workstations for the weekend or not
recipient-filtering.JPG
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
-->it might be a workstation causing the problem ?
As recipient filtering was disabled there is chance workstation is infected.
As recipient filtering was disabled there is chance workstation is infected.
Hi, This happened to my back in 2014. The main reason you have those fake emails it's because a leak of a user account OR your server got hacked at some point.
Here is something you can do.
1- I don't remember the path for exchange 2007 but you need to go to the queue folder and delete all the files you see there. Dont worry if you deleted them they will re-create automatically, after doing that you need to restart the transport protocol.
Here is an example how the path looks like (C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\
2- Change all the username and password if you can't find where the leak is coming from, but I'm sure the logs will tell you.
3- Install an anti virus or anti malware followed by windows updates.
4- After doing all that keep monitoring the emails.
Here is something you can do.
1- I don't remember the path for exchange 2007 but you need to go to the queue folder and delete all the files you see there. Dont worry if you deleted them they will re-create automatically, after doing that you need to restart the transport protocol.
Here is an example how the path looks like (C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\
2- Change all the username and password if you can't find where the leak is coming from, but I'm sure the logs will tell you.
3- Install an anti virus or anti malware followed by windows updates.
4- After doing all that keep monitoring the emails.
Enogh information to confirm an answer
Exchange
Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.
213K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
You should create SPF, it will definitely help.
Run the following command to show existing Receive Connectors on the server:
Open in new window
paste the results.https://technet.microsoft.com/en-us/library/aa998618(v=exchg.80).aspx