Windows Thread, Exchange Server Being Used to Spam in Technical; For the past couple of days our Exchange server has been used to spam people. When I look through the ...
27th June 2008, 10:07 AM #1
- Rep Power
Exchange Server Being Used to Spam
For the past couple of days our Exchange server has been used to spam people. When I look through the Message tracking centre I see messages from firstname.lastname@example.org thousands of times. I have checked different knowledge bases and our server isnt an open relay from what I Can gather. Does anybody have any ideas of how to stop this?
IDG Tech News
27th June 2008, 11:18 AM #2
Are the people being spammed external to you and the sender IP also external to you? If so, then you do have an open relay - let me know the address of your server and I'll check if you like.
If the sender IP address is internal then it could still be an open relay (but you may be deliberately allowing internal email to relay) - you need to check the IP the message is coming from internally and fix the machine/kill the owner :-)
In Exchange, check the properties of the "SMTP virtual server" and make sure relaying is not allowed.
27th June 2008, 11:21 AM #3
I think the first thing you need to do is stop this happening, take the server offline if you have to.....
Then you need to look at your security and tighten it up so you have to be authenticed and/or from an internal address to send messages.
If your sure your not running an open relay someone may have a user password?
It may be your server it's self or an internal client has been compromised, don't under estimate the potential seriousness of this.
Last edited by Jona; 27th June 2008 at 11:26 AM.
27th June 2008, 11:38 AM #4
I wonder if it's the same trick someone was using on our exchange server. What they were doing is sending messages to accounts on our system that doesn't exist, so it then bounces the message from our exchange server. The trick is the message has modified headers, so the message bounces to a different address from which is was sent, with the origenal message attached, so they are effectively using your server to spam people by exploiting the default 'not delivered' policy in exchange. There is a way of changing this so it doesn't attach the origenal messgae, just merely sends a cannot be delivered message, which makes it useless for the spammers, so they'll move onto someone else.
There is a good guide on exchange servers and spam problems here Exchange - NDR and Open Relay Spam Clean Up | Amset.info
By Ben_Stanton in forum How do you do....it?
Last Post: 4th December 2007, 09:49 AM
By Zoom7000 in forum Windows
Last Post: 6th July 2007, 12:43 AM
By kiran in forum Windows
Last Post: 7th March 2007, 09:09 AM
By robsmith in forum Windows
Last Post: 31st January 2007, 02:50 PM
By indie in forum How do you do....it?
Last Post: 13th June 2006, 08:39 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)