Exchange 2007 keep sending out spam mails/spoofing
Hello,I have an exchange 2007 server with the following roles installed- client access- Hub transport- Mailbox. My exchange server keeps sending out spam emails which constantly put my I.P on blacklist. I try as much as possbile to remove the spam messages from the queues but the constantly appearing on the exchange queues with a SCL of -1, message source - DSN, and the "from address" is always blank.I read in a forum that says to "Create a transport rule that silently drops emails sent from "outside" your organization to "outside" your organization" but this is not working either, the spam/spoofing has been on for some months now and its getting so bad now...Please any help on this will be appereciated.Kind regards.
February 10th, 2010 10:51am
This could be a virus sending mass mail.
Are these emails being sent with specific subject? If so, you can create a transport rule to drop these email.
But this won't be your solution, it will be a workaround only.
To solve this issue, make sure to monitor your clients from your Anti-Virus server and clean the affected client.Elie B.
MCITP: EMEA|EA|SA; MCTS: Microsoft Exchange Server 2010, Configuration;
Blog: http://blog.elieb.info
Free Windows Admin Tool Kit Click here and download it now
February 10th, 2010 11:30am
Hi,Agree with Elie, have you found out which client send spam inside your organization? Message Tracking is a good tool to monitor the client conection.If there is not enough information using Message Tracking , maybe you can find it in Message track log.And please make sure you did't open relay for outside.
How to Allow Anonymous Relay on a Receive Connector<!---->
http://technet.microsoft.com/en-us/library/bb232021(EXCHG.80).aspxFrank Wang
February 12th, 2010 8:44am
Hello Frank and Elie, My apologies for replying to this post late. I have been busy plus tryin to carry out test to solve this issue. I really appereciate your replies and will be grateful if you can give me more heads-up on this problem. I have scanned all the system on my network for virus and malware and cleaned all the virus/malware found but the spam mails still keep appearing on the mail queues, I noticed the spam emails are been sent with specific subject "undeliverable" and I did create a transport rule to silently drop them but the spam emails still appear in the mail queues. Also, i have perform test with the telnet client and made sure that am not an open relay. I have enabled/installed the default anti-spam tool in exchange 2007 but this is not working either. then I used the message tracking tool as suggested and I found out the following information in the message tracking log: MessageSubject : this usually and always begin with "undeliverable:" or "undeliverable:RE" Sender : Postmaster@mydomain.org (note that mydomain.org is actually my own domain hence d spam mails appear to be sent by postmaster@mydomain.org is sending these spam emails) client IP : 172.x.x.x (this is my exchange server I.P address) ClientHost : this is also my exchange server Server IP : all the I.P that appear r I.P that i dont know, they are all external I.P's ConnectorId : My default send connector is used Also, I noticed that the spam mails sometimes uses the email address and subject that my domain users use in their own emails to send this spam emails. Please guys, i will really appereciate your reply on this because its causing me downtime for my company. Thanks and looking forward to hear from you guys. ~Kind regards*
Free Windows Admin Tool Kit Click here and download it now
February 16th, 2010 9:21am