Someone keeps using my exchange server

pts.
Tags:
Exchange security
Microsoft Exchange
Spam
The queue keeps filling up. 60k messages in 6hrs. I have enabled message filtering and check there is no relay. I tested using one of the ms articles and I don't get 550 5.7.1 Unable to relay for user@spam.com -or- 250 2.1.5 user@spam.com I get unrecongized email address. I created a forward mail to {99.99.99.99} to try and stop the messages so i can clear it but they keep coming. I am trying to use this http://support.microsoft.com/kb/324958 but the queue never stops filling up. Right-click SmallBusiness SMTP Connector, and then click Properties. If you have more than one SMTP Connector, the one that you want to work with in the following steps is the one that contains the "*" (asterisk) for the SMTP address on the Address Space tab. 3. Click the General tab. Make a note of all the settings on this tab. You have to return these settings later in this article. 4. Click Forward all mail through this connector to the following smart hosts. 5. In the field provided, type a false IP address and enclose it in brackets. For example, type [99.99.99.99]. 6. Click the Deliver Options tab . 7. Click Specify when messages are sent through this connector. I checked these settings and they are correct. Verify that your Exchange computer is not an open mail relay. To do this, follow these steps:a. Click Start, point to Programs, point to Microsoft Exchange, and then click System Manager. b. In Exchange System Manager, expand the following object: ServersYour_Exchange_Server_NameProtocolsSMTP c. Right-click the virtual SMTP server where you want to prevent mail relay, and then click Properties. d. Click the Access tab, and then click Relay. e. By default, open relay is blocked. The default settings are as follows: ? The Only the list below check box is selected. ? The Allow all computers which successfully authenticate to relay, regardless of the list above check box is selected.

Answer Wiki

Thanks. We'll let you know when a new response is added.

Sounds like you need recipient filter, check out KB886208.

Discuss This Question: 5  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Shadyj
    Make sure your guest account is not enabled. If you do need it enabled, change the default password. Spammers use this method in Exchange since the default password is blank.
    0 pointsBadges:
    report
  • Sidzilla
    Another possibility is that one of the legitimate clients on your system is infected and acting as a spambot. I would see if there is any unusual network traffic from any particular client. I don't know how large your organization is, but it would only take one infected client to cause this. Filters would only work if you were blocking your legit clients in a case like that.
    0 pointsBadges:
    report
  • Petroleumman
    Hello, Couple things you did not mention, which queue is filling up? Is it the internet smtp (outbound) queue or a routing queue which could indicate a flood of inbound traffic? Is there a pattern to the messages? If your server has been hijacked and is sending spam, the messages may be all of one type to various recipients. Try taking your server off line for 30-60 minutes. Clean out your message queues then bring it back on line. If there is some type of automated attack (open relay, DoS, etc.) occuring from the outside, taking it off line can stop the process by breaking the connection and causing the attacking program to begin timing out which will often shut it down or force it to drop your server for another. While your server is off line, do some investigating for clues to the source of the messages. Double-click a message from a queue to display properties and use message tracker to try and identify the source of the rouge messages. Firewall logs can also be a good source of information as well. Good luck!
    0 pointsBadges:
    report
  • Tracybs
    I too was quite worried when I kept seeing my queues filling up with a ton of emails in a retry status. I followed all of Microsoft?s articles on properly securing my server. Anyway? it finally hit me? these are replies from your postmaster telling other people that the recipient doesn?t exist. At least that is the case on mine. Now, at least once a week I stop my SMTP Virtual Server, reconfigure my Internet Mail Connector to forward all mail to a bogus address in my network, restart the SMTP Virtual Server, and then find that forwarder in the queue. Select it and then click ?Find Messages? ? I usually set the limit to 10000 before doing this. I then sort the list making sure I didn?t catch any legitimate mail, select all of the mail from postmaster, and delete it without an NDR (non-delivery report). I then backtrack everything so I am using DNS to resolve again and I?m good to go for a few more days. It?s a pain but it works!
    0 pointsBadges:
    report
  • Calitech
    [...] From: Here jQuery(document).ready(function(){ [...]
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following