Exchange 5.5 outgoing spam problems
#1
Scooby Regular
Thread Starter
Join Date: Oct 2002
Location: Guildford
Posts: 276
Likes: 0
Received 0 Likes
on
0 Posts
Exchange 5.5 outgoing spam problems
Hi all,
Have a problem with an Exchange 5.5 server running on NT4.It seems that the outgoing queue is full of spam emails and has now blacklisted the IP address.Problem is I can't tell how they are getting into the queue, as the originator is just <>.So am unsure if the emails are being relayed from an external source or an internal PC that is infected?
Its been a long time since I used Exchange so any help would be most appreciated...
Have run virus scans on all mailboxs but nothing was picked up..
Cheers
Simon
Have a problem with an Exchange 5.5 server running on NT4.It seems that the outgoing queue is full of spam emails and has now blacklisted the IP address.Problem is I can't tell how they are getting into the queue, as the originator is just <>.So am unsure if the emails are being relayed from an external source or an internal PC that is infected?
Its been a long time since I used Exchange so any help would be most appreciated...
Have run virus scans on all mailboxs but nothing was picked up..
Cheers
Simon
#2
Sounds like the spam is utilising the smtp service. It's been a long time since I touched 5.5.
You could setup your smtp service to only allow authenticated users assuming your clients are not using a pop/smtp client. Something like "Internet Mail Service", "Routing", "Routing Restrictions"...
You could take a look at the spam and in the header should tell you what ip sent the mail to your server. There maybe others but ignore them for now. The one that should give it away will be like:
"Received from <spammer> by <your exchange server>"
Hopefully that helps you out and I'm not teaching egg sucking
H
You could setup your smtp service to only allow authenticated users assuming your clients are not using a pop/smtp client. Something like "Internet Mail Service", "Routing", "Routing Restrictions"...
You could take a look at the spam and in the header should tell you what ip sent the mail to your server. There maybe others but ignore them for now. The one that should give it away will be like:
"Received from <spammer> by <your exchange server>"
Hopefully that helps you out and I'm not teaching egg sucking
H
#3
Forgot to say, you would most likely want to set the ip of your incoming mail server to be allowed to connect? I'm not 100% sure on what the routing restrictions did, if it affect relay or just connection...
I also remember that the IMS service must be restarted for changes to take effect? Can't remember...
I also remember that the IMS service must be restarted for changes to take effect? Can't remember...
#4
This any help?
KB - 324059How to help secure the Internet Mail Service and clean up after unsolicited commercial e-mail or spam abuse.
KB - 324059How to help secure the Internet Mail Service and clean up after unsolicited commercial e-mail or spam abuse.
Thread
Thread Starter
Forum
Replies
Last Post