Spam Advise exchange 2003
Hi All
I am still quite new to exchange and need a little advise with regard to 2003 as I have inherited a job.
Over the weekend, our server has been sending out a lot of spam. Our isp says that some is using a users user name and password to send mail as our server does not show as an open relay and the user was authenticated. I have been asked to do the following
(see below) and wondered what the outcome of implementing this will be and what restrictions this will out on the system.
Access to mailhost blocked. Your Exchange server and Network need to be secured before release.
The line:
Received: from User ([203.45.71.222]) by companyname.co.uk with Microsoft SMTPSVC(6.0.3790.3959); Sun, 13 Mar 2011 14:51:39 +0000
Indicates that the spammer has usernames and passwords for users on your network and using them to authenticate with your server from the Internet. Once authenticated via SMTP they can legitimately send mail through your server.
As such the server is not an open relay, and open relay checks will fail as you do not give them a username and password to send with.
to fix this issue:
1. Turn off Authenticated SMTP from within Virtual SMTP server properties. (access/relay/"allow all computers..." remove tick)
Many thanks
Glenn
March 14th, 2011 10:40am
Some organizations need to allow authenticated SMTP. Therefore, another fix is to change your domain password policy, strengthening the password complexity requirements and forcing all users to change their passwords. You can also
require SSL for authenticated SMTP relay to add security.Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Free Windows Admin Tool Kit Click here and download it now
March 14th, 2011 10:56am