Question

Locked

Spamers are using me as a realy how do I prevent this????

By jsizer ·
I have recently installed Exchange 2007 and I have noticed that in my message queue there is tons of messages that are trying to be sent through my server that are apparently SPAM. I have been searching and searching to find out how to fix this and I cannot quite understand. One article conflicts with another article and I cannot seem to find the appropriate solution and the microsoft documentation is less then understandable! ugh!

Can someone please help me fix this. We did block port 25 in the firewall thinking that would resolve it but that didn't fix it. They are still getting through and we don't know how to plug the hole at this point.

Thanks,

Jennifer

This conversation is currently closed to new comments.

11 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Test first

by Jellimonsta In reply to Spamers are using me as a ...

Firstly, you can test your Email server to ensure it is in fact a relay. Try this site...

http://www.abuse.net/relay.html

If you are, go to server configuration>hub transport, right click your receive connector(s) and ensure 'anonymous' is not selected.

If not, it may be additional NDR traffic.

If so, expand organization configuration>Hub transport>Remote domains>Right click the default and uncheck 'allow non delivery reports'.


Regards.

Collapse -

Please check for malware

by lyon_bleu In reply to Spamers are using me as a ...

After hardening the server against inbound traffic, do you still see suspicious outbound traffic? The firewall may not offer much protection if there there is something on the LAN that is inviting the messages to be forwarded from within.

Collapse -

HOW DO I LOOK FOR MALWARE????

by jsizer In reply to Please check for malware

I need to know how can I scan my network for something that would be allowing the traffic through?

Jenn

Collapse -

A sniffer will tell you

by cmiller5400 In reply to HOW DO I LOOK FOR MALWARE ...

A packet sniffer will tell you what you want to know. If you do not know what it is, you may want to get a professional in to find out what is going on.

Other than that, a scan of all servers/workstations may be in order. make sure that they are up to date on their antivirus software and you can run Spybot S&amp to scan for malware.

Good Luck!!

Collapse -

malware

by ray4ctech In reply to A sniffer will tell you

I had jsut found 2 of my coputers in the field. They kept getting a pop-up that said there computer was infected by and named antivirus 2008. I did a quick google on it and found a utility called spyware doctor. I installed it and ran it and was able to remove it quickly.

Collapse -

Go through the list

by jdclyde In reply to HOW DO I LOOK FOR MALWARE ...

First, make sure your server is fully patched.

Make sure your AntiVirus is up-to-date and running daily.

Run AdAware by lavasoft.
Run the spyware detector by AVG.
S&amp
shreader
stinger


If you still suspect an infection, take the system down and run the scans in safe mode.

Turn off mail relay on your server.

Change the root passwords, just in case you have been compromised.

Let us know how that works out for you.

jd

Collapse -

HOW DO I TURN OFF MAIL RELAY

by jsizer In reply to Go through the list

I hear what you are saying and that is part of the issue. I am not sure how to turn off mail relay. I am new to Exchange 2007 so I am just not sure what I have to do to get this stopped...

Collapse -

Here

by Jellimonsta In reply to HOW DO I TURN OFF MAIL RE ...
Collapse -

And of course

by jdclyde In reply to Here

don't forget to mark posts as helpful if they were.

A little credit given where credit due, huh?

Collapse -

"Jammie ..... " springs to mind. <NT>

by OldER Mycroft In reply to And of course
Back to Networks Forum
11 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums