Exchange 5.5 outgoing spam problems
03 January 2006, 06:08 PM
#1
Scooby Regular
Thread Starter
Join Date: Oct 2002
Location: Guildford
Posts: 276
Likes: 0
Received 0 Likes
on
0 Posts
Exchange 5.5 outgoing spam problems
Hi all,
Have a problem with an Exchange 5.5 server running on NT4.It seems that the outgoing queue is full of spam emails and has now blacklisted the IP address.Problem is I can't tell how they are getting into the queue, as the originator is just <>.So am unsure if the emails are being relayed from an external source or an internal PC that is infected?
Its been a long time since I used Exchange so any help would be most appreciated...
Have run virus scans on all mailboxs but nothing was picked up..
Cheers
Simon
Have a problem with an Exchange 5.5 server running on NT4.It seems that the outgoing queue is full of spam emails and has now blacklisted the IP address.Problem is I can't tell how they are getting into the queue, as the originator is just <>.So am unsure if the emails are being relayed from an external source or an internal PC that is infected?
Its been a long time since I used Exchange so any help would be most appreciated...
Have run virus scans on all mailboxs but nothing was picked up..
Cheers
Simon
03 January 2006, 07:23 PM
#2
Scooby Regular
Join Date: Nov 2001
Posts: 2,576
Likes: 0
Received 0 Likes
on
0 Posts
Sounds like the spam is utilising the smtp service. It's been a long time since I touched 5.5.
You could setup your smtp service to only allow authenticated users assuming your clients are not using a pop/smtp client. Something like "Internet Mail Service", "Routing", "Routing Restrictions"...
You could take a look at the spam and in the header should tell you what ip sent the mail to your server. There maybe others but ignore them for now. The one that should give it away will be like:
"Received from <spammer> by <your exchange server>"
Hopefully that helps you out and I'm not teaching egg sucking
H
You could setup your smtp service to only allow authenticated users assuming your clients are not using a pop/smtp client. Something like "Internet Mail Service", "Routing", "Routing Restrictions"...
You could take a look at the spam and in the header should tell you what ip sent the mail to your server. There maybe others but ignore them for now. The one that should give it away will be like:
"Received from <spammer> by <your exchange server>"
Hopefully that helps you out and I'm not teaching egg sucking
H
03 January 2006, 07:28 PM
#3
Scooby Regular
Join Date: Nov 2001
Posts: 2,576
Likes: 0
Received 0 Likes
on
0 Posts
Forgot to say, you would most likely want to set the ip of your incoming mail server to be allowed to connect? I'm not 100% sure on what the routing restrictions did, if it affect relay or just connection...
I also remember that the IMS service must be restarted for changes to take effect? Can't remember...
I also remember that the IMS service must be restarted for changes to take effect? Can't remember...
03 January 2006, 09:37 PM
#4
Moderator
Join Date: Dec 1998
Location: Staffs
Posts: 23,573
Likes: 0
Received 0 Likes
on
0 Posts
This any help?
KB - 324059How to help secure the Internet Mail Service and clean up after unsolicited commercial e-mail or spam abuse.
KB - 324059How to help secure the Internet Mail Service and clean up after unsolicited commercial e-mail or spam abuse.
Thread
Thread Starter
Forum
Replies
Last Post