Up to 500,000 spam mails from yahoo.com.tw and hinet.net
Hi Everyone
my exchange server 2007 recived spam mails from yahoo.com.tw and (changed names).hinet.net
the spam mails received from different Ip addresses,
the Spam Queue is getting bombed (2 mails every seconed) - queqe folder size 2.7 gb !
please help me :)
August 1st, 2012 5:25am
Block by IP address of the sending server or by domain until you can get a handle on it.
What are you using for anti-spam?
Free Windows Admin Tool Kit Click here and download it now
August 1st, 2012 8:09am
Block those spam IP's straight away if you have them.
Aren't you using AS agents/Edge or a service provider?
Not subscribed to any IP Connection filtering/Reputation etc..etc..Sukh
August 1st, 2012 8:13am
Block by IP address of the sending server or by domain until you can get a handle on it.
What are you using for anti-spam?
Free Windows Admin Tool Kit Click here and download it now
August 1st, 2012 8:16am
Block those spam IP's straight away if you have them.
Aren't you using AS agents/Edge or a service provider?
Not subscribed to any IP Connection filtering/Reputation etc..etc..Sukh
August 1st, 2012 8:20am
If the messages are already in the queues, then there isn't much you can do. Tell users not to send email and then delete the queue. Exchange is simply processing the messages that have already been delivered and the queue viewer will struggle to keep up.
Unusual for Exchange 2007 to get attacked in that way, so you need to establish what method was used. Unfortunately the usual cause is admin misconfiguration, open relay, or authenticated relaying enabled on port 25.
Simon. Simon Butler, Exchange MVP
Blog |
Exchange Resources | In the UK?
Hire Me.
Free Windows Admin Tool Kit Click here and download it now
August 1st, 2012 8:23am
If the messages are already in the queues, then there isn't much you can do. Tell users not to send email and then delete the queue. Exchange is simply processing the messages that have already been delivered and the queue viewer will struggle to keep up.
Unusual for Exchange 2007 to get attacked in that way, so you need to establish what method was used. Unfortunately the usual cause is admin misconfiguration, open relay, or authenticated relaying enabled on port 25.
Simon. Simon Butler, Exchange MVP
Blog |
Exchange Resources | In the UK?
Hire Me.
August 1st, 2012 8:29am
Thank you all
ip remove from world blacklist (mxtool.com)
and we purchased spam filter from ISP
Looks much better
Free Windows Admin Tool Kit Click here and download it now
August 5th, 2012 2:08am