+ Post New Thread
Results 1 to 4 of 4
Windows Thread, Exchange Server Being Used to Spam in Technical; For the past couple of days our Exchange server has been used to spam people. When I look through the ...
  1. #1

    Join Date
    Dec 2007
    Posts
    51
    Thank Post
    2
    Thanked 2 Times in 2 Posts
    Rep Power
    13

    Exchange Server Being Used to Spam

    For the past couple of days our Exchange server has been used to spam people. When I look through the Message tracking centre I see messages from do-not-reply@online.66fcu.org thousands of times. I have checked different knowledge bases and our server isnt an open relay from what I Can gather. Does anybody have any ideas of how to stop this?

    Thanks.

  2. #2

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,144
    Thank Post
    113
    Thanked 518 Times in 447 Posts
    Blog Entries
    2
    Rep Power
    121
    Are the people being spammed external to you and the sender IP also external to you? If so, then you do have an open relay - let me know the address of your server and I'll check if you like.

    If the sender IP address is internal then it could still be an open relay (but you may be deliberately allowing internal email to relay) - you need to check the IP the message is coming from internally and fix the machine/kill the owner :-)

    In Exchange, check the properties of the "SMTP virtual server" and make sure relaying is not allowed.

  3. #3
    Jona's Avatar
    Join Date
    May 2007
    Location
    Cranleigh
    Posts
    462
    Thank Post
    14
    Thanked 47 Times in 46 Posts
    Rep Power
    22
    I think the first thing you need to do is stop this happening, take the server offline if you have to.....

    Then you need to look at your security and tighten it up so you have to be authenticed and/or from an internal address to send messages.

    If your sure your not running an open relay someone may have a user password?

    It may be your server it's self or an internal client has been compromised, don't under estimate the potential seriousness of this.

    Cheers
    Jona
    Last edited by Jona; 27th June 2008 at 10:26 AM.

  4. #4

    maniac's Avatar
    Join Date
    Feb 2007
    Location
    Kent
    Posts
    3,037
    Thank Post
    209
    Thanked 425 Times in 306 Posts
    Rep Power
    143
    I wonder if it's the same trick someone was using on our exchange server. What they were doing is sending messages to accounts on our system that doesn't exist, so it then bounces the message from our exchange server. The trick is the message has modified headers, so the message bounces to a different address from which is was sent, with the origenal message attached, so they are effectively using your server to spam people by exploiting the default 'not delivered' policy in exchange. There is a way of changing this so it doesn't attach the origenal messgae, just merely sends a cannot be delivered message, which makes it useless for the spammers, so they'll move onto someone else.

    There is a good guide on exchange servers and spam problems here Exchange - NDR and Open Relay Spam Clean Up | Amset.info

    Mike.

SHARE:
+ Post New Thread

Similar Threads

  1. Spam filtering on an exchange 2007 box...
    By Ben_Stanton in forum How do you do....it?
    Replies: 5
    Last Post: 4th December 2007, 08:49 AM
  2. Replies: 5
    Last Post: 5th July 2007, 11:43 PM
  3. Exchange Spam Software
    By kiran in forum Windows
    Replies: 8
    Last Post: 7th March 2007, 08:09 AM
  4. Exchange Server
    By robsmith in forum Windows
    Replies: 11
    Last Post: 31st January 2007, 01:50 PM
  5. Spam, spam, spam, spam, spam, beans, sausage, spam.
    By indie in forum How do you do....it?
    Replies: 14
    Last Post: 13th June 2006, 07:39 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •