Outgoing mail from invalid
How can I block email being sent out from invalid recipients in Exchange 2010? I believe I may have an issue on my netowrk somewhere where spam is being sent out from invalid nonexistent email addresses and I want to block this, is it possible?
Thanks
June 2nd, 2011 4:17pm
Highly unlikely to be somewhere on your network with the issue.
That requires too much work on the part of the spammer. It is most likely due to a compromised account or badly configured connectors and an external host is relaying email through your server.
Exchange has no means of verifying the sender exists, so you will have to look at your connector configuration and lock down authenticated relaying. If you do not have any POP/IMAP clients which need to relay through your server then you can disable it completely.
Simon.Simon Butler, Exchange MVP
Blog |
Exchange Resources | In the UK?
Hire Me.
Free Windows Admin Tool Kit Click here and download it now
June 2nd, 2011 11:35pm
Well the Exchange 2010 server is a standard setup, so I would be surprised if anyone could relaying through it, also the customer uses postini which means all incoming mail goes through them and is scrubbed for spam and viruses. My concern is outbound
mail, and that somehow messages are being sent out from invalid accounts that do not exist. How can a non existent account send outbound email?
June 3rd, 2011 1:45am
Have you locked down connections to your SMTP server to just the Postini servers?
The fact that your email is coming through them means nothing, because if a spammer is abusing your server they will not be sending through Postini, they will be targetting the server directly. If you haven't locked down your SMTP traffic then they are able
to do that.
Exchange doesn't care what the sender address is for email that is sent over SMTP. The fact that they are invalid addresses on your domain means nothing other than the spammer knows a little more about your server - they know what domain the email is coming
from.
If the messages are still coming in, then enable logging on the Receive Connectors using EMS and then view the logs to find the source.
If you aren't doing recipient validation with Postini, then I would suggest that you enable that as well.
I wrote this for Exchange 2007, the procedure is the same for Exchange 2010.
http://exchange.sembee.info/2007/hub/filter-unknown.asp
Simon.Simon Butler, Exchange MVP
Blog |
Exchange Resources | In the UK?
Hire Me.
Free Windows Admin Tool Kit Click here and download it now
June 3rd, 2011 8:58am
Thanks Simon, on my firewall I have specified that inbound mail can be received only from a range of Postini IP addresses, inbound mail is not my concern, outbound mail on the other hand is. I am concerned that some process is generating outbound SPAM from
non exiting users on the domain, so I am wondering if there is a way to filter outbound email through the SMTP connector that verifies if the sender actually exists.
Thanks
AM
June 3rd, 2011 1:54pm
I have already said that sender validation isn't possible.
Email has to get on to the server somehow, so it is inbound email at some point.
It will not be an Outlook client because of the way that Outlook and Exchange work. The only way to find it is, as I have said, enable logging on the Receive connectors so you can see what is connecting to the server.
Simon.Simon Butler, Exchange MVP
Blog |
Exchange Resources | In the UK?
Hire Me.
Free Windows Admin Tool Kit Click here and download it now
June 3rd, 2011 9:30pm