exchange 2003 act as spammer
On Tue, 15 Nov 2011 16:08:32 +0000, mracket wrote:
>A really simple way to avoid this is to limit port 25 connections in the firewall to only send mails from the Exchange server to the SMTP replay or and also to only allow incomming traffic on port 25 from the relay host. By doing this you have effectively
locked down the possibility for outside spammers to misuse your Exchange server.
Since you have all your _legitimate_ e-mail filtered by an external
organization it make *perfect* sense to restrict the use of this SMTP
Virtual Server to the set of IP addresses used by that organization to
send e-mail to your organization.
You should also disable the "authenticated users" permission on that
SMTP Virtual Server to prevent anyone from using an account with a
weak password from using your server as a SMTP relay.
>If the problem is comming from a computer inside your organization you need to check your smtp default connector for relay permissions and make sure that only allowed hosts can relay through your Exchange server.
Amen!
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
November 16th, 2011 1:22am
Hi everybody!
we have the following scenario:
our customer has an exchange 2003 sp2 server with windows 2003 sp2 in his enviroments; we had configured mx records to point to an external antispam mailgateway in a serverfarm; all messages coming from outside are filtered from this gateway and resend
to the exchange server; all messages to outside are filter by the gateway because we had configured exchange to send mail using the antispam gateway as relay.
In the previous days we had a lot of complais from our customer: many messagges sent in the morning are received only in the past days. So we had configured a special performance counter to monitor: The "messages sent Total" counter: we configured this
to count how many messages are sent in 900 seconds (15 minutes). (our customer is a little company, (30 exchange users).
The logged value is 2657!!!!!!!
After further analisys we had found many messages are sent during the nigh...
so what can we do to discover who is the spammer is using our customer's server ?
how can we activated a special exchange log in wich logging the submitter?
how can we secure this server?
Thanks a lot!!!
Free Windows Admin Tool Kit Click here and download it now
December 24th, 2011 8:45am
Hi,
A really simple way to avoid this is to limit port 25 connections in the firewall to only send mails from the Exchange server to the SMTP replay or and also to only allow incomming traffic on port 25 from the relay host. By doing this you have effectively
locked down the possibility for outside spammers to misuse your Exchange server.
If the problem is comming from a computer inside your organization you need to check your smtp default connector for relay permissions and make sure that only allowed hosts can relay through your Exchange server.
Hope this will help you.
/MartinExchange is a passion not just a collaboration software.
December 24th, 2011 10:53am
On Tue, 15 Nov 2011 16:08:32 +0000, mracket wrote:
>A really simple way to avoid this is to limit port 25 connections in the firewall to only send mails from the Exchange server to the SMTP replay or and also to only allow incomming traffic on port 25 from the relay host. By doing this you have effectively
locked down the possibility for outside spammers to misuse your Exchange server.
Since you have all your _legitimate_ e-mail filtered by an external
organization it make *perfect* sense to restrict the use of this SMTP
Virtual Server to the set of IP addresses used by that organization to
send e-mail to your organization.
You should also disable the "authenticated users" permission on that
SMTP Virtual Server to prevent anyone from using an account with a
weak password from using your server as a SMTP relay.
>If the problem is comming from a computer inside your organization you need to check your smtp default connector for relay permissions and make sure that only allowed hosts can relay through your Exchange server.
Amen!
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
December 24th, 2011 5:06pm