+ Post New Thread
Results 1 to 4 of 4
Windows Thread, Exchange Server Being Used to Spam in Technical; For the past couple of days our Exchange server has been used to spam people. When I look through the ...
  1. #1

    Join Date
    Dec 2007
    Thank Post
    Thanked 2 Times in 2 Posts
    Rep Power

    Exchange Server Being Used to Spam

    For the past couple of days our Exchange server has been used to spam people. When I look through the Message tracking centre I see messages from do-not-reply@online.66fcu.org thousands of times. I have checked different knowledge bases and our server isnt an open relay from what I Can gather. Does anybody have any ideas of how to stop this?


  2. #2

    Join Date
    Aug 2005
    Thank Post
    Thanked 529 Times in 452 Posts
    Blog Entries
    Rep Power
    Are the people being spammed external to you and the sender IP also external to you? If so, then you do have an open relay - let me know the address of your server and I'll check if you like.

    If the sender IP address is internal then it could still be an open relay (but you may be deliberately allowing internal email to relay) - you need to check the IP the message is coming from internally and fix the machine/kill the owner :-)

    In Exchange, check the properties of the "SMTP virtual server" and make sure relaying is not allowed.

  3. #3
    Jona's Avatar
    Join Date
    May 2007
    Thank Post
    Thanked 51 Times in 49 Posts
    Rep Power
    I think the first thing you need to do is stop this happening, take the server offline if you have to.....

    Then you need to look at your security and tighten it up so you have to be authenticed and/or from an internal address to send messages.

    If your sure your not running an open relay someone may have a user password?

    It may be your server it's self or an internal client has been compromised, don't under estimate the potential seriousness of this.

    Last edited by Jona; 27th June 2008 at 11:26 AM.

  4. #4

    maniac's Avatar
    Join Date
    Feb 2007
    Thank Post
    Thanked 432 Times in 312 Posts
    Rep Power
    I wonder if it's the same trick someone was using on our exchange server. What they were doing is sending messages to accounts on our system that doesn't exist, so it then bounces the message from our exchange server. The trick is the message has modified headers, so the message bounces to a different address from which is was sent, with the origenal message attached, so they are effectively using your server to spam people by exploiting the default 'not delivered' policy in exchange. There is a way of changing this so it doesn't attach the origenal messgae, just merely sends a cannot be delivered message, which makes it useless for the spammers, so they'll move onto someone else.

    There is a good guide on exchange servers and spam problems here Exchange - NDR and Open Relay Spam Clean Up | Amset.info


+ Post New Thread

Similar Threads

  1. Spam filtering on an exchange 2007 box...
    By Ben_Stanton in forum How do you do....it?
    Replies: 5
    Last Post: 4th December 2007, 09:49 AM
  2. Replies: 5
    Last Post: 6th July 2007, 12:43 AM
  3. Exchange Spam Software
    By kiran in forum Windows
    Replies: 8
    Last Post: 7th March 2007, 09:09 AM
  4. Exchange Server
    By robsmith in forum Windows
    Replies: 11
    Last Post: 31st January 2007, 02:50 PM
  5. Spam, spam, spam, spam, spam, beans, sausage, spam.
    By indie in forum How do you do....it?
    Replies: 14
    Last Post: 13th June 2006, 08:39 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts